Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump docker/login-action from 2.1.0 to 3.0.0 #3

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
.git/
node_modules/

27 changes: 27 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
| Q | A
| --------------- | ---
| Bug fix? | no|yes
| New feature? | no|yes
| API breaks? | no|yes
| Deprecations? | no|yes
| Related tickets | fixes #X, partially #Y, mentioned in #Z
| License | MIT


### What's in this PR?
<!-- Explain the contents of the PR. Give an overview about the implementation, which decisions were made and why. -->


### Why?
<!-- Which problem does the PR fix? (Please remove this section if you linked an issue above) -->


### Additional context
<!-- Additional information we should know about (eg. edge cases, steps you followed to test the implementation) (Please remove this section if you don't need it) -->


### Checklist
<!-- Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields. -->

- [ ] User guide and development docs updated (if needed)
- [ ] Tests implemented (if needed)
17 changes: 17 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
# Maintain dependencies for npm
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
# Maintain dependencies for docker
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "daily"
61 changes: 61 additions & 0 deletions .github/workflows/docker-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: docker-image

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

on:
push:
branches: [ main ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
pull_request:
branches: [ main ]

env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}


jobs:
build:

runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- name: Checkout repository
uses: actions/checkout@v3

# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
23 changes: 23 additions & 0 deletions .github/workflows/pull-request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Pull request
on:
pull_request_target:
types:
- opened
- reopened
- edited
- synchronize

jobs:
main:
runs-on: ubuntu-latest

permissions:
statuses: write

steps:
- name: Check out repository
uses: actions/checkout@v3

- uses: ./
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
37 changes: 37 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Release new action version
on:
workflow_dispatch:
inputs:
TAG_NAME:
description: "Tag name that the major tag will point to"
required: true

env:
TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
defaults:
run:
shell: pwsh

permissions:
contents: read

jobs:
update_tag:
name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
# Remember to configure the releaseNewActionVersion environment with required approvers in the repository settings
environment:
name: releaseNewActionVersion
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
with:
egress-policy: audit

- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

- name: Update the ${{ env.TAG_NAME }} tag
uses: step-security/publish-action@00f33a2a7d8b77187d08ce666d0d5d73ad1dfb93
with:
source-tag: ${{ env.TAG_NAME }}
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
node_modules/

7 changes: 7 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM node:20-alpine

ADD package.json package-lock.json /action/
RUN cd /action && npm ci

ADD src /action/src
ENTRYPOINT ["node", "/action/src/index.js"]
1 change: 1 addition & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
MIT License

Copyright (c) 2023 StepSecurity
Copyright (c) 2022 Zadkiel Aharonian

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
77 changes: 76 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1 +1,76 @@
# conventional-pr-title-action
# StepSecurity Maintained Conventional PR Title Action

Forked from: [aslafy-z/conventional-pr-title-action](https://github.com/aslafy-z/conventional-pr-title-action)

This is a [GitHub Action](https://github.com/features/actions) that ensures your PR title matches the [Conventional Commits spec](https://www.conventionalcommits.org/).

This is helpful when you're using [semantic-release](https://github.com/semantic-release/semantic-release) with the Conventional Commits preset. When using the `Squash and merge` strategy, GitHub will suggest to use the PR title as the commit message. With this action you can validate that the PR title will lead to a correct commit message.

See [Conventional Commits](https://www.conventionalcommits.org/) for sample titles.

## Inputs

### `success-state`

**Optional.** Description of the status check if validation succeeds.
> Default: `"Title follows the specification."`.

### `failure-state`

**Optional.** Description of the status check if validation fails.
> Default: `"Title does not follow the specification."`.

### `context-name`

**Optional.** Persistent status check context key.
> Default: `"conventional-pr-title"`.

### `preset`

**Optional.** Conventional changelog preset.
> Default: `"[email protected]"`.

### `target-url`

**Optional.** URL to be used when linking the "Details" in the actions overview.
> Default: `"https://www.conventionalcommits.org/en/v1.0.0/#summary"`.

## Outputs

### `success`

`true` if the validation succeed, `false` otherwise.

### `error`

In case of an error (`success=false`), contains the error message for additional processing or usage in notifications.

## Example usage

```yaml
name: Check PR title

on:
pull_request_target:
types:
- opened
- reopened
- edited
- synchronize

jobs:
lint:
runs-on: ubuntu-latest
permissions:
statuses: write
steps:
- uses: step-security/conventional-pr-title-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```

> Note: Avoid using `main` ref, prefer to pin to a specific version.

## Credits

All thanks goes to [`amannn`](https://github.com/amannn)'s [`semantic-pull-request`](https://github.com/amannn/action-semantic-pull-request) action.
5 changes: 5 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Security Policy

## Reporting a Vulnerability

Please report security vulnerabilities to [email protected]
30 changes: 30 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Conventional PR Title
author: Zadkiel <[email protected]>
description: Ensure your PR title matches the Conventional Commits spec (https://www.conventionalcommits.org/).
inputs:
success-state:
description: Description of the status check if validation succeeds.
required: false
default: Title follows the specification.
failure-state:
description: Description of the status check if validation fails.
required: false
default: Title does not follow the specification.
context-name:
description: Persistent status check context key
required: false
default: conventional-pr-title
preset:
description: Conventional changelog preset to use.
required: false
default: [email protected]
target-url:
description: URL to be used when linking the "Details" in the actions overview.
required: false
default: https://www.conventionalcommits.org/en/v1.0.0/#summary
runs:
using: docker
image: Dockerfile
branding:
icon: shield
color: green
Loading
Loading