chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.17 to 3.0.18 #9661
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- develop | |
pull_request: | |
branches: | |
- develop | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- labeled | |
env: | |
CHART_DIR: "helm/alfresco-process-infrastructure" | |
HELM_REPO_BASE_URL: https://kubernetes-charts.alfresco.com | |
HELM_REPO: Alfresco/charts | |
HELM_REPO_BRANCH: master | |
HELM_REPO_SUBFOLDER: incubator | |
jobs: | |
pre-checks: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Check dependabot build | |
uses: Activiti/Activiti/.github/actions/check-ext-build@7700f0283a9ff5181581a350d2520e55c61c1c60 # 8.6.0 | |
- name: Setup Helm Docs | |
uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
with: | |
version: 1.13.1 | |
- name: pre-commit | |
uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
with: | |
skip_checkout: true | |
- name: Run Checkov | |
uses: bridgecrewio/checkov-action@e1bb78184f5dd3690fb1089d6c4f51295f9dff48 # v12.1839.0 | |
with: | |
framework: kubernetes | |
- name: Ensure SHA pinned actions | |
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@64418826697dcd77c93a8e4a1f7601a1942e57b5 # v3.0.18 | |
validate: | |
needs: pre-checks | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-validate-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven-validate- | |
- uses: Alfresco/alfresco-build-tools/.github/actions/validate-maven-versions@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
with: | |
maven-username: ${{ secrets.NEXUS_USERNAME }} | |
maven-password: ${{ secrets.NEXUS_PASSWORD }} | |
- name: Save maven cache | |
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
if: github.event_name == 'push' | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-validate-${{ hashFiles('**/pom.xml') }} | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- pre-checks | |
- validate | |
env: | |
TARGET_CHARTS_PATH: charts | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Build | |
uses: Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
with: | |
chart-dir: ${{ env.CHART_DIR }} | |
- name: Setup Cluster | |
uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
- name: Compute Keycloak Client Secret | |
id: compute-keycloak-secret | |
run: echo "result=$(uuidgen)" >> $GITHUB_OUTPUT | |
- name: Execute helm upgrade dry-run | |
env: | |
CHART_DIR: ${{ env.CHART_DIR }} | |
NAMESPACE: "test" | |
DOMAIN: "example" | |
KEYCLOAK_SECRET: ${{ steps.compute-keycloak-secret.outputs.result }} | |
shell: bash | |
run: | | |
NAMESPACE_LOWERCASE=$(echo ${NAMESPACE} | tr "[:upper:]" "[:lower:]") | |
helm upgrade $NAMESPACE_LOWERCASE $CHART_DIR \ | |
--install \ | |
--set global.gateway.domain=$DOMAIN \ | |
--set global.keycloak.clientSecret=$KEYCLOAK_SECRET \ | |
--namespace $NAMESPACE_LOWERCASE \ | |
--wait \ | |
--dry-run | |
- name: Package Helm Chart | |
id: package-helm-chart | |
uses: Alfresco/alfresco-build-tools/.github/actions/helm-package-chart@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
with: | |
chart-dir: ${{ env.CHART_DIR }} | |
release: | |
runs-on: ubuntu-latest | |
needs: build | |
outputs: | |
version: ${{ steps.calculate-next-internal-version.outputs.next-prerelease }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Parse next release | |
id: helm-parse-next-release | |
uses: Alfresco/alfresco-build-tools/.github/actions/helm-parse-next-release@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
with: | |
chart-dir: ${{ env.CHART_DIR }} | |
- id: calculate-next-internal-version | |
name: Calculate next internal release | |
uses: Alfresco/alfresco-build-tools/.github/actions/calculate-next-internal-version@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
with: | |
next-version: ${{ steps.helm-parse-next-release.outputs.next-release }} | |
- id: helm-release-and-publish | |
name: Release and publish helm chart | |
uses: Alfresco/alfresco-build-tools/.github/actions/helm-release-and-publish@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
with: | |
version: ${{ steps.calculate-next-internal-version.outputs.next-prerelease }} | |
chart-dir: ${{ env.CHART_DIR }} | |
helm-repository: ${{ env.HELM_REPO }} | |
helm-repository-branch: ${{ env.HELM_REPO_BRANCH }} | |
helm-repository-subfolder: ${{ env.HELM_REPO_SUBFOLDER }} | |
helm-repository-base-url: ${{ env.HELM_REPO_BASE_URL }} | |
helm-repository-token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
git-username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
do-push: ${{ github.event_name == 'push' }} | |
promote: | |
runs-on: ubuntu-latest | |
needs: release | |
if: github.event_name == 'push' | |
env: | |
VERSION: ${{ needs.release.outputs.version }} | |
DEVELOPMENT_BRANCH: ${{ github.ref_name }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- id: get-versions | |
working-directory: helm/alfresco-process-infrastructure | |
run: | | |
CHART_VERSION=`yq '.dependencies | map(select(.name == "common")) | .[0].version' Chart.yaml` | |
echo ${CHART_VERSION} | |
echo "chart=${CHART_VERSION}" >> $GITHUB_OUTPUT | |
DEPLOYMENT_VERSION=`yq '.alfresco-deployment-service.image.tag' values.yaml` | |
echo ${DEPLOYMENT_VERSION} | |
echo "deployment=${DEPLOYMENT_VERSION}" >> $GITHUB_OUTPUT | |
MODELING_VERSION=`yq '.alfresco-modeling-service.image.tag' values.yaml` | |
echo ${MODELING_VERSION} | |
echo "modeling=${MODELING_VERSION}" >> $GITHUB_OUTPUT | |
- uses: Alfresco/alfresco-build-tools/.github/actions/jx-updatebot-pr@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
env: | |
ACTIVITI_CLOUD_COMMON_CHART_VERSION: ${{ steps.get-versions.outputs.chart }} | |
ALFRESCO_DEPLOYMENT_SERVICE_VERSION: ${{ steps.get-versions.outputs.deployment }} | |
ALFRESCO_MODELING_SERVICE_VERSION: ${{ steps.get-versions.outputs.modeling }} | |
with: | |
version: ${{ env.VERSION }} | |
auto-merge: 'true' | |
labels: 'be-propagation,${{ env.DEVELOPMENT_BRANCH }}' | |
base-branch-name: ${{ env.DEVELOPMENT_BRANCH }} | |
git-username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
git-token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
git-author-name: ${{ secrets.BOT_GITHUB_USERNAME }} | |
notify: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- release | |
- promote | |
if: always() && failure() && github.event_name == 'push' | |
steps: | |
- name: Teams Notification | |
uses: Alfresco/alfresco-build-tools/.github/actions/send-teams-notification@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 | |
with: | |
webhook-url: ${{ secrets.TEAMS_NOTIFICATION_AUTOMATE_BACKEND_WEBHOOK }} |