Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): be explicit about the GH actions versions #106

Merged
merged 1 commit into from
Sep 5, 2023
Merged

chore(deps): be explicit about the GH actions versions #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,21 +13,21 @@ jobs:
name: Unit tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '1.19'
go-version: "1.19"
- run: make unit-tests

golangci:
name: Golangci-lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '1.19'
go-version: "1.19"
- name: golangci-lint
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
with:
version: v1.53.3
49 changes: 19 additions & 30 deletions .github/workflows/container-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,72 +32,61 @@ jobs:
artifact: ${{ steps.setoutput.outputs.artifact }}
digest: ${{ steps.setoutput.outputs.digest }}
steps:
-
name: Checkout code
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2
-
name: Login to GitHub Container Registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
- name: Checkout code
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Set up QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0
- name: Login to GitHub Container Registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Retrieve tag name (main branch)
- name: Retrieve tag name (main branch)
if: ${{ startsWith(github.ref, 'refs/heads/main') }}
run: |
echo TAG_NAME=latest >> $GITHUB_ENV
-
name: Retrieve tag name (feat branch)
- name: Retrieve tag name (feat branch)
if: ${{ startsWith(github.ref, 'refs/heads/feat') }}
run: |
echo "TAG_NAME=latest-$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
-
name: Retrieve tag name (tag)
- name: Retrieve tag name (tag)
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV
-
name: Build and push container image
echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV
- name: Build and push container image
if: ${{ inputs.push-image }}
id: build-image
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
with:
context: .
file: ./Dockerfile
platforms: linux/amd64, linux/arm64
push: true
tags: |
ghcr.io/${{github.repository_owner}}/audit-scanner:${{ env.TAG_NAME }}
-
# Only build amd64 because buildx does not allow multiple platforms when
- # Only build amd64 because buildx does not allow multiple platforms when
# exporting the image to a tarball. As we use this only for end-to-end tests
# and they run on amd64 arch, let's skip the arm64 build for now.
name: Build linux/amd64 container image
if: ${{ inputs.push-image == false }}
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
outputs: type=docker,dest=/tmp/audit-scanner-image-${{ env.TAG_NAME }}.tar
tags: |
ghcr.io/${{github.repository_owner}}/audit-scanner:${{ env.TAG_NAME }}
-
name: Upload container image to use in other jobs
- name: Upload container image to use in other jobs
if: ${{ inputs.push-image == false }}
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: audit-scanner-image-${{ env.TAG_NAME }}
path: /tmp/audit-scanner-image-${{ env.TAG_NAME }}.tar
-
id: setoutput
- id: setoutput
name: Set output parameters
run: |
echo "repository=ghcr.io/${{github.repository_owner}}/audit-scanner" >> $GITHUB_OUTPUT
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/fossa.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ name: fossa scanning
on:
push:
tags:
- 'v*'
- "v*"
branches:
- 'main'
- "main"

# Declare default permissions as read only.
permissions: read-all
Expand All @@ -14,7 +14,7 @@ jobs:
fossa-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: fossas/fossa-action@f61a4c0c263690f2ddb54b9822a719c25a7b608f # v1.3.1
with:
api-key: ${{secrets.FOSSA_API_TOKEN}}
2 changes: 1 addition & 1 deletion .github/workflows/release-drafter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Drafts your next Release notes as Pull Requests are merged into "master"
- uses: release-drafter/release-drafter@65c5fb495d1e69aa8c08a3317bc44ff8aabe9772 # v5
- uses: release-drafter/release-drafter@65c5fb495d1e69aa8c08a3317bc44ff8aabe9772 # v5.24.0
# (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
# with:
# config-name: my-config.yml
Expand Down
22 changes: 12 additions & 10 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Install Golang
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: "1.19"

- name: Checkout code
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

- name: Generate CRDs
run: |
tar -czf CRDS.tar.gz -C config/crd $(ls config/crd)
- name: Upload CRDs as artifacts
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: CRDS
path: CRDS.tar.gz
Expand All @@ -61,7 +61,7 @@ jobs:

- name: Get latest release tag
id: get_last_release_tag
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |
let release = await github.rest.repos.getLatestRelease({
Expand All @@ -76,7 +76,7 @@ jobs:
core.setFailed("Cannot find latest release")

- name: Get release ID from the release created by release drafter
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |
let releases = await github.rest.repos.listReleases({
Expand All @@ -93,12 +93,12 @@ jobs:
core.setFailed(`Draft release not found`)

- name: Download SBOM artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: sbom

- name: Download CRDs artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: CRDS

Expand All @@ -107,10 +107,12 @@ jobs:

- name: Upload release assets
id: upload_release_assets
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |
let fs = require('fs');
let path = require('path');

let files = [
'audit-scanner-sbom-amd64.spdx',
'audit-scanner-sbom-amd64.spdx.cert',
Expand All @@ -128,7 +130,7 @@ jobs:
owner: context.repo.owner,
repo: context.repo.repo,
release_id: `${RELEASE_ID}`,
name: file,
name: path.basename(file),
data: file_data,
});
// store the crds asset id used it in the helm chart update
Expand All @@ -138,7 +140,7 @@ jobs:
}

- name: Publish release
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |
const {RELEASE_ID} = process.env
Expand Down
9 changes: 4 additions & 5 deletions .github/workflows/sbom.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Install cosign
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2

- name: Install the syft command
uses: kubewarden/github-actions/syft-installer@0b73198f5d655ef4ad84e423f8047044ed73fd4b # v3.1.9
Expand All @@ -30,7 +30,7 @@ jobs:
uses: kubewarden/github-actions/crane-installer@0b73198f5d655ef4ad84e423f8047044ed73fd4b # v3.1.9

- name: Login to GitHub Container Registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand Down Expand Up @@ -76,9 +76,8 @@ jobs:
cosign sign --yes \
ghcr.io/${{github.repository_owner}}/audit-scanner:${SBOM_TAG}

-
name: Upload SBOMs as artifacts
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3
- name: Upload SBOMs as artifacts
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: sbom
path: audit-scanner-sbom-*
4 changes: 2 additions & 2 deletions .github/workflows/sign-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Install cosign
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2

- name: Login to GitHub Container Registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand Down
Loading