Merge branch 'main' into dependabot/github_actions/actions/checkout-4…

….1.5
leplusorg · May 14, 2024 · c7e006a · c7e006a
2 parents b1179ac + fa583de
commit c7e006a
Show file tree

Hide file tree

Showing 7 changed files with 66 additions and 54 deletions.
diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
@@ -0,0 +1,48 @@
+---
+name: Docker
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 0 * * 0'
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  build:
+    if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set IMAGE
+        run: echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+      - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+      - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        id: meta
+        with:
+          images: ${{ github.repository_owner }}/${{ env.IMAGE }}
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+      - name: Test the Docker image
+        working-directory: ${{ env.IMAGE }}
+        run: docker compose -f docker-compose.test.yml run sut
+      - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        if: github.ref == 'refs/heads/main'
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+        with:
+          context: ${{ env.IMAGE }}
+          platforms: linux/amd64,linux/arm64
+          pull: true
+          push: ${{ github.ref == 'refs/heads/main' }}
+          sbom: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/dockerrelease.yml → .github/workflows/docker-release.yml b/.github/workflows/dockerrelease.yml → .github/workflows/docker-release.yml
diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
@@ -15,10 +15,11 @@ name: OSV-Scanner
 on:
   pull_request:
     branches: [ "main" ]
-  schedule:
-    - cron: '0 0 * * 0'
   push:
     branches: [ "main" ]
+  schedule:
+    - cron: '0 0 * * 0'
+  workflow_dispatch:
 
 permissions:
   # Require writing security events to upload SARIF file to security tab
@@ -29,7 +30,7 @@ permissions:
 jobs:
   scan-scheduled:
     if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@75532bf0bf75464b047d80414dbce04449498365" # v1.7.3
     with:
       # Example of specifying custom arguments
       scan-args: |-
@@ -38,7 +39,7 @@ jobs:
         ./
   scan-pr:
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@75532bf0bf75464b047d80414dbce04449498365" # v1.7.3
     with:
       # Example of specifying custom arguments
       scan-args: |-

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -1,24 +1,12 @@
 ---
-# Copyright 2016-present Thomas Leplus
-# 
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-# 
-#     http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 name: Scorecards supply-chain security
 on:
   push:
     branches:
       - main
       - 'releases/**'
+  schedule:
+    - cron: '0 0 * * 0'
   workflow_dispatch:
 
 permissions: read-all
@@ -36,7 +24,7 @@ jobs:
         with:
           persist-credentials: false
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -48,6 +36,6 @@ jobs:
           path: results.sarif
           retention-days: 5
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/dockerimage.yml → .github/workflows/trigger-release.yml b/.github/workflows/dockerimage.yml → .github/workflows/trigger-release.yml
@@ -1,11 +1,10 @@
 ---
-name: Docker
+name: Trigger Release
 
 on:
   push:
-  pull_request:
   schedule:
-    - cron: '0 0 * * 0'
+    - cron: '0 0 * * *'
   workflow_dispatch:
 
 permissions:
@@ -19,34 +18,6 @@ jobs:
       - name: Set IMAGE
         run: echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
       - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
-      - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
-      - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
-      - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
-        id: meta
-        with:
-          images: ${{ github.repository_owner }}/${{ env.IMAGE }}
-          tags: |
-            type=schedule
-            type=ref,event=branch
-            type=ref,event=pr
-            type=sha
-      - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
-        if: github.ref == 'refs/heads/main'
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
-        with:
-          context: ${{ env.IMAGE }}
-          platforms: linux/amd64,linux/arm64
-          pull: true
-          push: ${{ github.ref == 'refs/heads/main' }}
-          sbom: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-      - name: Test the Docker image
-        working-directory: ${{ env.IMAGE }}
-        run: docker compose -f docker-compose.test.yml run sut
       - name: Set VERSION
         if: github.ref == 'refs/heads/main'
         run: |
@@ -67,7 +38,7 @@ jobs:
               repo: context.repo.repo,
               tag: `v${VERSION}`,
             }).then(function(result) {
-              core.info(JSON.stringify(result))
+              core.debug(JSON.stringify(result))
               core.info(`Release ${result.data.tag_name} found`)
               return result.data.tag_name
             }).catch(function(error) {
@@ -79,7 +50,7 @@ jobs:
               }
             })
           result-encoding: string
-      - name: Trigger release
+      - name: Trigger Release
         if: env.VERSION != '' && steps.check-release.outputs.result == 'undefined'
         uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
         env:

diff --git a/.github/workflows/update-prs.yml b/.github/workflows/update-prs.yml
@@ -3,6 +3,8 @@ name: Update PRs
 
 on:
   push:
+  schedule:
+    - cron: '0 * * * *'
   workflow_dispatch:
 
 permissions:
@@ -26,12 +28,14 @@ jobs:
             })
             const prs = await github.paginate(opts)
             for (const pr of prs) {
+              core.debug(JSON.stringify(pr))
               core.info(`Updating PR #${pr.number}`)
               github.rest.pulls.updateBranch({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 pull_number: pr.number,
               }).then(function(result) {
+                core.debug(JSON.stringify(result))
                 core.info(JSON.stringify(result.data))
               }).catch(function(error) {
                 core.error(error)

diff --git a/aws-cli/Dockerfile b/aws-cli/Dockerfile
@@ -1,4 +1,4 @@
-FROM amazon/aws-cli:2.15.45@sha256:d1965dc29a13fbc3b3045158e5e3a915ccf77719d92adcf13be85a42dc808c11
+FROM amazon/aws-cli:2.15.48@sha256:1c19e183d28c5ad569bff70e8264ebfb4390877c0e630cee02e7a16e094dae3a
 
 HEALTHCHECK NONE