Skip to content

chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.17 to 3.0.18 #9661

chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.17 to 3.0.18

chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.17 to 3.0.18 #9661

Workflow file for this run

name: Build
on:
push:
branches:
- develop
pull_request:
branches:
- develop
types:
- opened
- reopened
- synchronize
- labeled
env:
CHART_DIR: "helm/alfresco-process-infrastructure"
HELM_REPO_BASE_URL: https://kubernetes-charts.alfresco.com
HELM_REPO: Alfresco/charts
HELM_REPO_BRANCH: master
HELM_REPO_SUBFOLDER: incubator
jobs:
pre-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Check dependabot build
uses: Activiti/Activiti/.github/actions/check-ext-build@7700f0283a9ff5181581a350d2520e55c61c1c60 # 8.6.0
- name: Setup Helm Docs
uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
with:
version: 1.13.1
- name: pre-commit
uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
with:
skip_checkout: true
- name: Run Checkov
uses: bridgecrewio/checkov-action@e1bb78184f5dd3690fb1089d6c4f51295f9dff48 # v12.1839.0
with:
framework: kubernetes
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@64418826697dcd77c93a8e4a1f7601a1942e57b5 # v3.0.18
validate:
needs: pre-checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-validate-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-validate-
- uses: Alfresco/alfresco-build-tools/.github/actions/validate-maven-versions@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
with:
maven-username: ${{ secrets.NEXUS_USERNAME }}
maven-password: ${{ secrets.NEXUS_PASSWORD }}
- name: Save maven cache
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
if: github.event_name == 'push'
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-validate-${{ hashFiles('**/pom.xml') }}
build:
runs-on: ubuntu-latest
needs:
- pre-checks
- validate
env:
TARGET_CHARTS_PATH: charts
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build
uses: Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
with:
chart-dir: ${{ env.CHART_DIR }}
- name: Setup Cluster
uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
- name: Compute Keycloak Client Secret
id: compute-keycloak-secret
run: echo "result=$(uuidgen)" >> $GITHUB_OUTPUT
- name: Execute helm upgrade dry-run
env:
CHART_DIR: ${{ env.CHART_DIR }}
NAMESPACE: "test"
DOMAIN: "example"
KEYCLOAK_SECRET: ${{ steps.compute-keycloak-secret.outputs.result }}
shell: bash
run: |
NAMESPACE_LOWERCASE=$(echo ${NAMESPACE} | tr "[:upper:]" "[:lower:]")
helm upgrade $NAMESPACE_LOWERCASE $CHART_DIR \
--install \
--set global.gateway.domain=$DOMAIN \
--set global.keycloak.clientSecret=$KEYCLOAK_SECRET \
--namespace $NAMESPACE_LOWERCASE \
--wait \
--dry-run
- name: Package Helm Chart
id: package-helm-chart
uses: Alfresco/alfresco-build-tools/.github/actions/helm-package-chart@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
with:
chart-dir: ${{ env.CHART_DIR }}
release:
runs-on: ubuntu-latest
needs: build
outputs:
version: ${{ steps.calculate-next-internal-version.outputs.next-prerelease }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Parse next release
id: helm-parse-next-release
uses: Alfresco/alfresco-build-tools/.github/actions/helm-parse-next-release@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
with:
chart-dir: ${{ env.CHART_DIR }}
- id: calculate-next-internal-version
name: Calculate next internal release
uses: Alfresco/alfresco-build-tools/.github/actions/calculate-next-internal-version@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
with:
next-version: ${{ steps.helm-parse-next-release.outputs.next-release }}
- id: helm-release-and-publish
name: Release and publish helm chart
uses: Alfresco/alfresco-build-tools/.github/actions/helm-release-and-publish@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
with:
version: ${{ steps.calculate-next-internal-version.outputs.next-prerelease }}
chart-dir: ${{ env.CHART_DIR }}
helm-repository: ${{ env.HELM_REPO }}
helm-repository-branch: ${{ env.HELM_REPO_BRANCH }}
helm-repository-subfolder: ${{ env.HELM_REPO_SUBFOLDER }}
helm-repository-base-url: ${{ env.HELM_REPO_BASE_URL }}
helm-repository-token: ${{ secrets.BOT_GITHUB_TOKEN }}
git-username: ${{ secrets.BOT_GITHUB_USERNAME }}
do-push: ${{ github.event_name == 'push' }}
promote:
runs-on: ubuntu-latest
needs: release
if: github.event_name == 'push'
env:
VERSION: ${{ needs.release.outputs.version }}
DEVELOPMENT_BRANCH: ${{ github.ref_name }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: get-versions
working-directory: helm/alfresco-process-infrastructure
run: |
CHART_VERSION=`yq '.dependencies | map(select(.name == "common")) | .[0].version' Chart.yaml`
echo ${CHART_VERSION}
echo "chart=${CHART_VERSION}" >> $GITHUB_OUTPUT
DEPLOYMENT_VERSION=`yq '.alfresco-deployment-service.image.tag' values.yaml`
echo ${DEPLOYMENT_VERSION}
echo "deployment=${DEPLOYMENT_VERSION}" >> $GITHUB_OUTPUT
MODELING_VERSION=`yq '.alfresco-modeling-service.image.tag' values.yaml`
echo ${MODELING_VERSION}
echo "modeling=${MODELING_VERSION}" >> $GITHUB_OUTPUT
- uses: Alfresco/alfresco-build-tools/.github/actions/jx-updatebot-pr@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
env:
ACTIVITI_CLOUD_COMMON_CHART_VERSION: ${{ steps.get-versions.outputs.chart }}
ALFRESCO_DEPLOYMENT_SERVICE_VERSION: ${{ steps.get-versions.outputs.deployment }}
ALFRESCO_MODELING_SERVICE_VERSION: ${{ steps.get-versions.outputs.modeling }}
with:
version: ${{ env.VERSION }}
auto-merge: 'true'
labels: 'be-propagation,${{ env.DEVELOPMENT_BRANCH }}'
base-branch-name: ${{ env.DEVELOPMENT_BRANCH }}
git-username: ${{ secrets.BOT_GITHUB_USERNAME }}
git-token: ${{ secrets.BOT_GITHUB_TOKEN }}
git-author-name: ${{ secrets.BOT_GITHUB_USERNAME }}
notify:
runs-on: ubuntu-latest
needs:
- build
- release
- promote
if: always() && failure() && github.event_name == 'push'
steps:
- name: Teams Notification
uses: Alfresco/alfresco-build-tools/.github/actions/send-teams-notification@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1
with:
webhook-url: ${{ secrets.TEAMS_NOTIFICATION_AUTOMATE_BACKEND_WEBHOOK }}