From 8362eb6864af2783fbbde9393e4eae508a87347f Mon Sep 17 00:00:00 2001
From: Phillip Wirth <phillip.wirth@dataport.de>
Date: Tue, 20 Feb 2024 19:25:49 +0100
Subject: [PATCH 1/2] BC-6589 update gh-actions

---
 .github/workflows/dependabot-to-jira.yml |  7 +++--
 .github/workflows/push.yml               | 35 ++++++++++++++++--------
 2 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/dependabot-to-jira.yml b/.github/workflows/dependabot-to-jira.yml
index 8f750cd..3e44490 100644
--- a/.github/workflows/dependabot-to-jira.yml
+++ b/.github/workflows/dependabot-to-jira.yml
@@ -15,6 +15,9 @@ jobs:
     steps:
       - name: create ticket
         id: create_ticket
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_HTML_URL: ${{ github.event.pull_request.html_url }}
         run: |
           response_code=$(curl -s \
             -o response.txt \
@@ -26,8 +29,8 @@ jobs:
                    "project": {
                      "key": "BC"
                    },
-                   "summary": "${{ github.event.pull_request.title }} in ${{ github.event.repository.name }}",
-                   "description": "h4. Task:\n${{ github.event.pull_request.title }}\n${{ github.event.pull_request.html_url }}\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment",
+                   "summary": "$PR_TITLE in ${{ github.event.repository.name }}",
+                   "description": "h4. Task:\n$PR_TITLE\n$PR_HTML_URL\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment",
                    "issuetype": {
                      "id": "10100"
                    },
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 46a5c27..f177163 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -53,23 +53,36 @@ jobs:
           tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
           labels: ${{ steps.docker_meta_img.outputs.labels }}
 
-  branch_name:
+  branch_meta:
     runs-on: ubuntu-latest
     outputs:
-      branch: ${{ steps.extract_branch.outputs.branch }}
+      branch: ${{ steps.extract_branch_meta.outputs.branch }}
+      sha: ${{ steps.extract_branch_meta.outputs.sha }}
     steps:
-      - name: Extract branch name
+      - name: Extract branch meta
         shell: bash
-        run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
-        id: extract_branch
+        id: extract_branch_meta
+        env:
+          PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
+          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          BRANCH_REF_NAME: ${{ github.ref_name}}
+          BRANCH_SHA: ${{ github.sha }}
+        run: |
+          if [ "${{ github.event_name }}" == 'pull_request' ]; then
+            echo "branch=$PR_HEAD_REF" >> $GITHUB_OUTPUT
+            echo "sha=$PR_HEAD_SHA" >> $GITHUB_OUTPUT
+          else
+            echo "branch=$BRANCH_REF_NAME" >> $GITHUB_OUTPUT
+            echo "sha=$BRANCH_SHA" >> $GITHUB_OUTPUT
+          fi
 
   deploy:
     needs:
       - build_and_push
-      - branch_name
-    uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@main
+      - branch_meta
+    uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@bc-6589
     with:
-      branch: ${{ needs.branch_name.outputs.branch }}
+      branch: ${{ needs.branch_meta.outputs.branch }}
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
       DEV_VAULT_BRB: ${{ secrets.DEV_VAULT_BRB }}
@@ -91,7 +104,7 @@ jobs:
   trivy-vulnerability-scanning:
     needs:
       - build_and_push
-      - branch_name
+      - branch_meta
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -99,7 +112,7 @@ jobs:
       security-events: write
     steps:
       - name: run trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
+        uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9
         with:
           image-ref: 'ghcr.io/${{ github.repository }}:${{ github.sha }}'
           format: 'sarif'
@@ -108,6 +121,6 @@ jobs:
           ignore-unfixed: true
       - name: upload trivy results
         if: ${{ always() }}
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'

From b385cc8732c1a3e9ee82f4f3271b744161ed0a8f Mon Sep 17 00:00:00 2001
From: Phillip Wirth <phillip.wirth@dataport.de>
Date: Wed, 21 Feb 2024 16:04:29 +0100
Subject: [PATCH 2/2] BC-6589 update gh-actions

---
 .github/workflows/push.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index f177163..d723eb2 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -80,7 +80,7 @@ jobs:
     needs:
       - build_and_push
       - branch_meta
-    uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@bc-6589
+    uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@main
     with:
       branch: ${{ needs.branch_meta.outputs.branch }}
     secrets: