Skip to content

Commit

Permalink
Bump github actions
Browse files Browse the repository at this point in the history
Issue: OSIS-146
(cherry picked from commit bc899b2)
  • Loading branch information
francoisferrand authored and anurag4DSB committed May 22, 2024
1 parent 4df53e8 commit 739cc81
Show file tree
Hide file tree
Showing 7 changed files with 73 additions and 14 deletions.
46 changes: 46 additions & 0 deletions .github/workflows/codeql.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
name: codeQL

on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:

jobs:
analyze:
name: Static analysis with CodeQL
permissions:
actions: read
contents: read
security-events: write
runs-on: ubuntu-latest
env:
NEXUS_UNAME: ${{ secrets.NEXUS_USERNAME }}
NEXUS_PWD: ${{ secrets.NEXUS_PASSWORD }}
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: java

- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: "corretto"
java-version: "17"

- name: Setup Gradle
uses: gradle/gradle-build-action@v3
with:
gradle-version: 7.3

- name: Execute build with Gradle wrapper
run: ./gradlew build -PsonatypeUsername=$NEXUS_UNAME -PsonatypePassword=$NEXUS_PWD

- name: Build and analyze
uses: github/codeql-action/analyze@v3
16 changes: 16 additions & 0 deletions .github/workflows/dependency-review.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
name: dependency review

on:
pull_request:
branches: [main]

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4

- name: 'Dependency Review'
uses: actions/dependency-review-action@v4
10 changes: 4 additions & 6 deletions .github/workflows/docker-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,25 +19,23 @@ jobs:
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3

- name: Login to Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ github.token }}

- name: Build and push development docker image
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ghcr.io/${{ github.repository }}:${{ env.TAG }}
cache-from: type=gha,scope=osis
cache-to: type=gha,mode=max,scope=osis
build-args: |
NODE_ENV=${{ matrix.build.env }}
6 changes: 3 additions & 3 deletions .github/workflows/gradle-build-and-upload.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@ jobs:
SIGNING_PWD: ${{ secrets.SIGNING_PASSWORD }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Setup Java
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
distribution: "corretto"
java-version: "17"

- name: Setup Gradle
uses: gradle/gradle-build-action@v2
uses: gradle/gradle-build-action@v3
with:
gradle-version: 7.3

Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@ jobs:
name: Docker image
uses: ./.github/workflows/docker-build.yml
with:
namespace: osis
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
tag: ${{ github.event.inputs.tag }}

github-release:
name: Creating GitHub Release
Expand All @@ -24,7 +23,7 @@ jobs:
- docker-build
steps:
- name: Github Release
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/security.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
trivy:
needs: build
name: Trivy Vulnerability Scan for Code
uses: scality/workflows/.github/workflows/trivy.yaml@v1
uses: scality/workflows/.github/workflows/trivy.yaml@v2
with:
name: ${{ github.event.repository.name }}
namespace: ${{ github.repository_owner }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test-and-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
timeout-minutes: 10
steps:
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
name: codecov-osis

0 comments on commit 739cc81

Please sign in to comment.