BC-6589 update gh-actions

.github/workflows/clean_workflow.yml

@@ -55,7 +55,7 @@ jobs:
       - run: |
           echo "git_ref_name=${{ inputs.branch }}" >> $GITHUB_ENV
           echo git_ref_name ${{ inputs.branch }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/${{ matrix.repo }}
           token: ${{ secrets.token }}
@@ -72,7 +72,7 @@ jobs:
             echo "branch_exists=false" >> $GITHUB_ENV
           fi
       ## Write for matrix outputs workaround https://github.com/orgs/community/discussions/17245
-      - uses: cloudposse/github-action-matrix-outputs-write@0.4.2
+      - uses: cloudposse/github-action-matrix-outputs-write@0.5.0
         id: out
         with:
           matrix-step-name: ${{ github.job }}
@@ -88,7 +88,7 @@ jobs:
       are_all_branches_deleted: ${{ steps.are_all_branches_deleted.outputs.are_all_branches_deleted }}
     steps:
       ## read for matrix outputs workaround https://github.com/orgs/community/discussions/17245
-      - uses: cloudposse/[email protected].1
+      - uses: cloudposse/[email protected].2
         id: read
         with:
           matrix-step-name: gather_branch_exists

.github/workflows/deploy.yml

@@ -61,7 +61,7 @@ jobs:
       - run: |
           echo "git_ref_name=${{ inputs.branch }}" >> $GITHUB_ENV
           echo git_ref_name ${{ inputs.branch }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/${{ matrix.repos }}
           token: ${{ secrets.token }}
@@ -85,7 +85,7 @@ jobs:
           done
       - run: tar -cf ${{ matrix.repos }}.tar ansible
         working-directory: ${{github.workspace }}/${{ matrix.repos }}
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.repos }}
           path: ${{github.workspace }}/${{ matrix.repos }}/${{ matrix.repos }}.tar
@@ -107,7 +107,7 @@ jobs:
           echo "NAMESPACE: ${{ needs.create_branch_identifier.outputs.id_branch }}" > cfg_host.yml
           echo "DOMAIN: ${{ needs.create_branch_identifier.outputs.id_branch }}.${{ matrix.tenants }}.dbildungscloud.dev" >> cfg_host.yml
       - run: tar -cf ${{ matrix.tenants }}.tar ansible
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.tenants }}
           path: ${{github.workspace }}/${{ matrix.tenants }}.tar
@@ -163,7 +163,7 @@ jobs:
     uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy_dev.yml@main
     with:
       host_name: dbc_host
-      tenannt: dbc
+      tenant: dbc
     secrets:
       ONEPASSWORD_VAULT: ${{ secrets.DEV_VAULT_DBC }}
       KUBECONFIG: ${{ secrets.DEV_KUBE_CONFIG_DBC }}
@@ -175,7 +175,7 @@ jobs:
     uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy_dev.yml@main
     with:
       host_name: nbc_host
-      tenannt: nbc
+      tenant: nbc
     secrets:
       ONEPASSWORD_VAULT: ${{ secrets.DEV_VAULT_NBC }}
       KUBECONFIG: ${{ secrets.DEV_KUBE_CONFIG_NBC }}
@@ -187,7 +187,7 @@ jobs:
     uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy_dev.yml@main
     with:
       host_name: brb_host
-      tenannt: brb
+      tenant: brb
     secrets:
       ONEPASSWORD_VAULT: ${{ secrets.DEV_VAULT_BRB }}
       KUBECONFIG: ${{ secrets.DEV_KUBE_CONFIG_BRB }}
@@ -199,7 +199,7 @@ jobs:
     uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy_dev.yml@main
     with:
       host_name: thr_host
-      tenannt: thr
+      tenant: thr
     secrets:
       ONEPASSWORD_VAULT: ${{ secrets.DEV_VAULT_THR }}
       KUBECONFIG: ${{ secrets.DEV_KUBE_CONFIG_THR }}

.github/workflows/deploy_dev.yml

@@ -7,7 +7,7 @@ on:
       host_name:
          required: true
          type: string
-      tenannt:
+      tenant:
          required: true
          type: string  
     secrets:
@@ -22,16 +22,18 @@ permissions:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    name: deploy ${{ inputs.tenannt }}
+    name: deploy ${{ inputs.tenant }}
     steps:
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
+      - run: ls -R
       - run: mv */*.tar ./
       - run: find -name "*.tar" -exec tar -xf {} \;
-      - run: tar -cf ansible.tar ansible
-      - uses: actions/upload-artifact@v3
+      - run: tar -cf ${{ inputs.tenant }}-ansible.tar ansible
+      - uses: actions/upload-artifact@v4
         with:
-          name: ansible
-          path: ${{github.workspace }}/ansible.tar
+          name: debug-${{ inputs.tenant }}-ansible
+          path: ${{github.workspace }}/${{ inputs.tenant }}-ansible.tar
+          overwrite: true
       - shell: bash
         run: |
           python3 -m pip install kubernetes 'urllib3>=1.26.16'
@@ -41,7 +43,7 @@ jobs:
         run: |
           echo "VAULT: ${{ secrets.ONEPASSWORD_VAULT }}" >> develop/dof_deploy.yml
           echo "ONEPASSWORD_OPERATOR_VAULT: ${{ secrets.ONEPASSWORD_VAULT }}" >> develop/dof_deploy.yml
-          echo "TLS_ENABELD: \"true\"" >> develop/dof_deploy.yml
+          echo "TLS_ENABLED: \"true\"" >> develop/dof_deploy.yml
       - run: ansible-galaxy install -r ansible/collections/requirements.yml
       - working-directory: ${{github.workspace }}/ansible/roles/sys
         run: |

.github/workflows/host.yml

@@ -46,7 +46,7 @@ jobs:
     environment: ${{ inputs.host_name }}
     steps:
       - run: mkdir repo
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/dof_app_deploy
           path: repo/dof_app_deploy
@@ -61,55 +61,55 @@ jobs:
           sed -e "s/IMAGE_TAG: /VERSION=/g" version.yml >> $GITHUB_ENV
           sed -e "s/IMAGE_TAG: /BRANCH_NAME: /g" version.yml >> branch_name.yml
           echo "DOF_APP_DEPLOY_BRANCH_NAME: ${{ inputs.cfg_version }}" >> branch_name.yml
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/schulcloud-server
           path: repo/schulcloud-server
           token: ${{ secrets.token }}
           ref: ${{ env.SCHULCLOUD_SERVER_VERSION }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/schulcloud-client
           path: repo/schulcloud-client
           token: ${{ secrets.token }}
           ref: ${{ env.SCHULCLOUD_CLIENT_VERSION }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/nuxt-client
           path: repo/nuxt-client
           token: ${{ secrets.token }}
           ref: ${{ env.NUXT_CLIENT_VERSION }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/superhero-dashboard
           path: repo/superhero-dashboard
           token: ${{ secrets.token }}
           ref: ${{ env.SUPERHERO_DASHBOARD_VERSION }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/h5p-staticfiles-server
           path: repo/h5p-staticfiles-server
           token: ${{ secrets.token }}
           ref: ${{ env.H5P_STATICFILES_SERVER_VERSION }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/schulcloud-calendar
           path: repo/schulcloud-calendar
           token: ${{ secrets.token }}
           ref: ${{ env.SCHULCLOUD_CALENDAR_VERSION }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/antivirus_check_service
           path: repo/antivirus_check_service
           token: ${{ secrets.token }}
           ref: ${{ env.ANTIVIRUS_CHECK_SERVICE_VERSION }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/version-aggregator
           path: repo/version-aggregator
           token: ${{ secrets.token }}
           ref: ${{ env.VERSION_AGGREGATOR_VERSION }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: hpi-schul-cloud/tldraw-client
           path: repo/tldraw-client
@@ -133,7 +133,7 @@ jobs:
           cp dof_app_deploy/ansible/collections/requirements.yml ../ansible/collections/requirements.yml
           cd ..
       - run: tar -cf ${{ inputs.host_name }}.tar ansible
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: ${{ inputs.host_name }}
           path: ${{github.workspace }}/${{ inputs.host_name }}.tar

.github/workflows/test.yml

@@ -11,7 +11,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install Python 3
         uses: actions/setup-python@v4
         with:

ansible/roles/erwin-idm/templates/ingress.yml.j2

@@ -8,7 +8,7 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-body-size: "50m"
     nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
     nginx.ingress.kubernetes.io/proxy-buffer-size: "256k"
-    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}"
     nginx.ingress.kubernetes.io/configuration-snippet: |
       more_set_headers "Host $host";
       more_set_headers "X-Real-IP $remote_addr";
@@ -21,7 +21,7 @@ metadata:
 
 spec:
   ingressClassName: {{ INGRESS_CLASS }}
-{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %}
   tls:
   - hosts:
       - {{ ERWINIDM_PREFIX }}{{ DOMAIN }}

ansible/roles/hydra/templates/ingress.yml.j2

@@ -5,14 +5,14 @@ metadata:
   name: {{ NAMESPACE }}-hydra-ingress
   namespace: {{ NAMESPACE }}
   annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}"
 {% if CLUSTER_ISSUER is defined %}
     cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
 {% endif %}
 
 spec:
   ingressClassName: {{ INGRESS_CLASS }}
-{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %}
   tls:
   - hosts:
       - {{ HYDRA_DNS_PREFIX }}{{ DOMAIN }}

ansible/roles/ingress/templates/ingress.yml.j2

@@ -14,7 +14,7 @@ metadata:
   name: {{ NAMESPACE }}-ingress
   namespace: {{ NAMESPACE }}
   annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}"
     nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
     nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
     # The following properties added with BC-3606.
@@ -41,7 +41,7 @@ metadata:
 
 spec:
   ingressClassName: {{ INGRESS_CLASS }}
-{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %}
   tls:
   - hosts:
       - {{ DOMAIN }}

ansible/roles/libreoffice/templates/ingress.yml.j2

@@ -5,14 +5,14 @@ metadata:
   name: {{ NAMESPACE }}-libreoffice-ingress
   namespace: {{ NAMESPACE }}
   annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}"
 {% if CLUSTER_ISSUER is defined %}
     cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
 {% endif %}
 
 spec:
   ingressClassName: {{ INGRESS_CLASS }}
-{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %}
   tls:
   - hosts:
       - {{ LIBREOFFICE_PREFIX }}{{ DOMAIN }}

ansible/roles/oidcmock/templates/ingress.yml.j2

@@ -5,14 +5,14 @@ metadata:
   name: {{ NAMESPACE }}-oidcmock-ingress
   namespace: {{ NAMESPACE }}
   annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}"
 {% if CLUSTER_ISSUER is defined %}
     cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
 {% endif %}
 
 spec:
   ingressClassName: {{ INGRESS_CLASS }}
-{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %}
   tls:
   - hosts:
       - {{ OIDCMOCK_PREFIX }}{{ DOMAIN }}

ansible/roles/rocketchat/templates/ingress.yml.j2

@@ -5,14 +5,14 @@ metadata:
   name: rocketchat-ingress
   namespace: {{ NAMESPACE }}
   annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}"
 {% if CLUSTER_ISSUER is defined %}
     cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
 {% endif %}
 
 spec:
   ingressClassName: {{ INGRESS_CLASS }}
-{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %}
   tls:
   - hosts:
       - {{ ROCKETCHAT_DNS_PREFIX }}{{ DOMAIN }}

ansible/roles/storage/templates/ingress.yml.j2

@@ -7,14 +7,14 @@ metadata:
   annotations:
     nginx.ingress.kubernetes.io/proxy-body-size: 2560m
     nginx.ingress.kubernetes.io/client_max_body_size: 2560m
-    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
+    nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}"
 {% if CLUSTER_ISSUER is defined %}
     cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
 {% endif %}
 
 spec:
   ingressClassName: {{ INGRESS_CLASS }}
-{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
+{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %}
   tls:
   - hosts:
       - {{ STORAGE_PREFIX }}{{ DOMAIN }}