5d9fa8f64103beb6bf03a23bffdc9fab9fb5c1a7
11 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| 5d9fa8f641 |
chore(deps): update actions/checkout action to v4.3.0 (#16)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://github.com/actions/checkout) | action | minor | `v4.2.2` -> `v4.3.0` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.3.0`](https://github.com/actions/checkout/releases/tag/v4.3.0) [Compare Source](https://github.com/actions/checkout/compare/v4.2.2...v4.3.0) #### What's Changed - docs: update README.md by [@​motss](https://github.com/motss) in https://github.com/actions/checkout/pull/1971 - Add internal repos for checking out multiple repositories by [@​mouismail](https://github.com/mouismail) in https://github.com/actions/checkout/pull/1977 - Documentation update - add recommended permissions to Readme by [@​benwells](https://github.com/benwells) in https://github.com/actions/checkout/pull/2043 - Adjust positioning of user email note and permissions heading by [@​joshmgross](https://github.com/joshmgross) in https://github.com/actions/checkout/pull/2044 - Update README.md by [@​nebuk89](https://github.com/nebuk89) in https://github.com/actions/checkout/pull/2194 - Update CODEOWNERS for actions by [@​TingluoHuang](https://github.com/TingluoHuang) in https://github.com/actions/checkout/pull/2224 - Update package dependencies by [@​salmanmkc](https://github.com/salmanmkc) in https://github.com/actions/checkout/pull/2236 - Prepare release v4.3.0 by [@​salmanmkc](https://github.com/salmanmkc) in https://github.com/actions/checkout/pull/2237 #### New Contributors - [@​motss](https://github.com/motss) made their first contribution in https://github.com/actions/checkout/pull/1971 - [@​mouismail](https://github.com/mouismail) made their first contribution in https://github.com/actions/checkout/pull/1977 - [@​benwells](https://github.com/benwells) made their first contribution in https://github.com/actions/checkout/pull/2043 - [@​nebuk89](https://github.com/nebuk89) made their first contribution in https://github.com/actions/checkout/pull/2194 - [@​salmanmkc](https://github.com/salmanmkc) made their first contribution in https://github.com/actions/checkout/pull/2236 **Full Changelog**: https://github.com/actions/checkout/compare/v4...v4.3.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS42MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuNjEuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidHlwZS9kZXBlbmRlbmNpZXMiXX0=--> Reviewed-on: #16 Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk> Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk> |
|||
| 83fe18553d |
feat(ci): Update .gitea/workflows/ci.yml (#15)
Okay, I will review the provided Git diff and explain the proposed changes. Here's a breakdown:
**File:** `.gitea/workflows/ci.yml`
This file defines the CI (Continuous Integration) workflow for the Gitea repository. The workflow is triggered on certain events (likely pushes and pull requests).
**Changes:**
1. **Hadolint Action:**
* The change introduces a `name` field to the `hadolint-action` step, renaming it to "Run Hadolint". This improves the readability of the workflow execution logs.
2. **SonarQube Scan (Commented Out):**
* The SonarQube Scan action is commented out. This means that the SonarQube static analysis will no longer be performed as part of the CI workflow *for now*. The environment variables `SONAR_HOST_URL` and `SONAR_TOKEN` were used to authenticate with SonarQube and are now also commented out.
3. **Snyk SAST Scan:**
* A new step called "Snyk SAST Scan" is added. This step uses the `snyk/actions/python@master` action to perform static application security testing (SAST) using Snyk.
* It uses the `SNYK_TOKEN` secret to authenticate with Snyk.
* The `args` parameter is set to `snyk code test --all-projects --exclude=.archive`. This tells Snyk to scan all projects in the repository for security vulnerabilities and to exclude the `.archive` directory from the scan.
**Summary:**
The primary changes are the addition of a Snyk SAST scan and the temporary removal of the SonarQube scan from the CI workflow. Hadolint was updated with a name to provide clarity. The Snyk scan performs static analysis to identify potential security vulnerabilities directly in the codebase. The SonarQube scan is commented out, possibly for temporary reasons such as configuration issues, cost optimization, or replacement by the Snyk SAST scan.
Reviewed-on: #15
|
|||
| 622eedb7c0 |
fix(ci): fix release workflow (#13)
Okay, here's a breakdown of the changes introduced by the provided Git diff:
**Overall Goal:**
The primary goal of this change is to automate the release process using a scheduled trigger (cron) and pre-existing tags, decoupling it from direct `push` events and leveraging a separate job to generate the release tag. This makes the release process more controlled and predictable.
**Key Changes:**
1. **Trigger Mechanism Changed:**
* The trigger for the workflow has been altered from `push` events on `master` or `main` branches to a scheduled `cron` job.
* `on:` section now contains only `workflow_dispatch` and `schedule`:
```yaml
on:
workflow_dispatch:
schedule:
- cron: '0 9 * * 0'
```
* The `cron` expression `'0 9 * * 0'` means the workflow will run every Sunday at 9:00 AM UTC.
2. **Tag Creation Job Introduced:**
* A new job named `tag` has been added. This job is responsible for creating the release tag.
* It reuses a workflow from `https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/release-with-tag.yaml@main`. This implies that workflow handles the logic for determining the tag name and creating the tag in the repository.
```yaml
tag:
name: Tag release
uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/release-with-tag.yaml@main
```
3. **`create_release` Job Modified:**
* The `create_release` job now depends on the `tag` job (`needs: tag`).
* It now uses a different reusable workflow: `https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release-preexisting-tag.yaml@main`. This new workflow is designed to create a release based on a pre-existing tag.
* It receives the tag name and changelog from the `tag` job outputs:
```yaml
create_release:
name: Create Release
needs: tag
uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release-preexisting-tag.yaml@main
with:
tag: ${{ needs.tag.outputs.tag_name }}
body: ${{ needs.tag.outputs.changelog }}
secrets:
ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
```
4. **`print_release` Job Removed:**
* The `print_release` job has been removed. This job simply echoed the release name and was likely used for debugging or informational purposes. It's not essential to the release process itself.
5. **`create_docker` Job Updated:**
* The `create_docker` job now depends on both `tag` and `create_release` jobs.
* The `ref` in the `actions/checkout` step is updated to use `needs.tag.outputs.tag_name` to checkout the tag created in the `tag` job.
* The `tags` value in the `docker/metadata-action` step is also updated to use `needs.tag.outputs.tag_name`.
```yaml
create_docker:
name: Publish Docker Images
runs-on: ubuntu-latest
needs: [tag, create_release]
steps:
# ... other steps ...
- name: Checkout code
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
ref: ${{ needs.tag.outputs.tag_name }}
# ... other steps ...
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
tags: type=semver,pattern=v{{version}},value=${{ needs.tag.outputs.tag_name }}
images: |
ghcr.io/${{ vars.GHCR_USERNAME }}/${{ steps.split.outputs.repo }}
${{ vars.PACKAGES_REGISTRY_URL }}/${{ gitea.repository }}
```
**Impact and Reasoning:**
* **Scheduled Releases:** The shift to a cron schedule ensures releases happen regularly and predictably, rather than being tied directly to code commits.
* **Decoupled Tag Creation:** The `tag` job isolates the tag creation logic. This could involve automated version bumping based on commit messages or other criteria (details are in the reusable workflow it uses). This separation of concerns makes the overall workflow more maintainable.
* **Using Pre-existing Tags for Release:** The `create_release-preexisting-tag.yaml` workflow suggests that the release creation is now based on the tag created by the `tag` job. This is useful because the tag might contain metadata like the version number, which is then used to create the release.
* **Docker Image Publishing Based on Tag:** The `create_docker` job ensures that Docker images are built and published based on the release tag, maintaining consistency between the release and the published artifacts.
In summary, the changes represent a move towards a more automated and structured release process driven by a schedule and a separate tag creation step.
Reviewed-on: #13
|
|||
| 7981877152 |
chore(deps): update sonarsource/sonarqube-scan-action action to v5.2.0 (#11)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v5.1.0` -> `v5.2.0` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v5.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.2.0) [Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.1.0...v5.2.0) #### What's Changed - SQSCANGHA-90 remove mend dead conf by [@​pierre-guillot-gh](https://github.com/pierre-guillot-gh) in https://github.com/SonarSource/sonarqube-scan-action/pull/184 - SQSCANGHA-89 Attempt to fix command injection by [@​henryju](https://github.com/henryju) in https://github.com/SonarSource/sonarqube-scan-action/pull/186 - SQSCANGHA-93 Fix madhead/semver-utils' version by [@​csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/187 - SQSCANGHA-94 Update version update logic by [@​csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/188 - SQSCANGHA-92 Validate scanner version by [@​csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/189 **Full Changelog**: https://github.com/SonarSource/sonarqube-scan-action/compare/v5...v5.2.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4wLjkiLCJ1cGRhdGVkSW5WZXIiOiI0MC4wLjkiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInR5cGUvZGVwZW5kZW5jaWVzIl19--> Reviewed-on: #11 Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk> Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk> |
|||
| 0121c607be |
chore(deps): update sonarsource/sonarqube-scan-action action to v5.1.0 (#10)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v5.0.0` -> `v5.1.0` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v5.1.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.1.0) [Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.0.0...v5.1.0) #### What's Changed - Update SonarScanner CLI to 7.1.0.4889 to support sonar.region=us by [@​github-actions](https://github.com/github-actions) in https://github.com/SonarSource/sonarqube-scan-action/pull/183 **Full Changelog**: https://github.com/SonarSource/sonarqube-scan-action/compare/v5.0.0...v5.1.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMTEuNCIsInVwZGF0ZWRJblZlciI6IjM5LjIxMS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: #10 Reviewed-by: Luke Tainton <luke@tainton.uk> Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk> Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk> |
|||
| 34853ccd5d |
chore(deps): update sonarsource/sonarqube-scan-action action to v5 (#7)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | major | `v4.2.1` -> `v5.0.0` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v5.0.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.0.0) [Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v4.2.1...v5.0.0) #### What's Changed - SQSCANGHA-81 Update SonarScanner CLI to 7.0.2.4839 by [@​github-actions](https://github.com/github-actions) in https://github.com/SonarSource/sonarqube-scan-action/pull/175 **Full Changelog**: https://github.com/SonarSource/sonarqube-scan-action/compare/v4...v5.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNzEuMyIsInVwZGF0ZWRJblZlciI6IjM5LjE3MS4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: #7 Reviewed-by: Luke Tainton <luke@tainton.uk> Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk> Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk> |
|||
| 7bb6af0145 |
Update .gitea/workflows/release.yml
All checks were successful
Validate PR Title / validate (pull_request) Successful in 1m55s
CI / ci (pull_request) Successful in 4m18s
Release / Create Release (push) Successful in 12s
Release / Print Release (push) Successful in 3s
Release / Publish Docker Images (push) Successful in 51s
|
|||
| c69ca9762e |
Update .gitea/workflows/release.yml
Some checks failed
Validate PR Title / validate (pull_request) Successful in 32s
CI / ci (pull_request) Successful in 1m18s
Release / Test (push) Failing after 31m59s
Release / Create Release (push) Has been cancelled
Release / Print Release (push) Has been cancelled
Release / Publish Docker Images (push) Has been cancelled
|
|||
7c0587314e
|
feat(ci): switch to self-hosted SonarQube
Some checks failed
Validate PR Title / validate (pull_request) Successful in 37s
CI / ci (pull_request) Successful in 1m35s
Release / Test (push) Failing after 1s
Release / Create Release (push) Has been skipped
Release / Print Release (push) Has been skipped
Release / Publish Docker Images (push) Has been skipped
|
|||
|
5a17bbdb7b
|
fix(release): add docker build directly to workflow
Some checks failed
CI / validate_pr_title (pull_request) Failing after 1s
CI / ci (pull_request) Failing after 33s
Release / Test (push) Successful in 46s
Release / Create Release (push) Successful in 11s
Release / Print Release (push) Successful in 3s
Release / Publish Docker Images (push) Successful in 58s
|
|||
| dcb11b3faf |
feat(ci): add SonarQube Cloud (#1)
Reviewed-on: public/docker-dnsmasq#1 |
