Skip to content

Commit

Permalink
Merge main into v2
Browse files Browse the repository at this point in the history
  • Loading branch information
@greenbonebot
greenbonebot committed Jul 10, 2023
2 parents 1112400 + 6a715e3 commit 6c9c3a6
Show file tree
Hide file tree
Showing 11 changed files with 91 additions and 58 deletions.
2 changes: 2 additions & 0 deletions container-build-push-3rd-gen/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ runs:
build-args: ${{ inputs.build-args }}
cosign-key: ${{ inputs.cosign-key }}
cosign-key-password: ${{ inputs.cosign-key-password }}
# The tlog function does not currently support an ed25519 key.
cosign-tlog-upload: "false"
image-url: ${{ inputs.image-url }}
image-labels: ${{ inputs.image-labels }}
image-tags: |
Expand Down
29 changes: 15 additions & 14 deletions container-build-push-generic/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,17 +36,18 @@ jobs:

## Inputs

| Name | Description | |
|---------------------|-----------------------------------------------------|----------|
| build-context | Path to image build context. Default "." | Optional |
| build-docker-file | Path to the docker file. Default "./Dockerfile" | Optional |
| build-args | Use these build-args for the docker build process. | Optional |
| cosign-key | cosign key to sign the image. | Optional |
| cosign-key-password | cosign key password. | Optional |
| image-labels | Image labels. | Required |
| image-url | Image url/name without registry. | Required |
| image-platforms | Image platforms to build for. Default "linux/amd64" | Optional |
| image-tags | Image tags. | Required |
| registry | Registry url. | Required |
| registry-username | Login registry username. | Required |
| registry-password | Login registry password. | Required |
| Name | Description | |
|---------------------|-------------------------------------------------------------------------------------------------|----------|
| build-context | Path to image build context. Default "." | Optional |
| build-docker-file | Path to the docker file. Default "./Dockerfile" | Optional |
| build-args | Use these build-args for the docker build process. | Optional |
| cosign-key | cosign key to sign the image. | Optional |
| cosign-key-password | cosign key password. | Optional |
| cosign-tlog-upload | Turn on or turn off the cosign tlog upload function. Possible options: true/false Default: true | Optional |
| image-labels | Image labels. | Required |
| image-url | Image url/name without registry. | Required |
| image-platforms | Image platforms to build for. Default "linux/amd64" | Optional |
| image-tags | Image tags. | Required |
| registry | Registry url. | Required |
| registry-username | Login registry username. | Required |
| registry-password | Login registry password. | Required |
17 changes: 9 additions & 8 deletions container-build-push-generic/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ description: Generic container build and push action.

inputs:
build-context:
description: "Path to image build context."
description: "Path to image build context. Default: ."
type: string
default: .
build-docker-file:
description: "Path to the docker file."
description: "Path to the docker file. Default: ./Dockerfile"
type: string
default: ./Dockerfile
build-args:
Expand All @@ -22,6 +22,9 @@ inputs:
description: "cosign key password."
type: string
default: ''
cosign-tlog-upload:
description: "Turn on or turn off the cosign tlog upload function. Possible options: true/false Default: true"
default: "true"
image-labels:
description: "Image labels."
type: string
Expand All @@ -35,7 +38,7 @@ inputs:
type: string
required: true
image-platforms:
description: "Image platforms to build for."
description: "Image platforms to build for. Default: linux/amd64"
type: string
default: linux/amd64
registry:
Expand All @@ -58,9 +61,6 @@ branding:
runs:
using: "composite"
steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Setup container meta information
id: meta
uses: docker/metadata-action@v4
Expand Down Expand Up @@ -96,7 +96,8 @@ runs:
if: ${{ github.event_name != 'pull_request' }}
uses: greenbone/actions/container-signing@v2
with:
image-tags: ${{ steps.meta.outputs.tags }}
image-digest: ${{ steps.build-and-push.outputs.digest }}
cosign-key: ${{ inputs.cosign-key }}
cosign-key-password: ${{ inputs.cosign-key-password }}
cosign-tlog-upload: ${{ inputs.cosign-tlog-upload }}
image-tags: ${{ steps.meta.outputs.tags }}
image-digest: ${{ steps.build-and-push.outputs.digest }}
1 change: 1 addition & 0 deletions container-signing/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,3 +71,4 @@ jobs:
|image-digest|Set the digest from the docker build and push action e.g the output of steps.build-and-push.outputs.digest.|Required|
|cosign-key-password|Set the cosign key password, if not set a keyless signature will be created.|Optional|
|cosign-key|Set the cosign key, if not set a keyless signature will be created.|Optional|
|cosign-tlog-upload|Turn on or turn off the cosign tlog upload function. Possible options: true/false Default: true|Optional|
22 changes: 17 additions & 5 deletions container-signing/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,11 @@ inputs:
required: true
cosign-key-password:
description: "Set the cosign key password, if not set a keyless signature will be created."
required: false
cosign-key:
description: "Set the cosign key, if not set a keyless signature will be created."
required: false
cosign-tlog-upload:
description: "Turn on or turn off the cosign tlog upload function. Possible options: true/false Default: true"
default: "true"

branding:
icon: "package"
Expand All @@ -31,10 +32,21 @@ runs:
COSIGN_KEY: ${{ inputs.cosign-key }}
run: |
echo "${{ inputs.image-tags }}" | \
xargs -I {} cosign sign -y -r --key env://COSIGN_KEY {}@${{ inputs.image-digest }}
xargs -I {} \
cosign sign \
--tlog-upload=${{ inputs.cosign-tlog-upload }} \
-y \
-r \
--key env://COSIGN_KEY \
{}@${{ inputs.image-digest }}
- name: Sign the published Container Image (Keyless)
if: ${{ !inputs.cosign-key-password || !inputs.cosign-key }}
shell: bash
run: |
echo "${{ inputs.image-tags }}" | \
xargs -I {} cosign sign -y -r {}@${{ inputs.image-digest }}
echo "${{ inputs.image-tags }}" | \
xargs -I {} \
cosign sign \
--tlog-upload=${{ inputs.cosign-tlog-upload }} \
-y \
-r \
{}@${{ inputs.image-digest }}
4 changes: 3 additions & 1 deletion conventional-commits/action/commits.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,8 @@ async def run(self) -> int:
try:
json = e.response.json()
message = json.get("message")
# some response have links to the docs
doc_url = json.get("documentation_url", "")
except JSONDecodeError:
message = None

Expand All @@ -149,7 +151,7 @@ async def run(self) -> int:
"Could not create Pull Request comment. A HTTP "
f"{e.response.status_code} error occurred while doing "
f"a {e.request.method} request to {e.request.url}. "
f"Error was {message}"
f"Error was '{message}'. {doc_url}"
) from e
else:
raise CommitsError(
Expand Down
3 changes: 1 addition & 2 deletions coverage-python/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: "An action to upload coverage to codecov.io for Python package by u

inputs:
version:
description: "Python version that should be installed. Deprecated: Use `python-version` input instead."
description: "Deprecated: Use `python-version` input instead. version input is ignored."
deprecationMessage: "version input is deprecated. Please use `python-version` input instead."
python-version:
description: "Python version that should be installed"
Expand Down Expand Up @@ -44,7 +44,6 @@ runs:
- name: Install poetry
uses: greenbone/actions/poetry@v2
with:
version: ${{ inputs.version }}
python-version: ${{ inputs.python-version }}
poetry-version: ${{ inputs.poetry-version }}
cache: ${{ inputs.cache }}
Expand Down
5 changes: 4 additions & 1 deletion dependency-review/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,7 @@ runs:
BSD-2-Clause AND BSD-3-Clause,
MIT OR Apache-2.0,
MIT AND Python-2.0,
(Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT)
(Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT),
(MIT OR Apache-2.0) AND Unicode-DFS-2016,
MIT/Apache-2.0
21 changes: 11 additions & 10 deletions helm-build-push/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,17 @@ jobs:

## Action Configuration

|Input Variable|Description| |
|--------------|-----------|-|
| charts-path | Path to charts base folder | Optional(default ./charts) |
| chart-name | Chart to build and push | Required |
| registry | registry to push | Optional(default ghcr.io) |
| registry-subpath| Registry subpath to place the helm chart in | Optional |
| registry-user | Registry login user | Required |
| registry-token | Registry login password/token | Required |
| gpg-secret-key | Base64 encoded gpg secret key for chart sign | Optional |
| gpg-secret-name | Gpg secret key name from gpg secret key | Optional |
| Input Variable | Description | |
|-------------------------|---------------------------------------------------------------------------------|----------|
| charts-path | Path to charts base folder. Default: ./charts | Optional |
| chart-name | Chart to build and push. | Required |
| registry | registry name. Default: ghcr.io | Optional |
| registry-subpath | Registry subpath to push the helm chart to. | Optional |
| registry-user | Registry login user. | Required |
| registry-token | Registry login password/token. | Required |
| gpg-secret-name | Gpg secret key name from gpg secret key. Needed to use gpg sign. | Optional |
| gpg-secret-key | Base64 encoded gpg secret key for chart sign. Needed if gpg-secret-name is set. | Optional |
| gpg-secret-key-password | The password for the gpg secret key. Needed if gpg-secret-name is set. | Optional |

## Action Output

Expand Down
43 changes: 27 additions & 16 deletions helm-build-push/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,35 +2,38 @@ name: Helm build and push chart
description: Push helm chart to OCI-based registries
inputs:
charts-path:
description: Path to charts base folder
description: "Path to charts base folder. Default: ./charts"
default: ./charts
chart-name:
description: "Chart to build and push"
description: "Chart to build and push."
required: true
registry:
description: Registry
description: "Registry name. Default: ghcr.io"
default: "ghcr.io"
registry-subpath:
description: Registry subpath to place the helm chart in
description: "Registry subpath to push the helm chart to."
registry-user:
description: Registry login user
description: "Registry login user."
required: true
registry-token:
description: Registry login password/token
description: "Registry login password/token."
required: true
gpg-secret-name:
description: "Gpg secret key name from gpg secret key. Needed to use gpg sign."
required: false
gpg-secret-key:
description: Base64 encoded gpg secret key for chart sign
description: "Base64 encoded gpg secret key for chart sign. Required if gpg-secret-name is set."
required: false
gpg-secret-name:
description: Gpg secret key name from gpg secret key
gpg-secret-key-password:
description: "The password for the gpg secret key. Required if gpg-secret-name is set."
required: false

outputs:
tag:
description: Helm chart url's with tag.
description: "Helm chart url's with tag."
value: ${{ steps.push.outputs.tag }}
digest:
description: The helm chart digest.
description: "The helm chart digest."
value: ${{ steps.push.outputs.digest }}

branding:
Expand All @@ -52,33 +55,40 @@ runs:
shell: bash
run: |
echo "${{ inputs.gpg-secret-key }}" | base64 -d > /tmp/secret-key.gpg
echo "${{ inputs.gpg-secret-key-password }}" > /tmp/secret-key-password
chmod 0600 /tmp/secret-key.gpg
chmod 0600 /tmp/secret-key-password
- name: Update chart dependencies
shell: bash
run: |
helm dependency update "${{ inputs.charts-path }}/${{ inputs.chart-name }}"
- name: Build and signing
id: build
shell: bash
run: |
chart="${{ inputs.charts-path }}/${{ inputs.chart-name }}"
# Load helm chart dependency's
helm dependency update "$chart"
# Build helm chart
# The stderr into stdout redirection
# is needed to get the chart file name
if [ "${{ inputs.gpg-secret-name }}" ]; then
echo "Sign used"
output="$(helm package \
--sign \
--key "${{ inputs.gpg-secret-name }}" \
--key '${{ inputs.gpg-secret-name }}' \
--keyring /tmp/secret-key.gpg \
--passphrase-file /tmp/secret-key-password \
"$chart" \
2>&1)"
else
echo "No sign used"
output="$(helm package "$chart" 2>&1)"
fi
echo "$output"
# Get helm chart tgz file name
chart_file="${output##*/}"
# Check if output is correct
if ! [ -f "$chart_file" ]; then
echo "$output"
echo "Chart filename: $chart_file"
echo "Chart filename: $chart_file not found."
exit 1
fi
# Echo outputs
Expand Down Expand Up @@ -112,3 +122,4 @@ runs:
rm -f "${{ steps.build.outputs.chart-file }}"
rm -f "${{ steps.build.outputs.chart-file }}.prov"
rm -f /tmp/secret-key.gpg
rm -f /tmp/secret-key-password
2 changes: 1 addition & 1 deletion mypy-python/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ inputs:
description: "Python packages to check with mypy"
deprecationMessage: "packages input is deprecated. Please use `mypy-arguments` input instead."
version:
description: "Python version that should be installed. Deprecated: Use `python-version` input instead."
description: "Deprecated: Use `python-version` input instead. version input is ignored."
deprecationMessage: "version input is deprecated. Please use `python-version` input instead."
mypy-arguments:
description: "Additional arguments for running mypy"
Expand Down

0 comments on commit 6c9c3a6

Please sign in to comment.