mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

chore: add workflow to ensure github actions are pinned to a commit SHA ()

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-08-23 22:02:13 +02:00 committed by GitHub
parent 5cc97993dc
commit 3d9417a58a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 16 deletions

6
.github/workflows/image.yaml vendored
View file

@ -12,7 +12,7 @@ permissions:
jobs: jobs:
push-init-kyverno: push-init-kyverno:
uses: kyverno/kyverno/.github/workflows/reuse.yaml@main uses: ./.github/workflows/reuse.yaml
with: with:
publish_command: docker-publish-initContainer publish_command: docker-publish-initContainer
digest_command: docker-get-initContainer-digest digest_command: docker-get-initContainer-digest
@ -23,7 +23,7 @@ jobs:
registry_password: ${{ secrets.CR_PAT }} registry_password: ${{ secrets.CR_PAT }}
push-kyverno: push-kyverno:
uses: kyverno/kyverno/.github/workflows/reuse.yaml@main uses: ./.github/workflows/reuse.yaml
with: with:
publish_command: docker-publish-kyverno publish_command: docker-publish-kyverno
digest_command: docker-get-kyverno-digest digest_command: docker-get-kyverno-digest
@ -34,7 +34,7 @@ jobs:
registry_password: ${{ secrets.CR_PAT }} registry_password: ${{ secrets.CR_PAT }}
push-kyverno-cli: push-kyverno-cli:
uses: kyverno/kyverno/.github/workflows/reuse.yaml@main uses: ./.github/workflows/reuse.yaml
with: with:
publish_command: docker-publish-cli publish_command: docker-publish-cli
digest_command: docker-get-cli-digest digest_command: docker-get-cli-digest

6
.github/workflows/release.yaml vendored
View file

@ -10,7 +10,7 @@ jobs:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
uses: kyverno/kyverno/.github/workflows/reuse.yaml@main uses: ./.github/workflows/reuse.yaml
with: with:
publish_command: docker-publish-initContainer publish_command: docker-publish-initContainer
digest_command: docker-get-initContainer-digest digest_command: docker-get-initContainer-digest
@ -26,7 +26,7 @@ jobs:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
uses: kyverno/kyverno/.github/workflows/reuse.yaml@main uses: ./.github/workflows/reuse.yaml
with: with:
publish_command: docker-publish-kyverno publish_command: docker-publish-kyverno
digest_command: docker-get-kyverno-digest digest_command: docker-get-kyverno-digest
@ -42,7 +42,7 @@ jobs:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
uses: kyverno/kyverno/.github/workflows/reuse.yaml@main uses: ./.github/workflows/reuse.yaml
with: with:
publish_command: docker-publish-cli publish_command: docker-publish-cli
digest_command: docker-get-cli-digest digest_command: docker-get-cli-digest

24
.github/workflows/tests.yaml vendored
View file

@ -9,28 +9,32 @@ on:
- 'main' - 'main'
- 'release*' - 'release*'
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
jobs: jobs:
pre-checks: pre-checks:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # pin@v2.4.0
# see https://michaelheap.com/ensure-github-actions-pinned-sha/
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@6ca5574367befbc9efdb2fa25978084159c5902d # pin@v1.3.0
- name: Unshallow - name: Unshallow
run: git fetch --prune --unshallow run: git fetch --prune --unshallow
- name: Set up Go - name: Set up Go
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # pin@v2.1.5
with: with:
go-version: 1.17 go-version: 1.17
- name: Cache Go modules - name: Cache Go modules
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0 uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # pin@v1.2.0
with: with:
path: ~/go/pkg/mod path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -58,7 +62,7 @@ jobs:
fi fi
- name: golangci-lint - name: golangci-lint
uses: reviewdog/action-golangci-lint@02bcf8c1a9febe8620f1ca523b18dd64f82296db # v1.25.0 uses: reviewdog/action-golangci-lint@02bcf8c1a9febe8620f1ca523b18dd64f82296db # pin@v1.25.0
with: with:
fail_on_error: true fail_on_error: true
@ -77,23 +81,23 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
autogen-internals: [true, false] autogen-internals: [ true, false ]
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: pre-checks needs: pre-checks
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # pin@v2.4.0
- name: Unshallow - name: Unshallow
run: git fetch --prune --unshallow run: git fetch --prune --unshallow
- name: Set up Go - name: Set up Go
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # pin@v2.1.5
with: with:
go-version: 1.17 go-version: 1.17
- name: Cache Go modules - name: Cache Go modules
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0 uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # pin@v1.2.0
with: with:
path: ~/go/pkg/mod path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}