V4

.github/workflows/generate-readme.yml

@@ -2,9 +2,34 @@ name: Generate README from templates and data files using doctool
 on:
   workflow_call:
     secrets:
-      token: 
+      token:
         description: 'Secret token from caller workflow to approve readme'
         required: true
+      entra_username:
+        description: 'Entra username for authentication'
+        required: false
+      entra_password:
+        description: 'Entra password for authentication'
+        required: false
+      command_client_id:
+        description: 'Command client ID for API authentication'
+        required: false
+      command_client_secret:
+        description: 'Command client secret for API authentication'
+        required: false
+    inputs:
+      command_token_url:
+        type: string
+        description: 'URL for obtaining command tokens'
+        required: false
+      command_hostname:
+        type: string
+        description: 'Command hostname for API endpoints'
+        required: false
+      command_base_api_path:
+        type: string
+        description: 'Base API path for the Command API'
+        required: false
 permissions:
   contents: write
 
@@ -20,8 +45,15 @@ jobs:
           path: doctool
           token: ${{ secrets.token }}
 
-      - name: Launch local doctool 
+      - name: Launch local doctool
         uses: ./doctool
         id: launch-doctool
         with:
           token: ${{ secrets.token }}
+          entra_username: ${{ secrets.entra_username }}
+          entra_password: ${{ secrets.entra_password }}
+          command_client_id: ${{ secrets.command_client_id }}
+          command_client_secret: ${{ secrets.command_client_secret }}
+          command_token_url: ${{ vars.DOCTOOL_COMMAND_TOKEN_URL }}
+          command_hostname: ${{ vars.DOCTOOL_COMMAND_HOSTNAME }}
+          command_base_api_path: ${{ vars.DOCTOOL_COMMAND_BASE_API_PATH }}

.github/workflows/github-release.yml

@@ -20,7 +20,7 @@ on:
 
 jobs:
   call-check-file-action:
-    uses: keyfactor/actions/.github/workflows/check-todos-license-headers.yml@v3
+    uses: keyfactor/actions/.github/workflows/check-todos-license-headers.yml@v4
 
   create-github-release-workflow:
     runs-on: ubuntu-latest

.github/workflows/starter.yml

@@ -5,11 +5,6 @@ on:
       token:
         description: 'GitHub token'
         required: true
-## This secret 'APPROVE_README_PUSH' is not used. 
-## Remove when the v3 bootstrap has been updated
-      APPROVE_README_PUSH:
-        description: 'Token to add-and-commit generated readme'
-        required: true  
       gpg_key:
         description: 'GPG Private Key'
         required: true
@@ -25,11 +20,35 @@ on:
       scan_token:
         description: 'Polaris token'
         required: false
-
+      entra_username:
+        description: 'Entra username for authentication'
+        required: false
+      entra_password:
+        description: 'Entra password for authentication'
+        required: false
+      command_client_id:
+        description: 'Command client ID for API authentication'
+        required: false
+      command_client_secret:
+        description: 'Command client secret for API authentication'
+        required: false
+    inputs:
+      command_token_url:
+        type: string
+        description: 'URL for obtaining command tokens'
+        required: false
+      command_hostname:
+        type: string
+        description: 'Command hostname for API endpoints'
+        required: false
+      command_base_api_path:
+        type: string
+        description: 'Base API path for the Command API'
+        required: false
 
 jobs:
   call-assign-from-json-workflow:
-    uses: Keyfactor/actions/.github/workflows/assign-env-from-json.yml@v3
+    uses: Keyfactor/actions/.github/workflows/assign-env-from-json.yml@v4
 
   call-get-primary-language:
     outputs:
@@ -78,91 +97,79 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Create an array from platform_list input #  
         id: vars
-        run: 
+        run:
           echo "platform_matrix=`cat integration-manifest.json | jq '.platform_matrix'`" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY
 
   call-create-github-release-workflow:
-    uses: Keyfactor/actions/.github/workflows/github-release.yml@v3
+    uses: Keyfactor/actions/.github/workflows/github-release.yml@v4
 
   call-dotnet-build-and-release-workflow:
-    needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow]
+    needs: [ call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow ]
     if: needs.call-get-primary-language.outputs.primary_language == 'C#'
-    uses: keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@v3
+    uses: keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@v4
     with:
       release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
       release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
       release_dir: ${{ needs.call-assign-from-json-workflow.outputs.release_dir }}
       release_project: ${{ needs.call-assign-from-json-workflow.outputs.release_project }}
-      integration_type: ${{ needs.call-assign-from-json-workflow.outputs.integration_type }} 
-    secrets: 
+      integration_type: ${{ needs.call-assign-from-json-workflow.outputs.integration_type }}
+    secrets:
       token: ${{ secrets.token  }}
 
   call-go-build-and-release-workflow:
-    needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow,call-goreleaser-exists]
-    if: needs.call-get-primary-language.outputs.primary_language == 'Go' && needs.call-goreleaser-exists.outputs.goreleaser-exists == 'true' 
-    uses: keyfactor/actions/.github/workflows/go-build-and-release.yml@v3
-    with: 
+    needs: [ call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow,call-goreleaser-exists ]
+    if: needs.call-get-primary-language.outputs.primary_language == 'Go' && needs.call-goreleaser-exists.outputs.goreleaser-exists == 'true'
+    uses: keyfactor/actions/.github/workflows/go-build-and-release.yml@v4
+    with:
       release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
-    secrets: 
+    secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
       gpg_key: ${{ secrets.gpg_key }}
       gpg_pass: ${{ secrets.gpg_pass }}
 
-  call-container-build-and-release-workflow:
-    needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow,call-goreleaser-exists,setup_platforms]
-    if: needs.call-get-primary-language.outputs.primary_language == 'Go' && needs.call-goreleaser-exists.outputs.goreleaser-exists == 'false'
-    uses: keyfactor/actions/.github/workflows/container-build-and-release.yml@v3
-    with: 
-      release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
-      platform_list: ${{ fromJson(needs.setup_platforms.outputs.platform_matrix) }}
-    secrets: 
-      docker-user: ${{ secrets.docker-user }}
-      docker-token: ${{ secrets.docker-token }}
-
-  call-maven-build-and-release-workflow:
-    needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow]
-    if: needs.call-get-primary-language.outputs.primary_language == 'Java'
-    uses: keyfactor/actions/.github/workflows/maven-build-and-release.yml@v3
-    with:
-      release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
-      release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
-      release_dir: ${{ needs.call-assign-from-json-workflow.outputs.release_dir }}
-    secrets: 
-      token: ${{ secrets.token  }}
-
   call-generate-readme-workflow:
+    permissions:
+      contents: write  # Explicitly grant write permission
     if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
-    uses: Keyfactor/actions/.github/workflows/generate-readme.yml@v3
+    uses: Keyfactor/actions/.github/workflows/generate-readme.yml@v4
+    with:
+      command_token_url: ${{ vars.COMMAND_TOKEN_URL }}
+      command_hostname: ${{ vars.COMMAND_HOSTNAME }}
+      command_base_api_path: ${{ vars.COMMAND_API_PATH }}
     secrets:
       token: ${{ secrets.token }}
+      entra_username: ${{ secrets.ENTRA_USERNAME }}
+      entra_password: ${{ secrets.ENTRA_PASSWORD }}
+      command_client_id: ${{ secrets.COMMAND_CLIENT_ID }}
+      command_client_secret: ${{ secrets.COMMAND_CLIENT_SECRET }}
 
   call-update-catalog-workflow:
     needs: call-assign-from-json-workflow
     if: needs.call-assign-from-json-workflow.outputs.update_catalog  == 'true' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
-    uses: Keyfactor/actions/.github/workflows/update-catalog.yml@v3
-    secrets: 
+    uses: Keyfactor/actions/.github/workflows/update-catalog.yml@v4
+    secrets:
       token: ${{ secrets.token }}
 
   call-repository-configuration-workflow:
     if: github.event_name == 'create' && startsWith(github.ref, 'refs/heads/release-')
-    uses: Keyfactor/actions/.github/workflows/kf-configure-repo.yml@v3
-    secrets: 
+    uses: Keyfactor/actions/.github/workflows/kf-configure-repo.yml@v4
+    secrets:
       token: ${{ secrets.token }}
 
-  # call-polaris-scan-workflow:
-  #   if: github.event_name == 'pull_request' && (startsWith(github.base_ref, 'release-') || github.base_ref == 'main')
-  #   uses: Keyfactor/actions/.github/workflows/kf-polaris-scan.yml@v3
-  #   with:
-  #     scan_branch: ${{ github.event.pull_request.head.ref }}
-  #   secrets:
-  #     token: ${{ secrets.scan_token }}
+  call-polaris-scan-workflow:
+    if: github.event_name == 'pull_request' && (startsWith(github.base_ref, 'release-') || github.base_ref == 'main')
+    uses: Keyfactor/actions/.github/workflows/kf-polaris-scan.yml@v4
+    with:
+      scan_branch: ${{ github.event.pull_request.head.ref }}
+    secrets:
+      token: ${{ secrets.scan_token }}
 
   call-post-release-workflow:
-   needs: [call-assign-from-json-workflow, call-create-github-release-workflow]
-   if: needs.call-create-github-release-workflow.outputs.IS_FULL_RELEASE == 'True'
-   uses: Keyfactor/actions/.github/workflows/kf-post-release.yml@v3
-   secrets: 
-     token: ${{ secrets.token }}
-   with:
-     branchname: ${{ github.event.pull_request.base.ref }}
-     release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
+    needs: [ call-assign-from-json-workflow, call-create-github-release-workflow ]
+    if: needs.call-create-github-release-workflow.outputs.IS_FULL_RELEASE == 'True'
+    uses: Keyfactor/actions/.github/workflows/kf-post-release.yml@v4
+    secrets:
+      token: ${{ secrets.token }}
+    with:
+      branchname: ${{ github.event.pull_request.base.ref }}
+      release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}