Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
abaguas committed Sep 7, 2024
1 parent 2f3cb00 commit ee529b8
Show file tree
Hide file tree
Showing 18 changed files with 100 additions and 103 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,12 @@ jobs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- id: skip_check
uses: fkirc/skip-duplicate-actions@84931c63f7562abc89860097e0caf563c7b87f65
uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v5.3.0
with:
skip_after_successful_duplicate: 'true'
do_not_skip: '["workflow_dispatch", "schedule"]'
Expand All @@ -48,13 +48,13 @@ jobs:
if: ${{ needs.skip-check.outputs.should_skip != 'true' }}
steps:
- name: Set up Go
uses: actions/setup-go@bfd2fb341f32be7281829126376a12a780ca79fc
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: 1.22.3
- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
# see: https://golangci-lint.run/usage/configuration/#config-file
- name: golangci-lint
uses: golangci/golangci-lint-action@68de804037d6beb4bec814041c98865cb188f3db
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: v1.59.1
skip-go-installation: true
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/changelog_pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,14 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- uses: heinrichreimer/github-changelog-generator-action@981f332491452b16b2127a8bbe19358fdde7e60d
- uses: heinrichreimer/github-changelog-generator-action@6f5b9494dd265d6fb7243a10c53dc0169c55f247 # v2.3
with:
token: ${{ secrets.CR_TOKEN }}
project: k8gb
Expand All @@ -44,7 +44,7 @@ jobs:
cat CHANGELOG-old.md | sed -e'1,2d' >> CHANGELOG.md
rm CHANGELOG-old.md CHANGELOG-latest.md
- name: Create Pull Request
uses: peter-evans/create-pull-request@370712159463f5e3e780068cb9bed6d28c27b94e
uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79 # v7.0.0
with:
title: "Update Offline Changelog"
branch: offline_changelog
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,16 +46,16 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout repository
uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@d8b1697e9a833a1f8cd88c642a6bd8685d3ee856
uses: github/codeql-action/init@5c02493ebfd65b28fd3b082c65e5af2cd745d91f # v2.18.2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -66,7 +66,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@d8b1697e9a833a1f8cd88c642a6bd8685d3ee856
uses: github/codeql-action/autobuild@5c02493ebfd65b28fd3b082c65e5af2cd745d91f # v2.18.2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -80,4 +80,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@d8b1697e9a833a1f8cd88c642a6bd8685d3ee856
uses: github/codeql-action/analyze@5c02493ebfd65b28fd3b082c65e5af2cd745d91f # v2.18.2
9 changes: 4 additions & 5 deletions .github/workflows/curldemo.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,24 +17,23 @@ jobs:
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 1
- name: Login to Dockerhub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85
uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 # v6.6.1
with:
context: ./deploy/test-apps/curldemo/
file: ./deploy/test-apps/curldemo/Dockerfile
push: true
tags: ${{ secrets.DOCKER_USER }}/k8gb-demo-curl:latest

8 changes: 4 additions & 4 deletions .github/workflows/cut_release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,11 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@f8b229487278099721572481264761b1d4fdd530
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: Get Desired Tag
Expand All @@ -29,7 +29,7 @@ jobs:
echo "desired_tag=${tag}" >> $GITHUB_ENV
- name: Push Tag
if: startsWith(github.event.head_commit.message, 'RELEASE:')
uses: mathieudutour/github-tag-action@fcfbdceb3093f6d85a3b194740f8c6cec632f4e2 #v6.1
uses: mathieudutour/github-tag-action@fcfbdceb3093f6d85a3b194740f8c6cec632f4e2 # v6.1
with:
github_token: ${{ secrets.CR_TOKEN }}
create_annotated_tag: true
Expand All @@ -49,7 +49,7 @@ jobs:
echo "previous_tag=${tag}" >> $GITHUB_ENV
- name: Delete Tag and Release
if: startsWith(github.event.head_commit.message, 'Revert "RELEASE:') && env.desired_tag == env.previous_tag
uses: dev-drprasad/delete-tag-and-release@7550ea180f81ca0a875ee3c135b1f72ef66ff4b1
uses: dev-drprasad/delete-tag-and-release@8cd619d00037e4aeb781909c9a6b03940507d0da # v1.0.1
with:
delete_release: true # default: false
tag_name: ${{ env.current_tag }}
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/fossa.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,14 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout code
uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

- name: Run FOSSA scan and upload build data
uses: fossa-contrib/fossa-action@eaa7ead45540cff770b815fdf6bcea019539370b
uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2.0.0
with:
fossa-api-key: 044cfa03c61e6271a24349184e90b381

6 changes: 3 additions & 3 deletions .github/workflows/gh-pages.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- name: Copy new docs to gh-pages
Expand All @@ -33,7 +33,7 @@ jobs:
git checkout ${GITHUB_REF##*/} CHANGELOG.md
git checkout ${GITHUB_REF##*/} docs
- name: Push to gh-pages
uses: EndBug/add-and-commit@b3200cb7c06b8e291e7b9ca6d1b33222ddc371c8
uses: EndBug/add-and-commit@1bad3abcf0d6ec49a5857d124b0bfb52dc7bb081 # v9.1.3
with:
author_name: ${{ github.actor }}
author_email: ${{ github.actor }}@users.noreply.github.com
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/helm_check-values-schema.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,12 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: 'Checkout'
uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: 'Check if values.schema.json was updated'
run: |
VALUES_FILE=chart/k8gb/values.yaml
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/helm_docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,23 +17,22 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout Code
uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Generate docs for helm chart - chart/k8gb/README.md
uses: docker://jnorwood/helm-docs@sha256:7e562b49ab6b1dbc50c3da8f2dd6ffa8a5c6bba327b1c6335cc15ce29267979c
with:
args: --template-files=_helm-docs-template.gotmpl
- name: Create Pull Request
uses: peter-evans/create-pull-request@370712159463f5e3e780068cb9bed6d28c27b94e
uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79 # v7.0.0
with:
title: "Update Helm Docs"
branch: ci-helm-doc
delete-branch: true
base: master
signoff: true
token: ${{ secrets.GITHUB_TOKEN }}

12 changes: 6 additions & 6 deletions .github/workflows/helm_publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,21 +12,21 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
- uses: dave-mcconnell/helm-gh-pages-microservices@8478af5f0fd712cc0fb59f2c99e0688f3f591287
- uses: dave-mcconnell/helm-gh-pages-microservices@f189ab799cebdc5a1af82c47563a02cd2efe1fd4 # v0.1.2
with:
access-token: ${{ secrets.CR_TOKEN }}
source-charts-folder: 'chart'
destination-repo: k8gb-io/k8gb
destination-branch: gh-pages
- name: Create k3s cluster
uses: AbsaOSS/k3d-action@4e8b3239042be1dc0aed6c5eb80c13b18200fc79
uses: AbsaOSS/k3d-action@b176c2a6dcae72e3e64e3e4d61751904ec314002 # v2.3.0
with:
cluster-name: "test-gslb1"
args: -c k3d/test-gslb1.yaml
Expand All @@ -44,15 +44,15 @@ jobs:
- name: Invoke workflow for OLM (community-operators)
if: always()
continue-on-error: true
uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc
uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3
with:
workflow: olm_pr.yaml
token: ${{ secrets.CR_TOKEN }}
inputs: '{ "bundleVersion": "master" }' # during the release 'master' is what we want here
- name: Invoke workflow for OLM (community-operators-prod)
if: always()
continue-on-error: true
uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc
uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3
with:
workflow: olm_pr.yaml
token: ${{ secrets.CR_TOKEN }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/kube-linter.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,25 +17,25 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

- name: Create ../results directory for sarif files
shell: bash
run: mkdir -p ../results

- name: Scan k8gb chart
id: kube-lint-repo
uses: stackrox/kube-linter-action@e5759fab01e612c139fe23f264820ba0cf73320c
uses: stackrox/kube-linter-action@ca0d55b925470deb5b04b556e6c4276ea94d03c3 # v1.0.4
with:
directory: chart/k8gb
version: 0.2.5
format: sarif
output-file: ../results/kube-linter.sarif

- name: Upload sarif output to GitHub
uses: github/codeql-action/upload-sarif@d8b1697e9a833a1f8cd88c642a6bd8685d3ee856
uses: github/codeql-action/upload-sarif@5c02493ebfd65b28fd3b082c65e5af2cd745d91f # v2.18.2
continue-on-error: true
8 changes: 4 additions & 4 deletions .github/workflows/olm_pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,11 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0

Expand Down Expand Up @@ -60,7 +60,7 @@ jobs:
rm ./olm/bundle/Dockerfile
cp -r ./olm/bundle $GITHUB_WORKSPACE/
- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
repository: ${{ github.event.inputs.upstreamRepo }}
path: sandbox
Expand All @@ -75,7 +75,7 @@ jobs:
- name: Open Pull Request
id: cpr
uses: peter-evans/create-pull-request@370712159463f5e3e780068cb9bed6d28c27b94e
uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79 # v7.0.0
with:
token: ${{ secrets.CR_TOKEN }}
push-to-fork: ${{ github.event.inputs.downstreamRepo }}
Expand Down
Loading

0 comments on commit ee529b8

Please sign in to comment.