Skip to content

Update github/codeql-action action to v3.24.8 #9589

Update github/codeql-action action to v3.24.8

Update github/codeql-action action to v3.24.8 #9589

Workflow file for this run

---
name: deploy-hato-bot
on:
release:
types:
- published
pull_request:
types:
- opened
- synchronize
- reopened
- closed
push:
branches:
- master
- develop
jobs:
deploy_docker_image:
runs-on: ubuntu-latest
env:
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
REPOSITORY: ${{github.repository}}
permissions:
contents: read
packages: write
if: github.event_name == 'release' || (github.event_name == 'pull_request' && github.event.action != 'closed' && github.repository == github.event.pull_request.head.repo.full_name)
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set .env
run: cp .env.example .env
- name: Login to GitHub Container Registry
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref}}
if: ${{ github.event_name == 'pull_request' }}
- run: echo 'TAG_NAME=${{ github.event.release.tag_name }}' >> "$GITHUB_ENV"
if: ${{ github.event_name == 'release' }}
- name: Build and push (build)
uses: docker/bake-action@017aa056d6bfc9797de5a5dd354a209dc07b490e # v4.3.0
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: build.docker-compose.yml
- name: Build and push (main)
uses: docker/bake-action@017aa056d6bfc9797de5a5dd354a209dc07b490e # v4.3.0
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: docker-compose.yml
- name: Build and push (dev)
uses: docker/bake-action@017aa056d6bfc9797de5a5dd354a209dc07b490e # v4.3.0
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: docker-compose.yml,dev.base.docker-compose.yml
- run: echo 'TAG_NAME=latest' >> "$GITHUB_ENV"
if: ${{ github.event_name == 'release' }}
- name: Build and push (build) (latest)
uses: docker/bake-action@017aa056d6bfc9797de5a5dd354a209dc07b490e # v4.3.0
if: ${{ github.event_name == 'release' }}
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: build.docker-compose.yml
- name: Build and push (main) (latest)
uses: docker/bake-action@017aa056d6bfc9797de5a5dd354a209dc07b490e # v4.3.0
if: ${{ github.event_name == 'release' }}
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: docker-compose.yml
- name: Build and push (dev) (latest)
uses: docker/bake-action@017aa056d6bfc9797de5a5dd354a209dc07b490e # v4.3.0
if: ${{ github.event_name == 'release' }}
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: docker-compose.yml,dev.base.docker-compose.yml
- name: Start docker
env:
DOCKER_CONTENT_TRUST: 1
run: docker compose up -d --wait
# .python-version をDockerイメージと同期させる
update-version-python-version:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
DOCKER_CONTENT_TRUST: 1
REPOSITORY: ${{github.repository}}
needs: deploy_docker_image
if: always() && (needs.deploy_docker_image.result == 'success' || (github.event_name == 'pull_request' && github.event.action == 'closed'))
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
if: github.event_name != 'pull_request' || github.event.action != 'closed'
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Get Python version
id: get_python_version
if: github.event_name != 'pull_request' || github.event.action != 'closed'
run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/update_version_python_version/get_python_version.sh"
env:
HEAD_REF: ${{github.head_ref || github.event.release.tag_name}}
- uses: dev-hato/actions-diff-pr-management@128afc4203b4e391e03868be91c987b2ddba7ea5 # v1.1.12
with:
github-token: ${{secrets.GITHUB_TOKEN}}
branch-name-prefix: fix-version-python-version
pr-title-prefix: .python-versionを直してあげたよ!
update-dockle:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
if: github.event_name != 'pull_request' || github.event.action != 'closed'
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- uses: dev-hato/actions-update-dockle@c92b0e505cc4ed6dc1b4c2c6851193d02ce5fcba # v0.0.81
with:
github-token: ${{secrets.GITHUB_TOKEN}}
dockle:
runs-on: ubuntu-latest
needs:
- update-dockle
- deploy_docker_image
env:
DOCKER_CONTENT_TRUST: 1
REPOSITORY: ${{github.repository}}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/dockle/run_dockle.sh"
env:
HEAD_REF: ${{github.head_ref || github.event.release.tag_name}}
deploy-complete:
runs-on: ubuntu-latest
if: always()
needs:
- update-version-python-version
- update-dockle
- dockle
steps:
- if: needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || needs.dockle.result == 'success')))
run: exit 0
- if: ${{ !(needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || needs.dockle.result == 'success')))) }}
run: exit 1
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
cancel-in-progress: true