diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 0f87bbe6..be9ed854 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -23,23 +23,23 @@ jobs: scan: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - with: - fetch-depth: 0 - - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0 - with: - scan-type: fs - ignore-unfixed: false - format: sarif - output: trivy-results.sarif - severity: CRITICAL,HIGH,MEDIUM - scanners: vuln,secret - exit-code: '0' - vuln-type: os,library - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 - with: - sarif_file: trivy-results.sarif - category: code + - name: Checkout + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + with: + fetch-depth: 0 + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0 + with: + scan-type: fs + ignore-unfixed: false + format: sarif + output: trivy-results.sarif + severity: CRITICAL,HIGH,MEDIUM + scanners: vuln,secret + exit-code: '0' + vuln-type: os,library + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + with: + sarif_file: trivy-results.sarif + category: code diff --git a/.github/workflows/ct-lint.yaml b/.github/workflows/ct-lint.yaml index 99c52a68..970383e3 100644 --- a/.github/workflows/ct-lint.yaml +++ b/.github/workflows/ct-lint.yaml @@ -7,7 +7,7 @@ permissions: {} on: pull_request: branches: - - '*' + - '*' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -17,19 +17,19 @@ jobs: ct-lint: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - with: - fetch-depth: 0 - - name: Set up Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 - - name: Setup python - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 - with: - python-version: 3.7 - - name: Set up chart-testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - name: Run chart-testing (lint) - run: | - set -e - ct lint --target-branch=main --check-version-increment=false + - name: Checkout + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + with: + fetch-depth: 0 + - name: Set up Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + - name: Setup python + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + with: + python-version: 3.7 + - name: Set up chart-testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + - name: Run chart-testing (lint) + run: | + set -e + ct lint --target-branch=main --check-version-increment=false diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 7aef6f54..e555f4ac 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -7,10 +7,10 @@ permissions: {} on: push: branches: - - main + - main pull_request: branches: - - main + - main concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -34,7 +34,7 @@ jobs: name: coverage.out path: coverage.out retention-days: 1 - if-no-files-found: error + if-n o-files-found: error upload-to-codecov: needs: