Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use reusable workflow to build the release #326

Merged
merged 2 commits into from
Jun 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 0 additions & 68 deletions .github/workflows/build-push-docker-image.yml

This file was deleted.

97 changes: 3 additions & 94 deletions .github/workflows/daily-security-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,97 +6,6 @@ on:
workflow_dispatch:

jobs:
security:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repo
uses: actions/checkout@v2

# PHP checks
- name: Check for php composer project
id: check_composer
uses: andstor/file-existence-action@v2
with:
files: "composer.lock"
- name: Vulnerability check
run: php composer audit
if: steps.check_composer.outputs.files_exists == 'true'

# node-yarn checks
- name: Check for node-yarn project
id: check_node_yarn
uses: andstor/file-existence-action@v2
with:
files: "yarn.lock"
- name: Setup node
if: steps.check_node_yarn.outputs.files_exists == 'true'
uses: actions/setup-node@v3
with:
node-version: 14
- name: Yarn Audit
if: steps.check_node_yarn.outputs.files_exists == 'true'
run: yarn audit --level high --groups dependencies optionalDependencies

# node-npm checks
- name: Check for node-npm project
id: check_node_npm
uses: andstor/file-existence-action@v2
with:
files: "package.lock"
- name: Setup node
if: steps.check_node_npm.outputs.files_exists == 'true'
uses: actions/setup-node@v3
with:
node-version: 14
- name: npm audit
if: steps.check_node_npm.outputs.files_exists == 'true'
run: npm audit --audit-level=high

# python checks
- name: Check for python project
id: check_python
uses: andstor/file-existence-action@v2
with:
files: "requirements.txt"
- name: Safety checks Python dependencies
if: steps.check_python.outputs.files_exists == 'true'
uses: pyupio/[email protected]

# java checks
- name: Check for java maven project
id: check_maven
uses: andstor/file-existence-action@v2
with:
files: "pom.xml"
- name: Setup java if needed
if: steps.check_maven.outputs.files_exists == 'true'
uses: actions/setup-java@v3
with:
java-version: 11
distribution: 'temurin'
cache: 'maven'
- name: Set up maven cache if needed
if: steps.check_maven.outputs.files_exists == 'true'
uses: actions/cache@v1
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Check java
if: steps.check_maven.outputs.files_exists == 'true'
run: mvn org.owasp:dependency-check-maven:check

# Send results
- name: Send to Slack if something failed
if: failure()
uses: rtCamp/action-slack-notify@v2
env:
SLACK_CHANNEL: surfconext-nightly-check
SLACK_COLOR: ${{ job.status }}
SLACK_ICON: https://static.surfconext.nl/logos/idp/surfnet.png
SLACK_MESSAGE: 'Dependency check failed :crying_cat_face:'
SLACK_TITLE: ${{ github.repository }} wants attention
SLACK_USERNAME: NightlySecurityCheck
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
call-workflow-passing-data:
name: Daily security check (Reusable Workflow)
uses: openconext/openconext-githubactions/.github/workflows/daily-security-check.yml@main
12 changes: 12 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: release

on:
push:
tags:
- "*.*.*"

jobs:
build-release-and-push-container:
uses: openconext/openconext-githubactions/.github/workflows/symfony-release.yml@main
with:
component_name: "Stepup-RA"
52 changes: 0 additions & 52 deletions .github/workflows/tag-release.yml

This file was deleted.