From 0f8f5b6572a7c24898cfb03e144b9209c878f2f5 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 20 Feb 2024 12:08:54 +0100 Subject: [PATCH 1/6] BC-6589 update gh-actions --- .github/workflows/clean.yml | 2 +- .github/workflows/push.yml | 37 +++++++++++++++++++++----------- .github/workflows/tag.yml | 4 ++-- .idea/.gitignore | 5 +++++ .idea/h5p-staticfiles-server.iml | 12 +++++++++++ .idea/modules.xml | 8 +++++++ .idea/vcs.xml | 6 ++++++ 7 files changed, 59 insertions(+), 15 deletions(-) create mode 100644 .idea/.gitignore create mode 100644 .idea/h5p-staticfiles-server.iml create mode 100644 .idea/modules.xml create mode 100644 .idea/vcs.xml diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml index 93756ca..5aac309 100644 --- a/.github/workflows/clean.yml +++ b/.github/workflows/clean.yml @@ -4,7 +4,7 @@ on: delete jobs: clean: - uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/clean_workflow.yml@main + uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/clean_workflow.yml@bc-6589 with: branch: ${{ github.event.ref }} secrets: diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index ff4de29..5d2c890 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -26,7 +26,7 @@ jobs: type=sha,enable=true,priority=600,prefix= - name: Log into registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -52,23 +52,36 @@ jobs: tags: ghcr.io/${{ github.repository }}:${{ github.sha }} labels: ${{ steps.docker_meta_img.outputs.labels }} - branch_name: + branch_meta: runs-on: ubuntu-latest outputs: - branch: ${{ steps.extract_branch.outputs.branch }} + branch: ${{ steps.extract_branch_meta.outputs.branch }} + sha: ${{ steps.extract_branch_meta.outputs.sha }} steps: - - name: Extract branch name + - name: Extract branch meta shell: bash - run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT - id: extract_branch + id: extract_branch_meta + env: + PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} + PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} + BRANCH_REF_NAME: ${{ github.ref_name}} + BRANCH_SHA: ${{ github.sha }} + run: | + if [ "${{ github.event_name }}" == 'pull_request' ]; then + echo "branch=$PR_HEAD_REF" >> $GITHUB_OUTPUT + echo "sha=$PR_HEAD_SHA" >> $GITHUB_OUTPUT + else + echo "branch=$BRANCH_REF_NAME" >> $GITHUB_OUTPUT + echo "sha=$BRANCH_SHA" >> $GITHUB_OUTPUT + fi deploy: needs: - build_and_push - - branch_name - uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@main + - branch_meta + uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@bc-6589 with: - branch: ${{ needs.branch_name.outputs.branch }} + branch: ${{ needs.branch_meta.outputs.branch }} secrets: token: ${{ secrets.GITHUB_TOKEN }} DEV_VAULT_BRB: ${{ secrets.DEV_VAULT_BRB }} @@ -90,7 +103,7 @@ jobs: trivy-vulnerability-scanning: needs: - build_and_push - - branch_name + - branch_meta runs-on: ubuntu-latest permissions: actions: read @@ -98,7 +111,7 @@ jobs: security-events: write steps: - name: run trivy vulnerability scanner - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 + uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9 with: image-ref: 'ghcr.io/${{ github.repository }}:${{ github.sha }}' format: 'sarif' @@ -107,6 +120,6 @@ jobs: ignore-unfixed: true - name: upload trivy results if: ${{ always() }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index 9009216..7cf3620 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -25,13 +25,13 @@ jobs: type=semver,pattern={{major}}.{{minor}} - name: Log into docker registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Log into quay registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 0000000..b58b603 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,5 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ diff --git a/.idea/h5p-staticfiles-server.iml b/.idea/h5p-staticfiles-server.iml new file mode 100644 index 0000000..24643cc --- /dev/null +++ b/.idea/h5p-staticfiles-server.iml @@ -0,0 +1,12 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 0000000..a8700e8 --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000..35eb1dd --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file From d31121a7bdb0c1677c77ac3908726989765577ea Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 20 Feb 2024 12:13:33 +0100 Subject: [PATCH 2/6] BC-6589 update gh-actions --- .github/workflows/push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 5d2c890..171b391 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -38,7 +38,7 @@ jobs: - name: Set up Docker Buildx if: ${{ env.IMAGE_EXISTS == 0 }} - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Build and push ${{ github.repository }} if: ${{ env.IMAGE_EXISTS == 0 }} From 317f625a990f7ff60bdf2a6e20ab66d6da5fd99a Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 20 Feb 2024 12:15:08 +0100 Subject: [PATCH 3/6] BC-6589 update gh-actions --- .github/workflows/push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 171b391..3462ff7 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -18,7 +18,7 @@ jobs: - name: Docker meta Service Name id: docker_meta_img - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ghcr.io/${{ github.repository }} tags: | @@ -38,7 +38,7 @@ jobs: - name: Set up Docker Buildx if: ${{ env.IMAGE_EXISTS == 0 }} - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@v3 - name: Build and push ${{ github.repository }} if: ${{ env.IMAGE_EXISTS == 0 }} From 07b0483b5ba64657d6c71e603299c144f3570003 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Wed, 21 Feb 2024 16:05:10 +0100 Subject: [PATCH 4/6] BC-6589 update gh-actions --- .github/workflows/clean.yml | 2 +- .github/workflows/push.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml index 5aac309..93756ca 100644 --- a/.github/workflows/clean.yml +++ b/.github/workflows/clean.yml @@ -4,7 +4,7 @@ on: delete jobs: clean: - uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/clean_workflow.yml@bc-6589 + uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/clean_workflow.yml@main with: branch: ${{ github.event.ref }} secrets: diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 3462ff7..28eccd5 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -79,7 +79,7 @@ jobs: needs: - build_and_push - branch_meta - uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@bc-6589 + uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@main with: branch: ${{ needs.branch_meta.outputs.branch }} secrets: From 743a2bc84f17e3be7656703f0f2254be64b1f651 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Wed, 21 Feb 2024 16:06:48 +0100 Subject: [PATCH 5/6] BC-6589 update gh-actions --- .gitignore | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..faa7717 --- /dev/null +++ b/.gitignore @@ -0,0 +1,16 @@ +.vagrant +.vscode +.project +.pydevproject +.settings +.idea +*.DS_Store +nbproject +*__pycache__ +*.pyc +*egg-info +*.log +tests +secrets +*.swp +venv From b2ccc434f449a3b6a6e0130083f754c540d37988 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Wed, 21 Feb 2024 16:08:08 +0100 Subject: [PATCH 6/6] BC-6589 update gh-actions --- .idea/.gitignore | 5 ----- .idea/h5p-staticfiles-server.iml | 12 ------------ .idea/modules.xml | 8 -------- .idea/vcs.xml | 6 ------ 4 files changed, 31 deletions(-) delete mode 100644 .idea/.gitignore delete mode 100644 .idea/h5p-staticfiles-server.iml delete mode 100644 .idea/modules.xml delete mode 100644 .idea/vcs.xml diff --git a/.idea/.gitignore b/.idea/.gitignore deleted file mode 100644 index b58b603..0000000 --- a/.idea/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -# Default ignored files -/shelf/ -/workspace.xml -# Editor-based HTTP Client requests -/httpRequests/ diff --git a/.idea/h5p-staticfiles-server.iml b/.idea/h5p-staticfiles-server.iml deleted file mode 100644 index 24643cc..0000000 --- a/.idea/h5p-staticfiles-server.iml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - - - - - - - \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml deleted file mode 100644 index a8700e8..0000000 --- a/.idea/modules.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml deleted file mode 100644 index 35eb1dd..0000000 --- a/.idea/vcs.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file