Skip to content

Commit

Permalink
fixup! wip: pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
@phbelitz
phbelitz committed Feb 22, 2024
1 parent 89d54c6 commit 73cdf48
Show file tree
Hide file tree
Showing 9 changed files with 52 additions and 52 deletions.
2 changes: 1 addition & 1 deletion .github/actions/alerting-endpoint/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ runs:
CONTAINER=$(docker container ls --no-trunc --format "{{json . }}" | jq ' . | select(.Image|match("alerting-endpoint"))')
CONTAINER_ID=$(echo ${CONTAINER} | jq -r .ID)
CONTAINER_NETWORK=$(echo ${CONTAINER} | jq -r .Networks)
SEARCH_PATH=.[0].NetworkSettings.Networks.${CONTAINER_NETWORK}.IPAddress
SEARCH_PATH=.[0].NetworkSettings.Networks."${CONTAINER_NETWORK}".IPAddress
IP=$(docker container inspect ${CONTAINER_ID} | jq -r ${SEARCH_PATH})
echo IP=${IP} >> ${GITHUB_OUTPUT}
shell: bash
2 changes: 1 addition & 1 deletion .github/actions/build/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ runs:
provenance: true
sbom: true
- name: Create SBOM
uses: anchore/sbom-action@07978da4bdb4faa726e52dfc6b1bed63d4b56479 # v0.13.3
uses: anchore/sbom-action@5ecf649a417b8ae17dc8383dc32d46c03f2312df # v0.15.1
with:
image: ${{ inputs.image_registry }}/${{ inputs.image_repo }}@${{ steps.build.outputs.digest }}
format: cyclonedx-json
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/.reusable-build.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: build

#permissions: {} #TODO: reactivate for non-private
permissions: {}

on:
workflow_call:
Expand Down Expand Up @@ -51,7 +51,7 @@ jobs:
context:
runs-on: ubuntu-latest
if: inputs.skip != 'all'
# permissions: {} #TODO: reactivate for non-private
permissions: {}
outputs:
chart_version: ${{ steps.get_context.outputs.chart_version }}
original_registry: ${{ steps.get_context.outputs.original_registry }}
Expand All @@ -77,8 +77,8 @@ jobs:
inputs.skip != 'non-required' &&
inputs.skip != 'all'
needs: [context]
# permissions: #TODO: reactivate for non-private
# packages: write
permissions:
packages: write
outputs:
cosign_public_key: ${{ steps.build.outputs.cosign_public_key }}
steps:
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/.reusable-compliance.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
type: string
default: "none"

#permissions: read-all
permissions: read-all

jobs:
ossf-scorecard:
Expand All @@ -17,9 +17,9 @@ jobs:
(github.ref_name == 'master' || github.event_name == 'pull_request') &&
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# security-events: write
# id-token: write
permissions:
security-events: write
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand All @@ -44,8 +44,8 @@ jobs:
github.event_name == 'pull_request' &&
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# contents: write
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand All @@ -57,7 +57,7 @@ jobs:
if: |
github.event_name == 'pull_request' &&
inputs.skip != 'all'
# permissions: {} #TODO: reactivate for non-private
permissions: {}
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/.reusable-docs.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: docs

#permissions: {} #TODO: reactivate for non-private
permissions: {}

on:
workflow_call:
Expand Down
18 changes: 9 additions & 9 deletions .github/workflows/.reusable-integration-test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: integration-test

#permissions: {} #TODO: reactivate for non-private
permissions: {}

on:
workflow_call:
Expand Down Expand Up @@ -33,8 +33,8 @@ jobs:
name: functional
runs-on: ubuntu-latest
if: inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# packages: read
permissions:
packages: read
env:
IMAGE: ${{ inputs.build_image_repository }}
TAG: ${{ inputs.build_tag }}
Expand Down Expand Up @@ -105,8 +105,8 @@ jobs:
if: |
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# packages: read
permissions:
packages: read
env:
IMAGE: ${{ inputs.build_image_repository }}
TAG: ${{ inputs.build_tag }}
Expand Down Expand Up @@ -169,8 +169,8 @@ jobs:
name: k8s versions
runs-on: ubuntu-latest
if: inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# packages: read
permissions:
packages: read
env:
IMAGE: ${{ inputs.build_image_repository }}
TAG: ${{ inputs.build_tag }}
Expand Down Expand Up @@ -222,8 +222,8 @@ jobs:
if: |
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# packages: read
permissions:
packages: read
env:
IMAGE: ${{ inputs.build_image_repository }}
TAG: ${{ inputs.build_tag }}
Expand Down
36 changes: 18 additions & 18 deletions .github/workflows/.reusable-sast.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ on:
required: false
default: 'sarif'

#permissions: {} #TODO: reactivate for non-private
permissions: {}

jobs:
checkov:
Expand All @@ -22,8 +22,8 @@ jobs:
(github.actor != 'dependabot[bot]') &&
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# security-events: write
permissions:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand Down Expand Up @@ -60,9 +60,9 @@ jobs:
inputs.skip != 'non-required' &&
inputs.skip != 'all' &&
inputs.output == 'sarif'
# permissions: #TODO: reactivate for non-private
# pull-requests: read
# security-events: write
permissions:
pull-requests: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand All @@ -78,8 +78,8 @@ jobs:
if: |
(github.actor != 'dependabot[bot]') &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# security-events: write
permissions:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand All @@ -98,8 +98,8 @@ jobs:
if: |
(github.actor != 'dependabot[bot]') &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# security-events: write
permissions:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand All @@ -125,8 +125,8 @@ jobs:
(github.actor != 'dependabot[bot]') &&
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# security-events: write
permissions:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand Down Expand Up @@ -157,8 +157,8 @@ jobs:
(github.actor != 'dependabot[bot]') &&
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# security-events: write
permissions:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand Down Expand Up @@ -189,8 +189,8 @@ jobs:
(github.actor != 'dependabot[bot]') &&
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# security-events: write
permissions:
security-events: write
container:
image: returntocorp/semgrep
steps:
Expand All @@ -215,8 +215,8 @@ jobs:
(github.actor != 'dependabot[bot]') &&
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# security-events: write
permissions:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/.reusable-sca.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: sca

#permissions: {} #TODO: reactivate for non-private
permissions: {}

on:
workflow_call:
Expand Down Expand Up @@ -34,9 +34,9 @@ jobs:
name: trivy image
runs-on: ubuntu-latest
if: inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# packages: read
# security-events: write
permissions:
packages: read
security-events: write
container:
image: docker:stable
steps:
Expand All @@ -57,9 +57,9 @@ jobs:
if: |
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# packages: read
# security-events: write
permissions:
packages: read
security-events: write
container:
image: docker:stable
steps:
Expand All @@ -81,9 +81,9 @@ jobs:
if: |
inputs.skip != 'non-required' &&
inputs.skip != 'all'
# permissions: #TODO: reactivate for non-private
# packages: read
# contents: write
permissions:
packages: read
contents: write
steps:
- name: Login with registry
if: inputs.registry != ''
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/.reusable-unit-test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: unit-test

#permissions: {} #TODO: reactivate for non-private
permissions: {}

on:
workflow_call:
Expand Down

0 comments on commit 73cdf48

Please sign in to comment.