Skip to content

Commit

Permalink
Merge branch 'main' into PAN-2282-remove-validator-fee-from-same-bloc…
Browse files Browse the repository at this point in the history
…kchain-bids
  • Loading branch information
juanmanuel-tirado authored Oct 18, 2024
2 parents fa23bdd + 425d509 commit b9cc967
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 18 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
architecture: ["amd64"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
allowed-endpoints: >
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
arch: ['amd64']
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
allowed-endpoints: >
Expand Down
17 changes: 8 additions & 9 deletions .github/workflows/docker-vulnerabilities.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
name: DockerVulnerabilities
on:
push:
branches:
- main
schedule:
# At the end of every day
- cron: "0 0 * * *"

jobs:
docker-analysis:
Expand All @@ -18,7 +18,7 @@ jobs:
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
allowed-endpoints: >
Expand Down Expand Up @@ -52,10 +52,9 @@ jobs:
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-v1.0-service-node-${{ github.ref_name }}
key: ${{ runner.os }}-trivy-service-node-${{ matrix.arch }}-${{ github.ref_name }}
restore-keys: |
${{ runner.os }}-buildx-v1.0-service-node-
${{ runner.os }}-trivy-service-node-${{ matrix.arch }}-
- name: Build and load
run: |
docker buildx bake \
Expand All @@ -70,7 +69,7 @@ jobs:
DOCKER_TAG: analysis-latest

- name: Scan vulnerabilities app image
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
with:
image-ref: 'pantosio/service-node-app:analysis-latest'
format: 'sarif'
Expand All @@ -85,7 +84,7 @@ jobs:
sarif_file: 'trivy-app-results.sarif'

- name: Scan vulnerabilities worker image
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
with:
image-ref: 'pantosio/service-node-worker:analysis-latest'
format: 'sarif'
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/publish-docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
permissions:
id-token: write
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@v4
Expand Down Expand Up @@ -68,7 +68,7 @@ jobs:
done
- name: Login to Docker Hub
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
deployment_pypi_environment: ${{ steps.get-environment.outputs.deployment_pypi_environment }}
deployment_url: ${{ steps.get-environment.outputs.deployment_url }}
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: audit
Expand Down Expand Up @@ -78,7 +78,7 @@ jobs:
contents: write
id-token: write
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: audit
Expand Down Expand Up @@ -148,7 +148,7 @@ jobs:
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: audit
Expand All @@ -165,7 +165,7 @@ jobs:
ls -lha dist
- name: Publish package distributions to ${{ needs.define-environment.outputs.deployment_pypi_environment }}
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # stable/v1.9.0
uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # stable/v1.10.3
with:
repository-url: ${{ needs.define-environment.outputs.deployment_pypi_environment == 'test-pypi' && 'https://test.pypi.org/legacy/' || 'https://upload.pypi.org/legacy/' }}

Expand All @@ -181,7 +181,7 @@ jobs:
# Disable the job for the moment being
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: audit
Expand Down

0 comments on commit b9cc967

Please sign in to comment.