Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Commit

Permalink
Align files
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Aug 23, 2024
1 parent e4640ea commit 6eede89
Show file tree
Hide file tree
Showing 12 changed files with 156 additions and 55 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/zz_generated.add-team-labels.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
-O artifacts/users.yaml \
https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/user-mapping.yaml
- name: Upload Artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: users
path: artifacts/users.yaml
Expand All @@ -27,7 +27,7 @@ jobs:
runs-on: ubuntu-latest
needs: build_user_list
steps:
- uses: actions/download-artifact@v3
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
id: download-users
with:
name: users
Expand All @@ -46,7 +46,7 @@ jobs:
echo "EOF" >> $GITHUB_ENV
- name: Apply label to issue
if: ${{ env.LABEL != '' && env.LABEL != 'null' && env.LABEL != null }}
uses: actions-ecosystem/action-add-labels@v1
uses: actions-ecosystem/action-add-labels@bd52874380e3909a1ac983768df6976535ece7f8 # v1.1.3
with:
github_token: ${{ secrets.ISSUE_AUTOMATION }}
labels: |
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/zz_generated.add-to-project-board.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
-O artifacts/users.yaml \
https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/user-mapping.yaml
- name: Upload Artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: users
path: artifacts/users.yaml
Expand All @@ -30,7 +30,7 @@ jobs:
-O artifacts/labels.yaml \
https://raw.githubusercontent.com/giantswarm/github/main/tools/issue-automation/label-mapping.yaml
- name: Upload Artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: labels
path: artifacts/labels.yaml
Expand All @@ -42,7 +42,7 @@ jobs:
needs: build_user_list
if: github.event.action == 'assigned'
steps:
- uses: actions/download-artifact@v3
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
id: download-users
with:
name: users
Expand All @@ -57,7 +57,7 @@ jobs:
echo "BOARD=${BOARD}" >> $GITHUB_ENV
- name: Add issue to personal board
if: ${{ env.BOARD != 'null' && env.BOARD != '' && env.BOARD != null }}
uses: actions/add-to-project@main
uses: actions/add-to-project@9bfe908f2eaa7ba10340b31e314148fcfe6a2458 # v1.0.1
with:
project-url: ${{ env.BOARD }}
github-token: ${{ secrets.ISSUE_AUTOMATION }}
Expand All @@ -68,7 +68,7 @@ jobs:
needs: build_user_list
if: github.event.action == 'labeled'
steps:
- uses: actions/download-artifact@v3
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
id: download-labels
with:
name: labels
Expand All @@ -83,7 +83,7 @@ jobs:
echo "BOARD=${BOARD}" >> $GITHUB_ENV
- name: Add issue to team board
if: ${{ env.BOARD != 'null' && env.BOARD != '' && env.BOARD != null }}
uses: actions/add-to-project@main
uses: actions/add-to-project@9bfe908f2eaa7ba10340b31e314148fcfe6a2458 # v1.0.1
with:
project-url: ${{ env.BOARD }}
github-token: ${{ secrets.ISSUE_AUTOMATION }}
63 changes: 37 additions & 26 deletions .github/workflows/zz_generated.create_release.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# DO NOT EDIT. Generated with:
#
# devctl@6.14.0
# devctl
#
# https://github.com/giantswarm/devctl/blob/c90dd09846d2e87f1bad62d2089405b78da11a82/pkg/gen/input/workflows/internal/file/create_release.yaml.template
#
name: Create Release
on:
Expand Down Expand Up @@ -32,11 +34,10 @@ jobs:
steps:
- name: Get version
id: get_version
env:
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
run: |
title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 -
${{ github.event.head_commit.message }}
COMMIT_MESSAGE_END
)"
title=$(echo -n "${COMMIT_MESSAGE}" | head -1)
# Matches strings like:
#
# - "Release v1.2.3"
Expand All @@ -53,7 +54,7 @@ jobs:
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Checkout code
if: ${{ steps.get_version.outputs.version != '' }}
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get project.go path
id: get_project_go_path
if: ${{ steps.get_version.outputs.version != '' }}
Expand All @@ -66,11 +67,10 @@ jobs:
echo "path=${path}" >> $GITHUB_OUTPUT
- name: Check if reference version
id: ref_version
env:
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
run: |
title="$(cat <<- 'COMMIT_MESSAGE_END' | head -n 1 -
${{ github.event.head_commit.message }}
COMMIT_MESSAGE_END
)"
title=$(echo -n "${COMMIT_MESSAGE}" | head -1)
if echo "${title}" | grep -qE '^release v[0-9]+\.[0-9]+\.[0-9]+([.-][^ .-][^ ]*)?( \(#[0-9]+\))?$' ; then
version=$(echo "${title}" | cut -d ' ' -f 2)
fi
Expand All @@ -90,20 +90,20 @@ jobs:
- gather_facts
steps:
- name: Install architect
uses: giantswarm/install-binary-action@v1.1.0
uses: giantswarm/install-binary-action@c37eb401e5092993fc76d545030b1d1769e61237 # v3.0.0
with:
binary: "architect"
version: "6.11.0"
version: "6.14.1"
- name: Install semver
uses: giantswarm/install-binary-action@v1.1.0
uses: giantswarm/install-binary-action@c37eb401e5092993fc76d545030b1d1769e61237 # v3.0.0
with:
binary: "semver"
version: "3.2.0"
download_url: "https://github.com/fsaintjacques/${binary}-tool/archive/${version}.tar.gz"
tarball_binary_path: "*/src/${binary}"
smoke_test: "${binary} --version"
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Update project.go
id: update_project_go
env:
Expand Down Expand Up @@ -144,6 +144,15 @@ jobs:
title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}"
run: |
gh pr create --title "${{ env.title }}" --body "" --base ${{ env.base }} --head ${{ env.branch }} --reviewer ${{ github.actor }}
- name: Enable auto-merge for PR
env:
GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}"
base: "${{ github.ref }}"
branch: "${{ github.ref }}-version-bump"
version: "${{ needs.gather_facts.outputs.version }}"
title: "Bump version to ${{ steps.update_project_go.outputs.new_version }}"
run: |
gh pr merge --auto --squash "${{ env.branch }}" || echo "::warning::Auto-merge not allowed. Please adjust the repository settings."
create_release:
name: Create release
runs-on: ubuntu-22.04
Expand All @@ -154,7 +163,7 @@ jobs:
upload_url: ${{ steps.create_gh_release.outputs.upload_url }}
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ github.sha }}
- name: Ensure correct version in project.go
Expand All @@ -165,7 +174,7 @@ jobs:
grep -qE "version[[:space:]]*=[[:space:]]*\"$version\"" $file
- name: Get Changelog Entry
id: changelog_reader
uses: mindsers/changelog-reader-action@v2
uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3
with:
version: ${{ needs.gather_facts.outputs.version }}
path: ./CHANGELOG.md
Expand All @@ -184,13 +193,12 @@ jobs:
git push "${REMOTE_REPO}" --tags
- name: Create release
id: create_gh_release
uses: actions/create-release@v1
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
env:
GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}"
with:
body: ${{ steps.changelog_reader.outputs.changes }}
tag_name: "v${{ needs.gather_facts.outputs.version }}"
release_name: "v${{ needs.gather_facts.outputs.version }}"
tag: "v${{ needs.gather_facts.outputs.version }}"

create-release-branch:
name: Create release branch
Expand All @@ -200,15 +208,15 @@ jobs:
if: ${{ needs.gather_facts.outputs.version }}
steps:
- name: Install semver
uses: giantswarm/install-binary-action@v1.1.0
uses: giantswarm/install-binary-action@c37eb401e5092993fc76d545030b1d1769e61237 # v3.0.0
with:
binary: "semver"
version: "3.0.0"
download_url: "https://github.com/fsaintjacques/${binary}-tool/archive/${version}.tar.gz"
tarball_binary_path: "*/src/${binary}"
smoke_test: "${binary} --version"
- name: Check out the repository
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0 # Clone the whole history, not just the most recent commit.
- name: Fetch all tags and branches
Expand Down Expand Up @@ -266,7 +274,7 @@ jobs:
- windows-amd64
env:
GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}"
GO_VERSION: 1.19.6
GO_VERSION: 1.21.3
ARTIFACT_DIR: bin-dist
TAG: v${{ needs.gather_facts.outputs.version }}
CODE_SIGNING_CERT_BUNDLE_BASE64: ${{ secrets.CODE_SIGNING_CERT_BUNDLE_BASE64 }}
Expand All @@ -276,18 +284,21 @@ jobs:
- gather_facts
steps:
- name: Install architect
uses: giantswarm/install-binary-action@v1.1.0
uses: giantswarm/install-binary-action@c37eb401e5092993fc76d545030b1d1769e61237 # v3.0.0
with:
binary: "architect"
version: "6.11.0"
version: "6.14.1"
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v3.3.0
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ env.TAG }}
# devctl specific, we need the whole git history of branch `main` for generating the correct urls in header templates
- name: Fetch main branch
run: "git fetch origin main --unshallow"
- name: Create ${{ matrix.platform }} package
run: make package-${{ matrix.platform }}
- name: Specify package file name based on platform
Expand Down
16 changes: 9 additions & 7 deletions .github/workflows/zz_generated.create_release_pr.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# DO NOT EDIT. Generated with:
#
# devctl@6.14.0
# devctl
#
# https://github.com/giantswarm/devctl/blob/7345de0273fb431a392dc15f53961b523dba2b5e/pkg/gen/input/workflows/internal/file/create_release_pr.yaml.template
#
name: Create Release PR
on:
Expand Down Expand Up @@ -143,16 +145,16 @@ jobs:
env:
architect_flags: "--organisation ${{ github.repository_owner }} --project ${{ needs.gather_facts.outputs.repo_name }}"
steps:
- uses: actions/setup-go@v3
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '=1.18.1'
go-version: '=1.23'
- name: Install architect
uses: giantswarm/install-binary-action@v1.1.0
uses: giantswarm/install-binary-action@c37eb401e5092993fc76d545030b1d1769e61237 # v3.0.0
with:
binary: "architect"
version: "6.11.0"
version: "6.17.0"
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ needs.gather_facts.outputs.branch }}
- name: Prepare release changes
Expand Down Expand Up @@ -203,7 +205,7 @@ jobs:
- name: Bump go module defined in go.mod if needed
run: |
if [ "${{ needs.gather_facts.outputs.needs_major_bump }}" = true ] && test -f "go.mod"; then
go install github.com/marwan-at-work/mod/cmd/mod@v0.5.0
go install github.com/marwan-at-work/mod/cmd/mod@v0.7.1
mod upgrade
fi
- name: Set up git identity
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/zz_generated.gitleaks.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# DO NOT EDIT. Generated with:
#
# devctl@6.14.0
# devctl
#
# https://github.com/giantswarm/devctl/blob/1a381db95a01773e471818a4ce56ad16ad5d6111/pkg/gen/input/workflows/internal/file/gitleaks.yaml.template
#
name: gitleaks

Expand All @@ -10,7 +12,7 @@ jobs:
gitleaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: '0'
- name: gitleaks-action
Expand Down
80 changes: 80 additions & 0 deletions .github/workflows/zz_generated.run_ossf_scorecard.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
# DO NOT EDIT. Generated with:
#
# devctl
#
# https://github.com/giantswarm/devctl/blob/515bdf66b25f68db4466f9fd8fa6104793785b78/pkg/gen/input/workflows/internal/file/run_ossf_scorecard.yaml.template
#

# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: '15 15 15 * *'
push:
branches: [ "main", "master" ]
workflow_dispatch: {}

# Declare default permissions as read only.
permissions: read-all

jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read

steps:
- name: "Checkout code"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}

# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true

# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4
with:
sarif_file: results.sarif
Loading

0 comments on commit 6eede89

Please sign in to comment.