BC-6589 update gh-actions

hpi-schul-cloud · Feb 20, 2024 · 4163e6f · 4163e6f
1 parent dd5e505
commit 4163e6f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml
@@ -5,7 +5,7 @@ on: delete
 
 jobs:
   clean:
-    uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/clean_workflow.yml@main
+    uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/clean_workflow.yml@bc-6589
     with:
       branch: ${{ github.event.ref }}
     secrets:

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -69,20 +69,25 @@ jobs:
       - name: Extract branch meta
         shell: bash
         id: extract_branch_meta
+        env:
+          PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
+          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          BRANCH_REF_NAME: ${{ github.ref_name}}
+          BRANCH_SHA: ${{ github.sha }}
         run: |
           if [ "${{ github.event_name }}" == 'pull_request' ]; then
-            echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT
-            echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
+            echo "branch=$PR_HEAD_REF" >> $GITHUB_OUTPUT
+            echo "sha=$PR_HEAD_SHA" >> $GITHUB_OUTPUT
           else
-            echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
-            echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT
+            echo "branch=$BRANCH_REF_NAME" >> $GITHUB_OUTPUT
+            echo "sha=$BRANCH_SHA" >> $GITHUB_OUTPUT
           fi
 
   deploy:
     needs:
       - build_and_push
       - branch_meta
-    uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@main
+    uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@bc-6589
     with:
       branch: ${{ needs.branch_meta.outputs.branch }}
     secrets:
@@ -113,7 +118,7 @@ jobs:
       security-events: write
     steps:
       - name: run trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
+        uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9
         with:
           image-ref: 'ghcr.io/${{ github.repository }}:${{ github.sha }}'
           format: 'sarif'
@@ -123,6 +128,6 @@ jobs:
           ignore-unfixed: true
       - name: upload trivy results
         if: ${{ always() }}
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'