docs(devcontainer): add trivy and its VSCode Extension #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright IBM Corp. All Rights Reserved. | |
# | |
# SPDX-License-Identifier: CC-BY-4.0 | |
name: Pre-release Test Weaver Module versions | |
on: | |
pull_request: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
check_release: | |
outputs: | |
status: ${{ steps.early.outputs.status }} | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- name: Ignore if not a release PR | |
id: early | |
env: | |
TITLE: ${{ github.event.pull_request.title }} | |
run : | | |
status="skip" | |
if echo ${TITLE} | grep -q "chore(release)"; then | |
status="continue" | |
fi | |
echo "status=$status" >> $GITHUB_OUTPUT | |
test_weaver_pre-release: | |
needs: check_release | |
if: needs.check_release.outputs.status == 'continue' | |
runs-on: ubuntu-22.04 | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v4.1.1 | |
- name: Get release verison from PR title | |
env: | |
TITLE: ${{ github.event.pull_request.title }} | |
run: | | |
# Assuming release PR follows pattern: chore(release): publish vA.B.C | |
# Split PR title by space, and take 3rd word | |
VERSION=$(echo "${TITLE}" | cut -d ' ' -f 3) | |
# Strip "v" from version | |
VERSION=$(echo $VERSION | sed -e 's/^v//') | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
echo $VERSION | |
# Gradle | |
- name: check weaver/common/protos-java-kt/gradle.properties | |
run: cat gradle.properties | grep "version=" | grep $VERSION || exit 1 | |
working-directory: weaver/common/protos-java-kt | |
- name: check weaver/core/network/corda-interop-app/gradle.properties | |
run: cat gradle.properties | grep "version=" | grep $VERSION || exit 1 | |
working-directory: weaver/core/network/corda-interop-app | |
- name: check weaver/sdks/corda/gradle.properties | |
run: cat gradle.properties | grep "version=" | grep $VERSION || exit 1 | |
working-directory: weaver/sdks/corda | |
- name: check weaver/core/drivers/corda-driver/gradle.properties | |
run: cat gradle.properties | grep "version=" | grep $VERSION || exit 1 | |
working-directory: weaver/core/drivers/corda-driver | |
# NodeJS | |
- name: check weaver/common/protos-js/package.json | |
run: cat package.json | grep "version" | grep $VERSION || exit 1 | |
working-directory: weaver/common/protos-js | |
- name: check weaver/sdks/fabric/interoperation-node-sdk/package.json | |
run: cat package.json | grep "version" | grep $VERSION || exit 1 | |
working-directory: weaver/sdks/fabric/interoperation-node-sdk | |
- name: check weaver/sdks/besu/node/package.json | |
run: cat package.json | grep "version" | grep $VERSION || exit 1 | |
working-directory: weaver/sdks/besu/node | |
- name: check weaver/core/drivers/fabric-driver/package.json | |
run: cat package.json | grep "version" | grep $VERSION || exit 1 | |
working-directory: weaver/core/drivers/fabric-driver | |
- name: check weaver/core/identity-management/iin-agent/package.json | |
run: cat package.json | grep "version" | grep $VERSION || exit 1 | |
working-directory: weaver/core/identity-management/iin-agent | |
# Rust | |
- name: check weaver/common/protos-rs/pkg/Cargo.toml | |
run: cat Cargo.toml | grep "^version" | grep $VERSION || exit 1 | |
working-directory: weaver/common/protos-rs/pkg | |
- name: check weaver/core/relay/Cargo.toml | |
run: cat Cargo.toml | grep "^version" | grep $VERSION || exit 1 | |
working-directory: weaver/core/relay | |
# Docker | |
- name: check weaver/core/drivers/corda-driver/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/core/drivers/corda-driver | |
- name: check weaver/core/drivers/fabric-driver/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/core/drivers/fabric-driver | |
- name: check weaver/core/identity-management/iin-agent/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/core/identity-management/iin-agent | |
- name: check weaver/core/relay/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/core/relay | |
# GO | |
- name: check weaver/common/protos-go/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/common/protos-go | |
- name: check weaver/core/network/fabric-interop-cc/libs/utils/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/core/network/fabric-interop-cc/libs/utils | |
- name: check weaver/core/network/fabric-interop-cc/libs/assetexchange/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/core/network/fabric-interop-cc/libs/assetexchange | |
- name: check weaver/core/network/fabric-interop-cc/interfaces/asset-mgmt/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/core/network/fabric-interop-cc/interfaces/asset-mgmt | |
- name: check weaver/core/network/fabric-interop-cc/contracts/interop/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/core/network/fabric-interop-cc/contracts/interop | |
- name: check weaver/sdks/fabric/go-sdk/VERSION | |
run: cat VERSION | grep $VERSION || exit 1 | |
working-directory: weaver/sdks/fabric/go-sdk | |
test_weaver_go_pre-release: | |
needs: check_release | |
if: needs.check_release.outputs.status == 'continue' | |
runs-on: ubuntu-22.04 | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v4.1.1 | |
- name: Get release verison from PR title | |
env: | |
TITLE: ${{ github.event.pull_request.title }} | |
run: | | |
# Assuming release PR follows pattern: chore(release): publish vA.B.C | |
# Split PR title by space, and take 3rd word | |
VERSION=$(echo "${TITLE}" | cut -d ' ' -f 3) | |
# Strip "v" from version | |
VERSION=$(echo $VERSION | sed -e 's/^v//') | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
echo $VERSION | |
- name: Update GO Checksum | |
run: ./go-gen-checksum.sh $VERSION | |
working-directory: tools | |
- name: Check if changes are committed | |
run: (git status | grep "nothing to commit, working tree clean") || (echo "go-gen-checksum not called before release commit" && exit 1) |