merge: #11600 #11653

11600: deps(.github): bump hashicorp/vault-action from 2.4.2 to 2.4.3 r=github-actions[bot] a=dependabot[bot] Bumps [hashicorp/vault-action](https://github.com/hashicorp/vault-action) from 2.4.2 to 2.4.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault-action/releases">hashicorp/vault-action's releases</a>.</em></p> <blockquote> <h2>v2.4.3</h2> <h2>Improvements</h2> <ul> <li>bump jest-when from 3.5.1 to 3.5.2 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/388">GH-388</a></li> <li>bump semantic-release from 19.0.3 to 19.0.5 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/360">GH-360</a></li> <li>bump jsrsasign from 10.5.25 to 10.5.27 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/358">GH-358</a></li> <li>bump <code>`@actions/core</code>` from 1.9.0 to 1.10.0 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/371">GH-371</a></li> <li>update runtime to node16 for action <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/375">GH-375</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/vault-action/blob/main/CHANGELOG.md">hashicorp/vault-action's changelog</a>.</em></p> <blockquote> <h2>2.4.3 (Nov 8th, 2022)</h2> <p>Improvements:</p> <ul> <li>bump jest-when from 3.5.1 to 3.5.2 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/388">GH-388</a></li> <li>bump semantic-release from 19.0.3 to 19.0.5 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/360">GH-360</a></li> <li>bump jsrsasign from 10.5.25 to 10.5.27 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/358">GH-358</a></li> <li>bump <code>`@actions/core</code>` from 1.9.0 to 1.10.0 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/371">GH-371</a></li> <li>update runtime to node16 for action <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/375">GH-375</a></li> </ul> <h2>2.4.2 (Aug 15, 2022)</h2> <p>Bugs:</p> <ul> <li>Errors due to replication delay for tokens will now be retried <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/333">GH-333</a></li> </ul> <p>Improvements:</p> <ul> <li>bump got from 11.5.1 to 11.8.5 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/344">GH-344</a></li> </ul> <h2>2.4.1 (April 28th, 2022)</h2> <p>Improvements:</p> <ul> <li>Make secrets parameter optional <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/299">GH-299</a></li> <li>auth/jwt: make "role" input optional <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/291">GH-291</a></li> <li>Write a better error message when secret not found <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/306">GH-306</a></li> <li>bump jest-when from 2.7.2 to 3.5.1 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/294">GH-294</a></li> <li>bump node-fetch from 2.6.1 to 2.6.7 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/308">GH-308</a></li> <li>bump <code>`@types/jest</code>` from 26.0.23 to 27.4.1 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/297">GH-297</a></li> <li>bump trim-off-newlines from 1.0.1 to 1.0.3 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/309">GH-309</a></li> <li>bump moment from 2.28.0 to 2.29.2 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/304">GH-304</a></li> <li>bump <code>`@types/got</code>` from 9.6.11 to 9.6.12 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/266">GH-266</a></li> </ul> <h2>2.4.0 (October 21st, 2021)</h2> <p>Features:</p> <ul> <li>GitHub provided JWT auth is now supported <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/257">GH-257</a></li> </ul> <h2>2.3.1 (August 23rd, 2021)</h2> <p>Improvements:</p> <ul> <li>bump normalize-url from 4.5.0 to 4.5.1 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/227">GH-227</a></li> <li>bump path-parse from 1.0.6 to 1.0.7 <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/239">GH-239</a></li> </ul> <h2>2.3.0 (June 23rd, 2021)</h2> <p>Features:</p> <ul> <li>K8s auth method is now supported <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/218">GH-218</a></li> <li>Custom auth method mount points is configurable <a href="https://github-redirect.dependabot.com/hashicorp/vault-action/pull/218">GH-218</a></li> </ul> <h2>2.2.0 (May 6th, 2021)</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/vault-action/commit/8fa61e909919a3f94952e9e07ace6b5a1114440b"><code>8fa61e9</code></a> Update to v2.4.3 (<a href="https://github-redirect.dependabot.com/hashicorp/vault-action/issues/395">#395</a>)</li> <li><a href="https://github.com/hashicorp/vault-action/commit/132f1c693085392ea53f2fb202e43445c84f6e51"><code>132f1c6</code></a> chore(deps-dev): bump jest-when from 3.5.1 to 3.5.2 (<a href="https://github-redirect.dependabot.com/hashicorp/vault-action/issues/388">#388</a>)</li> <li><a href="https://github.com/hashicorp/vault-action/commit/f558cc7838db10d476f406aab951c985c0b2ee8f"><code>f558cc7</code></a> chore(deps-dev): bump semantic-release from 19.0.3 to 19.0.5 (<a href="https://github-redirect.dependabot.com/hashicorp/vault-action/issues/360">#360</a>)</li> <li><a href="https://github.com/hashicorp/vault-action/commit/d0e05af6a3892c845bc5b7f0e686fae690f00c16"><code>d0e05af</code></a> chore(deps): bump jsrsasign from 10.5.25 to 10.5.27 (<a href="https://github-redirect.dependabot.com/hashicorp/vault-action/issues/358">#358</a>)</li> <li><a href="https://github.com/hashicorp/vault-action/commit/1f8e723e55bb884e81203fd020a6ecaa2aab37eb"><code>1f8e723</code></a> change example to vault-action@v2 (<a href="https://github-redirect.dependabot.com/hashicorp/vault-action/issues/391">#391</a>)</li> <li><a href="https://github.com/hashicorp/vault-action/commit/32d00a142fe85829f2847283bff88a8a579641ec"><code>32d00a1</code></a> update changelog (<a href="https://github-redirect.dependabot.com/hashicorp/vault-action/issues/386">#386</a>)</li> <li><a href="https://github.com/hashicorp/vault-action/commit/32838a0d48bc1a2af6fff49957a16e0298b980da"><code>32838a0</code></a> jira-sync: update the team to applications (<a href="https://github-redirect.dependabot.com/hashicorp/vault-action/issues/380">#380</a>)</li> <li><a href="https://github.com/hashicorp/vault-action/commit/ed59bea637122086d835b79e1962fe22c78212f5"><code>ed59bea</code></a> chore(deps-dev): bump <code>`@actions/core</code>` from 1.9.0 to 1.10.0 (<a href="https://github-redirect.dependabot.com/hashicorp/vault-action/issues/371">#371</a>)</li> <li><a href="https://github.com/hashicorp/vault-action/commit/2537991e61dee26805026fa8e05bb59e6fe2c663"><code>2537991</code></a> use node16 in <code>action.yml</code> (<a href="https://github-redirect.dependabot.com/hashicorp/vault-action/issues/375">#375</a>)</li> <li>See full diff in <a href="https://github.com/hashicorp/vault-action/compare/v2.4.2...v2.4.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hashicorp/vault-action&package-manager=github_actions&previous-version=2.4.2&new-version=2.4.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> 11653: fix(ci): backport action from main to stable branch r=deepthidevaki a=deepthidevaki ## Description The action must be available in stable branches for the qa/e2e workflows from main to run successfully on the stable branches. Related to #11651 QA was started successfully on this branch, with the fix #11651 https://github.com/camunda/zeebe/actions/runs/4173106758/jobs/7225043063 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Deepthi Devaki Akkoorath <deepthidevaki@gmail.com>
camunda · Feb 14, 2023 · ab64c48 · ab64c48
3 parents 2f0ddad + 8fc560b + 1ec4750
commit ab64c48
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 3 deletions.
diff --git a/.github/actions/build-push-docker-gcr/action.yml b/.github/actions/build-push-docker-gcr/action.yml
@@ -0,0 +1,86 @@
+name: Build and push images for given branch
+description: Builds the Zeebe Docker image with tag following SemVer and push it gcr.io/
+
+inputs:
+  branch:
+    description: 'Specifies the branch, for which the image should be build'
+    default: 'main'
+    required: false
+  secret_vault_address:
+    description: 'secret vault url'
+    required: true
+  secret_vault_roleId:
+    description: 'secret vault roleId'
+    required: true
+  secret_vault_secretId:
+    description: 'secret valut secret id'
+    required: true
+
+outputs:
+  image:
+    description: "Fully qualified image name"
+    value: ${{ steps.build-docker.outputs.image }}
+
+runs:
+  using: composite
+  steps:
+    # Dynamic environment variables are not supported by GHA
+    # https://brandur.org/fragments/github-actions-env-vars-in-env-vars
+    #
+    # Since we run the workflow either on demand or via schedule we need to assign some defaults
+    # Furthermore we have branches like stable/1.0 where we have to replace certain patterns, in order to use the branch name as docker image tag
+    - id: evaluate-inputs
+      name: Evaluate Inputs
+      shell: bash
+      run: |
+        branch=${BRANCH/\//-}
+        branch=${branch//\./-}
+        branch=${branch:-main}
+        echo "BRANCH_NAME=$branch" >> $GITHUB_ENV
+      env:
+        BRANCH: "${{ inputs.branch }}"
+    # We need to check out the evaluated branch and setup java (incl. maven), so we can retrieve the current project version
+    # The version is necessary, since CC Saas only accepts SemVer for docker image tags (need to start with a version tag)
+    - uses: actions/checkout@v3
+      with:
+        ref: "${{ github.event.inputs.branch }}"
+    # Also setup java
+    - uses: ./.github/actions/setup-zeebe
+      with:
+        secret_vault_secretId: ${{ inputs.secret_vault_secretId }}
+        secret_vault_address: ${{ inputs.secret_vault_address }}
+        secret_vault_roleId: ${{ inputs.secret_vault_roleId }}
+    # Set further environment variables, which are needed for the QA Testbench run
+    - id: generate-tag
+      name: Generate image tag
+      shell: bash
+      run: |
+        version=$(mvn help:evaluate -q -DforceStdout -D"expression=project.version")
+        tag="$version-$BRANCH_NAME-${GITHUB_SHA::8}"
+        echo "TAG=$tag" >> $GITHUB_ENV
+    - name: Import Secrets
+      id: secrets
+      uses: hashicorp/vault-action@v2
+      with:
+        url: ${{ inputs.secret_vault_address }}
+        method: approle
+        roleId: ${{ inputs.secret_vault_roleId }}
+        secretId: ${{ inputs.secret_vault_secretId }}
+        secrets: |
+          secret/data/products/zeebe/ci/zeebe ZEEBE_GCR_SERVICEACCOUNT_JSON;
+    - name: Login to GCR
+      uses: docker/login-action@v2
+      with:
+        registry: gcr.io
+        username: _json_key
+        password: ${{ steps.secrets.outputs.ZEEBE_GCR_SERVICEACCOUNT_JSON }}
+    - uses: ./.github/actions/build-zeebe
+      id: build-zeebe
+    - name: build-docker
+      id: build-docker
+      uses: ./.github/actions/build-docker
+      with:
+        repository: "gcr.io/zeebe-io/zeebe"
+        version: ${{ env.TAG }}
+        push: true
+        distball: ${{ steps.build-zeebe.outputs.distball }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -451,7 +451,7 @@ jobs:
       - uses: actions/checkout@v3
       - name: Import Secrets
         id: secrets
-        uses: hashicorp/vault-action@v2.4.2
+        uses: hashicorp/vault-action@v2.4.3
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle
@@ -486,7 +486,7 @@ jobs:
       - uses: actions/checkout@v3
       - name: Import Secrets
         id: secrets
-        uses: hashicorp/vault-action@v2.4.2
+        uses: hashicorp/vault-action@v2.4.3
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle

diff --git a/.github/workflows/qa-testbench.yaml b/.github/workflows/qa-testbench.yaml
@@ -64,7 +64,7 @@ jobs:
 
       - name: Import Secrets
         id: secrets
-        uses: hashicorp/vault-action@v2.4.2
+        uses: hashicorp/vault-action@v2.4.3
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle