diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c92213ec..6107f3a1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,3 +1,7 @@ +# ============= +# This file is automatically generated from the templates in stackabletech/operator-templating +# DON'T MANUALLY EDIT THIS FILE +# ============= --- name: Stackable Build Pipeline @@ -36,11 +40,11 @@ jobs: run: | sudo apt-get update sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: recursive - uses: dtolnay/rust-toolchain@1.71.0 - - uses: Swatinem/rust-cache@dd05243424bd5c0e585e4b55eb2d7615cdd32f1f # v2 + - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0 with: key: udeps cache-all-crates: "true" @@ -103,10 +107,10 @@ jobs: continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: recursive - - uses: EmbarkStudios/cargo-deny-action@a50c7d5f86370e02fae8472c398f15a36e517bb8 # v1 + - uses: EmbarkStudios/cargo-deny-action@a50c7d5f86370e02fae8472c398f15a36e517bb8 # v1.5.4 with: command: check ${{ matrix.checks }} @@ -114,7 +118,7 @@ jobs: name: Run Rustfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: recursive - uses: dtolnay/rust-toolchain@1.71.0 @@ -130,13 +134,13 @@ jobs: run: | sudo apt-get update sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: recursive - uses: dtolnay/rust-toolchain@1.71.0 with: components: clippy - - uses: Swatinem/rust-cache@dd05243424bd5c0e585e4b55eb2d7615cdd32f1f # v2 + - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0 with: key: clippy cache-all-crates: "true" @@ -163,13 +167,13 @@ jobs: run: | sudo apt-get update sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: recursive - uses: dtolnay/rust-toolchain@1.71.0 with: components: rustfmt - - uses: Swatinem/rust-cache@dd05243424bd5c0e585e4b55eb2d7615cdd32f1f # v2 + - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0 with: key: doc cache-all-crates: "true" @@ -183,11 +187,11 @@ jobs: run: | sudo apt-get update sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: recursive - uses: dtolnay/rust-toolchain@1.71.0 - - uses: Swatinem/rust-cache@dd05243424bd5c0e585e4b55eb2d7615cdd32f1f # v2 + - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0 with: key: test cache-all-crates: "true" @@ -202,7 +206,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: recursive - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4 @@ -240,7 +244,7 @@ jobs: sudo apt-get update sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: recursive - name: Set up Helm @@ -250,7 +254,7 @@ jobs: - name: Set up cargo uses: dtolnay/rust-toolchain@1.71.0 - name: Set up rust-cache - uses: Swatinem/rust-cache@dd05243424bd5c0e585e4b55eb2d7615cdd32f1f # v2 + uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0 with: key: charts cache-all-crates: "true" @@ -303,7 +307,7 @@ jobs: sudo apt-get update sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: submodules: recursive - uses: dtolnay/rust-toolchain@1.71.0 diff --git a/.github/workflows/general_daily_security.yml b/.github/workflows/general_daily_security.yml new file mode 100644 index 00000000..066c7502 --- /dev/null +++ b/.github/workflows/general_daily_security.yml @@ -0,0 +1,20 @@ +# ============= +# This file is automatically generated from the templates in stackabletech/operator-templating +# DON'T MANUALLY EDIT THIS FILE +# ============= +--- +name: Daily Security Audit + +on: + schedule: + - cron: '15 4 * * *' + workflow_dispatch: + +jobs: + audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: rustsec/audit-check@dd51754d4e59da7395a4cd9b593f0ff2d61a9b95 # v1.4.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr_reviewdog.yaml b/.github/workflows/pr_reviewdog.yaml new file mode 100644 index 00000000..fd48c546 --- /dev/null +++ b/.github/workflows/pr_reviewdog.yaml @@ -0,0 +1,87 @@ +# ============= +# This file is automatically generated from the templates in stackabletech/operator-templating +# DON'T MANUALLY EDIT THIS FILE +# ============= +--- +name: Pull Request Reviewdog + +on: + pull_request + +permissions: + contents: read + checks: write + pull-requests: write + issues: write + +jobs: + actionlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: reviewdog/action-actionlint@82693e9e3b239f213108d6e412506f8b54003586 # v1.39.1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + flake8: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.6.1 + with: + python-version: "3.11" + - uses: reviewdog/action-flake8@51c2708ac3e9463b4d27d0ba7d9e3ded608a6ad3 # v3.8.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + hadolint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: reviewdog/action-hadolint@f7d29ec6dd89022747bd18b5a151b62ac2f1555e # v1.36.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + markdownlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: reviewdog/action-markdownlint@6e02140816b5fcc7295ea7ae2a664af18190ff29 # v0.14.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + markdownlint_flags: '**/*(*.md|*.md.j2)' + + shellcheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: reviewdog/action-shellcheck@96fa305c16b0f9cc9b093af22dcd09de1c8f1c2d # v1.19.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + yamllint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: reviewdog/action-yamllint@722e651555c5ca6db0edaada08e049825f74e431 # v1.8.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + misspell: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: reviewdog/action-misspell@cc799b020b057600b66eedf2b6e97ca26137de21 # v1.14.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + locale: "US" + + languagetool: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: reviewdog/action-languagetool@445dede243efc5b874724a31f5c4f486efddbc35 # v1.12.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + level: info + patterns: "**/*.md **/*.txt **/*.adoc" diff --git a/renovate.json b/renovate.json index df34602d..d8e60f1a 100644 --- a/renovate.json +++ b/renovate.json @@ -28,5 +28,5 @@ "after 5:00 and before 6:00 every weekday" ] }, - "ignorePaths": [".github/workflows/build.yml", ".github/workflows/daily_security.yml", ".github/workflows/reviewdog.yaml"] + "ignorePaths": [".github/workflows/build.yml", ".github/workflows/general_daily_security.yml", ".github/workflows/pr_reviewdog.yaml"] }