diff --git a/.github/workflows/dependabot-to-jira.yml b/.github/workflows/dependabot-to-jira.yml index 8f750cd3..3e444903 100644 --- a/.github/workflows/dependabot-to-jira.yml +++ b/.github/workflows/dependabot-to-jira.yml @@ -15,6 +15,9 @@ jobs: steps: - name: create ticket id: create_ticket + env: + PR_TITLE: ${{ github.event.pull_request.title }} + PR_HTML_URL: ${{ github.event.pull_request.html_url }} run: | response_code=$(curl -s \ -o response.txt \ @@ -26,8 +29,8 @@ jobs: "project": { "key": "BC" }, - "summary": "${{ github.event.pull_request.title }} in ${{ github.event.repository.name }}", - "description": "h4. Task:\n${{ github.event.pull_request.title }}\n${{ github.event.pull_request.html_url }}\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment", + "summary": "$PR_TITLE in ${{ github.event.repository.name }}", + "description": "h4. Task:\n$PR_TITLE\n$PR_HTML_URL\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment", "issuetype": { "id": "10100" }, diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1173e27c..5831b6c9 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -3,6 +3,7 @@ on: [pull_request] permissions: contents: read + pull-requests: write jobs: dependency-review: @@ -11,6 +12,6 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@v4 - name: 'Dependency Review' - uses: actions/dependency-review-action@v3 + uses: actions/dependency-review-action@v4 with: - allow-licenses: MIT, Apache-2.0, BSD-3-Clause, 0BSD, Unlicense + allow-licenses: MIT, Apache-2.0, BSD-3-Clause, 0BSD, Unlicense, AGPL-3.0 diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index d74d6834..0726c2cf 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -36,8 +36,6 @@ jobs: - name: test image exists run: | - mkdir -p ~/.docker - echo '{"experimental": "enabled"}' >> ~/.docker/config.json echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ github.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV - name: Build and push ${{ github.repository }} @@ -61,13 +59,18 @@ jobs: - name: Extract branch meta shell: bash id: extract_branch_meta + env: + PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} + PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} + BRANCH_REF_NAME: ${{ github.ref_name}} + BRANCH_SHA: ${{ github.sha }} run: | if [ "${{ github.event_name }}" == 'pull_request' ]; then - echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT - echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT + echo "branch=$PR_HEAD_REF" >> $GITHUB_OUTPUT + echo "sha=$PR_HEAD_SHA" >> $GITHUB_OUTPUT else - echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT - echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT + echo "branch=$BRANCH_REF_NAME" >> $GITHUB_OUTPUT + echo "sha=$BRANCH_SHA" >> $GITHUB_OUTPUT fi deploy: @@ -108,7 +111,7 @@ jobs: uses: actions/checkout@v4 - name: run trivy vulnerability scanner - uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe + uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9 with: image-ref: 'ghcr.io/${{ github.repository }}:${{ github.sha }}' format: 'sarif' @@ -118,6 +121,6 @@ jobs: ignore-unfixed: true - name: upload trivy results if: ${{ always() }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' diff --git a/ansible/roles/tldraw-client-core/templates/tldraw-client-ingress.yml.j2 b/ansible/roles/tldraw-client-core/templates/tldraw-client-ingress.yml.j2 index c600c893..fca72704 100644 --- a/ansible/roles/tldraw-client-core/templates/tldraw-client-ingress.yml.j2 +++ b/ansible/roles/tldraw-client-core/templates/tldraw-client-ingress.yml.j2 @@ -4,7 +4,7 @@ metadata: name: {{ NAMESPACE }}-tldraw-client-ingress namespace: {{ NAMESPACE }} annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}" + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m" nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m" # The following properties added with BC-3606.