Skip to content

Commit

Permalink
AAE-18110 Use SHA for GitHub actions (#199)
Browse files Browse the repository at this point in the history 
* AAE-18110 - Add pre-checks job

* AAE-18110 - Use pinned SHA
  • Loading branch information
@Giovanni007
Giovanni007 authored Nov 23, 2023
1 parent cac7b2a commit c3c2ff5
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 29 deletions.
50 changes: 26 additions & 24 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,31 +25,33 @@ env:

jobs:

check-ext-build:
name: Check dependabot/external build
pre-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: Activiti/Activiti/.github/actions/check-ext-build@8.0.0-alpha.10

pre-commit:
needs: check-ext-build
runs-on: ubuntu-latest
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v3.2.1
- uses: bridgecrewio/checkov-action@v12.1839.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Check dependabot build
uses: Activiti/Activiti/.github/actions/check-ext-build@4db084fcbb13a288f3b66ac08fc50a5ab7f144ed # 8.0.0-alpha.10
- name: Setup Helm Docs
uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
- name: Run Checkov
uses: bridgecrewio/checkov-action@e1bb78184f5dd3690fb1089d6c4f51295f9dff48 # v12.1839.0
with:
framework: kubernetes
- uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v3.2.1
- name: pre-commit
uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@8c2a3691aa49cd105f62c2983cda3089b82afe89 # v4.0.0
with:
skip_checkout: true
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b35f285b9bb7e80de0967367cee66d3b6d50ceca # v3.0.1

build:
runs-on: ubuntu-latest
needs: pre-commit
needs: pre-checks
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Build
uses: Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@v3.2.1
uses: Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
with:
chart-dir: ${{ env.CHART_DIR }}

Expand All @@ -65,23 +67,23 @@ jobs:
outputs:
version: ${{ steps.calculate-next-internal-version.outputs.next-prerelease }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Parse next release
id: helm-parse-next-release
uses: Alfresco/alfresco-build-tools/.github/actions/helm-parse-next-release@v3.2.1
uses: Alfresco/alfresco-build-tools/.github/actions/helm-parse-next-release@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
with:
chart-dir: ${{ env.CHART_DIR }}

- id: calculate-next-internal-version
name: Calculate next internal release
uses: Alfresco/alfresco-build-tools/.github/actions/calculate-next-internal-version@v3.2.1
uses: Alfresco/alfresco-build-tools/.github/actions/calculate-next-internal-version@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
with:
next-version: ${{ steps.helm-parse-next-release.outputs.next-release }}

- id: helm-release-and-publish
name: Release and publish helm chart
uses: Alfresco/alfresco-build-tools/.github/actions/helm-release-and-publish@v3.2.1
uses: Alfresco/alfresco-build-tools/.github/actions/helm-release-and-publish@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
with:
version: ${{ steps.calculate-next-internal-version.outputs.next-prerelease }}
chart-dir: ${{ env.CHART_DIR }}
Expand All @@ -101,15 +103,15 @@ jobs:
VERSION: ${{ needs.publish.outputs.version }}
DEVELOPMENT_BRANCH: ${{ github.ref_name }}
steps:
- uses: Activiti/activiti-scripts/.github/actions/wait-for-chart@develop
- uses: Activiti/activiti-scripts/.github/actions/wait-for-chart@000995bdf3eae49f78ff39c462226208039ef1a8 # 8.1.0
with:
chart-name: ${{ env.CHART_NAME }}
version: ${{ env.VERSION }}
helm-repo-name: ${{ env.HELM_REPO_NAME }}
helm-repo-url: ${{ env.HELM_REPO_BASE_URL }}
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@v3.2.1
- uses: Alfresco/alfresco-build-tools/.github/actions/jx-updatebot-pr@v3.2.1
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
- uses: Alfresco/alfresco-build-tools/.github/actions/jx-updatebot-pr@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
env:
GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
with:
Expand All @@ -129,7 +131,7 @@ jobs:
if: always() && failure() && github.event_name == 'push'
steps:
- name: Slack Notification
uses: Alfresco/alfresco-build-tools/.github/actions/send-slack-notification@v3.2.1
uses: Alfresco/alfresco-build-tools/.github/actions/send-slack-notification@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
with:
channel-id: 'eng-hxp-studio-activiti-gh-notifs'
token: ${{ secrets.SLACK_NOTIFICATION_BOT_TOKEN }}
10 changes: 5 additions & 5 deletions .github/workflows/rc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,17 +20,17 @@ jobs:
env:
VERSION: ${{ github.ref_name }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- id: helm-package-chart
name: Package Helm chart
uses: Alfresco/alfresco-build-tools/.github/actions/helm-package-chart@v3.2.1
uses: Alfresco/alfresco-build-tools/.github/actions/helm-package-chart@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
with:
chart-dir: ${{ env.CHART_DIR }}

- id: helm-publish-chart
name: Publish Helm chart
uses: Alfresco/alfresco-build-tools/.github/actions/helm-publish-chart@v3.2.1
uses: Alfresco/alfresco-build-tools/.github/actions/helm-publish-chart@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
with:
chart-package: ${{ steps.helm-package-chart.outputs.package-file-path }}
helm-charts-repo: ${{ env.HELM_REPO }}
Expand All @@ -40,7 +40,7 @@ jobs:
token: ${{ secrets.BOT_GITHUB_TOKEN }}
git-username: ${{ secrets.BOT_GITHUB_USERNAME }}

- uses: Activiti/activiti-scripts/.github/actions/wait-for-chart@develop
- uses: Activiti/activiti-scripts/.github/actions/wait-for-chart@000995bdf3eae49f78ff39c462226208039ef1a8 # 8.1.0
with:
chart-name: ${{ env.CHART_NAME }}
version: ${{ env.VERSION }}
Expand All @@ -54,7 +54,7 @@ jobs:
if: always() && failure() && github.event_name == 'push'
steps:
- name: Slack Notification
uses: Alfresco/alfresco-build-tools/.github/actions/send-slack-notification@v3.2.1
uses: Alfresco/alfresco-build-tools/.github/actions/send-slack-notification@3741d4445541db169728841ebedb8725b51f0b45 # v3.2.1
with:
channel-id: 'eng-hxp-studio-releases-gh-notifs'
token: ${{ secrets.SLACK_NOTIFICATION_BOT_TOKEN }}

0 comments on commit c3c2ff5

Please sign in to comment.