From 84ab9971d784872b73fd7fb3a06f4c472c0f0338 Mon Sep 17 00:00:00 2001
From: Alejandro Alvarez <avazquez@liquibase.com>
Date: Tue, 16 Jan 2024 07:48:54 +0100
Subject: [PATCH] chore(create-release.yml): update version of sonar-push.yml
 to v0.6.1 for the sonar job in create-release workflow (#148)

chore(extension-attach-artifact-release.yml): update version of scripts to v0.6.1 for getting reusable script files in extension-attach-artifact-release workflow
chore(extension-release-prepare.yml): update version of extension-release-rollback.yml to v0.6.1 for the release-rollback job in extension-release-prepare workflow
chore(extension-release-published.yml): update version of extension-release-prepare.yml to v0.6.1 for the maven-release job in extension-release-published workflow
chore(os-extension-test.yml): update version of sonar-pull-request.yml to v0.6.1 for the sonar-pr job in os-extension-test workflow
chore(package-linux.yml): update version of scripts and package-deb-pom.xml to v0.6.1 for getting reusable script files and packaging linux in package-linux workflow
chore(pom-release-published.yml): update version of extension-release-prepare.yml to v0.6.1 for the maven-release job in pom-release-published workflow
chore(pro-extension-test.yml): update version of sonar-pull-request.yml to v0.6.1 for the sonar-pr job in pro-extension-test workflow
chore(synk-nightly.yml): delete synk-nightly workflow
docs(README.md): remove snyk-nightly.yml from the list of reusable workflows in README.md
---
 .github/workflows/create-release.yml          |  2 +-
 .../extension-attach-artifact-release.yml     |  8 +++---
 .../workflows/extension-release-prepare.yml   |  2 +-
 .../workflows/extension-release-published.yml |  2 +-
 .github/workflows/os-extension-test.yml       |  2 +-
 .github/workflows/package-linux.yml           | 10 +++----
 .github/workflows/pom-release-published.yml   |  2 +-
 .github/workflows/pro-extension-test.yml      |  2 +-
 .github/workflows/synk-nightly.yml            | 28 -------------------
 README.md                                     |  1 -
 10 files changed, 15 insertions(+), 44 deletions(-)
 delete mode 100644 .github/workflows/synk-nightly.yml

diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
index 37cf278f..e7d855e3 100644
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -11,7 +11,7 @@ on:
   
 jobs:
   sonar:
-    uses: liquibase/build-logic/.github/workflows/sonar-push.yml@v0.6.0
+    uses: liquibase/build-logic/.github/workflows/sonar-push.yml@v0.6.1
     secrets: inherit
     with:
       extraCommand: ${{ inputs.extraCommand }}
diff --git a/.github/workflows/extension-attach-artifact-release.yml b/.github/workflows/extension-attach-artifact-release.yml
index e4a2eb4e..859702a0 100644
--- a/.github/workflows/extension-attach-artifact-release.yml
+++ b/.github/workflows/extension-attach-artifact-release.yml
@@ -84,9 +84,9 @@ jobs:
             
       - name: Get Reusable Script Files
         run: |
-          curl -o $PWD/.github/get_draft_release.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.0/.github/get_draft_release.sh
-          curl -o $PWD/.github/sign_artifact.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.0/.github/sign_artifact.sh
-          curl -o $PWD/.github/upload_asset.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.0/.github/upload_asset.sh
+          curl -o $PWD/.github/get_draft_release.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.1/.github/get_draft_release.sh
+          curl -o $PWD/.github/sign_artifact.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.1/.github/sign_artifact.sh
+          curl -o $PWD/.github/upload_asset.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.1/.github/upload_asset.sh
           chmod +x $PWD/.github/get_draft_release.sh
           chmod +x $PWD/.github/sign_artifact.sh
           chmod +x $PWD/.github/upload_asset.sh
@@ -175,7 +175,7 @@ jobs:
       - name: Get upload_zip.sh Script File
         if: inputs.zip == 'true'
         run: |
-          curl -o $PWD/.github/upload_zip.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.0/.github/upload_zip.sh
+          curl -o $PWD/.github/upload_zip.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.1/.github/upload_zip.sh
           chmod +x $PWD/.github/upload_zip.sh
   
       - name: Attach Zip File to Draft Release
diff --git a/.github/workflows/extension-release-prepare.yml b/.github/workflows/extension-release-prepare.yml
index 83d4bbdb..f8690e09 100644
--- a/.github/workflows/extension-release-prepare.yml
+++ b/.github/workflows/extension-release-prepare.yml
@@ -107,7 +107,7 @@ jobs:
   release-rollback:
     needs: prepare-release
     if: ${{ always() && contains(needs.*.result, 'failure') }}
-    uses: liquibase/build-logic/.github/workflows/extension-release-rollback.yml@v0.6.0
+    uses: liquibase/build-logic/.github/workflows/extension-release-rollback.yml@v0.6.1
     secrets: inherit
     with:
       extraCommand: ${{ inputs.extraCommand }}
diff --git a/.github/workflows/extension-release-published.yml b/.github/workflows/extension-release-published.yml
index 63a54fd8..d238e9dc 100644
--- a/.github/workflows/extension-release-published.yml
+++ b/.github/workflows/extension-release-published.yml
@@ -23,7 +23,7 @@ on:
 
 jobs:
   maven-release:
-    uses: liquibase/build-logic/.github/workflows/extension-release-prepare.yml@v0.6.0
+    uses: liquibase/build-logic/.github/workflows/extension-release-prepare.yml@v0.6.1
     secrets: inherit
     with:
       extraCommand: ${{ inputs.extraCommand }}
diff --git a/.github/workflows/os-extension-test.yml b/.github/workflows/os-extension-test.yml
index 779fa769..ac4a9a32 100644
--- a/.github/workflows/os-extension-test.yml
+++ b/.github/workflows/os-extension-test.yml
@@ -203,7 +203,7 @@ jobs:
   sonar-pr:
     if: ${{ !inputs.nightly }} 
     needs: [ unit-test ]
-    uses: liquibase/build-logic/.github/workflows/sonar-pull-request.yml@v0.6.0
+    uses: liquibase/build-logic/.github/workflows/sonar-pull-request.yml@v0.6.1
     secrets: inherit
     with:
       extraCommand: ${{ inputs.extraCommand }} 
diff --git a/.github/workflows/package-linux.yml b/.github/workflows/package-linux.yml
index a6d27d53..1bf93c2b 100644
--- a/.github/workflows/package-linux.yml
+++ b/.github/workflows/package-linux.yml
@@ -64,11 +64,11 @@ jobs:
             # Under the src folder is where specific packages files live. The GitHub action inputs will modify the universal package-deb-pom.xml to tell the process which assets to use during the packaging step
             mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/deb/control
             mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/main/archive
-            curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/control https://raw.githubusercontent.com/liquibase/build-logic/v0.6.0/src/${{ inputs.artifactId }}/deb/control/control
-            curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/postinst https://raw.githubusercontent.com/liquibase/build-logic/v0.6.0/src/${{ inputs.artifactId }}/deb/control/postinst
-            curl -o $PWD/.github/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.0/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh
-            curl -o $PWD/.github/package-deb-pom.xml https://raw.githubusercontent.com/liquibase/build-logic/v0.6.0/.github/package-deb-pom.xml
-            curl -o $PWD/.github/sign_artifact.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.0/.github/sign_artifact.sh
+            curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/control https://raw.githubusercontent.com/liquibase/build-logic/v0.6.1/src/${{ inputs.artifactId }}/deb/control/control
+            curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/postinst https://raw.githubusercontent.com/liquibase/build-logic/v0.6.1/src/${{ inputs.artifactId }}/deb/control/postinst
+            curl -o $PWD/.github/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.1/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh
+            curl -o $PWD/.github/package-deb-pom.xml https://raw.githubusercontent.com/liquibase/build-logic/v0.6.1/.github/package-deb-pom.xml
+            curl -o $PWD/.github/sign_artifact.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.1/.github/sign_artifact.sh
             chmod +x $PWD/.github/sign_artifact.sh
 
         - name: Import GPG key
diff --git a/.github/workflows/pom-release-published.yml b/.github/workflows/pom-release-published.yml
index b4a1d411..af6545a3 100644
--- a/.github/workflows/pom-release-published.yml
+++ b/.github/workflows/pom-release-published.yml
@@ -68,5 +68,5 @@ jobs:
 
   maven-release:
     needs: release
-    uses: liquibase/build-logic/.github/workflows/extension-release-prepare.yml@v0.6.0
+    uses: liquibase/build-logic/.github/workflows/extension-release-prepare.yml@v0.6.1
     secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/pro-extension-test.yml b/.github/workflows/pro-extension-test.yml
index 6529789c..08d7dbd3 100644
--- a/.github/workflows/pro-extension-test.yml
+++ b/.github/workflows/pro-extension-test.yml
@@ -263,7 +263,7 @@ jobs:
   sonar-pr:
     if: ${{ !inputs.nightly }} 
     needs: [ unit-test ]
-    uses: liquibase/build-logic/.github/workflows/sonar-pull-request.yml@v0.6.0
+    uses: liquibase/build-logic/.github/workflows/sonar-pull-request.yml@v0.6.1
     secrets: inherit
     with:
       extraCommand: ${{ inputs.extraCommand }}
diff --git a/.github/workflows/synk-nightly.yml b/.github/workflows/synk-nightly.yml
deleted file mode 100644
index a146a51e..00000000
--- a/.github/workflows/synk-nightly.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-# Run Snyk nightly to scan and report security issues on staging.
-name: Nightly Snyk Scan
-
-# Job will run nightly at 02:05 EDT / 01:05 CDT
-# Time below is UTC
-on:
-  workflow_call:
-    secrets:
-      SNYK_TOKEN:
-        description: 'SNYK_TOKEN from the caller workflow'
-        required: true
-
-jobs:
-  security-scan:
-    name: Snyk Security Scan
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Master Branch
-        uses: actions/checkout@v4
-
-      - name: Run Snyk Test
-        uses: snyk/actions/maven-3-jdk-11@master
-        timeout-minutes: 10
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          command: test
-          args: --fail-on=all --fail-fast -d --severity-threshold=medium --all-projects --org=datical
diff --git a/README.md b/README.md
index 72a3dac1..5dd4c1ba 100644
--- a/README.md
+++ b/README.md
@@ -81,7 +81,6 @@ Please review the below table of reusable workflows and their descriptions:
 | `sonar-pull-request.yml`                | Code Coverage Scan for PRs.  Requires branch name parameter                                                             |
 | `sonar-test-scan.yml`                   | Code Coverage Scan for unit and integration tests                                                                       |
 | `sonar-push.yml`                        | Same as PR job, but for pushes to main. Does not require branch name parameter                                          |  
-| `snyk-nightly.yml`                      | Nightly Security Scans                                                                                                  |
 | various shell scripts                   | helper scripts for getting the draft release, signing artifacts, and uploading assets                                   |
 
 ## Requirements