diff --git a/.github/actions/acr-login/action.yml b/.github/actions/acr-login/action.yml index 4c856968..71587b0b 100644 --- a/.github/actions/acr-login/action.yml +++ b/.github/actions/acr-login/action.yml @@ -21,8 +21,8 @@ runs: using: composite steps: - name: Login to Azure - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 - env: + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # pin@v3.0.0 + env: AZURE_CLIENT_ID: ${{ inputs.client-id }} AZURE_TENANT_ID: ${{ inputs.tenant-id}} AZURE_SUBSCRIPTION_ID: ${{ inputs.subscription-id }} @@ -30,7 +30,7 @@ runs: client-id: ${{ env.AZURE_CLIENT_ID }} tenant-id: ${{ env.AZURE_TENANT_ID }} subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} - + - name: Login to Azure Container Registry id: acr_login shell: bash diff --git a/.github/actions/trivy-sbom/action.yml b/.github/actions/trivy-sbom/action.yml index d29176f4..a1302e37 100644 --- a/.github/actions/trivy-sbom/action.yml +++ b/.github/actions/trivy-sbom/action.yml @@ -79,7 +79,7 @@ runs: - name: Run Trivy SBOM generation id: trivy-gen - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # pin@v0.36.0 env: TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2 TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db:1,public.ecr.aws/aquasecurity/trivy-java-db:1 diff --git a/.github/actions/trivy-scan/action.yml b/.github/actions/trivy-scan/action.yml index 50ed9a61..a755499f 100644 --- a/.github/actions/trivy-scan/action.yml +++ b/.github/actions/trivy-scan/action.yml @@ -140,7 +140,7 @@ runs: - name: Run Trivy vulnerability library scan if: ${{ inputs.library-disable-scan != 'true' }} - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # pin@v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # pin@v0.36.0 id: trivy-library env: TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2 @@ -197,7 +197,7 @@ runs: - name: Run Trivy vulnerability OS scan if: ${{ inputs.os-disable-scan != 'true' && inputs.scan-type == 'image'}} - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # pin@v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # pin@v0.36.0 id: trivy-os env: TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2 diff --git a/.github/workflows/check-syntax.yml b/.github/workflows/check-syntax.yml index a595511b..3180a623 100644 --- a/.github/workflows/check-syntax.yml +++ b/.github/workflows/check-syntax.yml @@ -7,4 +7,4 @@ jobs: runs-on: ubuntu-latest steps: - name: "Run actionlint" - uses: felleslosninger/github-actions/run-actionlint@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/run-actionlint@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 diff --git a/.github/workflows/ci-call-update-image.yml b/.github/workflows/ci-call-update-image.yml index 568d527b..e6337509 100644 --- a/.github/workflows/ci-call-update-image.yml +++ b/.github/workflows/ci-call-update-image.yml @@ -84,7 +84,7 @@ jobs: echo "jira-id=$JIID" >> "$GITHUB_ENV" - name: Get Labels - uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # pin@v2.4.0 + uses: octokit/request-action@b91aabaa861c777dcdb14e2387e30eddf04619ae # pin@v3.0.0 id: get-labels with: route: GET /repos/${{ github.repository }}/commits/${{ github.sha }}/pulls @@ -162,7 +162,7 @@ jobs: run: npm install @octokit/app@v13.1.8 - name: Generate Token - uses: felleslosninger/github-actions/github-app-token@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/github-app-token@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 id: token with: app-id: ${{ secrets.DIGDIR_PLATFORM_CI_APP_ID }} @@ -190,7 +190,7 @@ jobs: } >> "$GITHUB_STEP_SUMMARY" - name: Call Dispatch To Start Promotion - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # pin@v3.0.0 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # pin@v4.0.1 with: token: ${{ steps.token.outputs.token }} event-type: ${{ inputs.kubernetes-repo-event }} diff --git a/.github/workflows/ci-docker-build-publish-image.yml b/.github/workflows/ci-docker-build-publish-image.yml index f41bb56f..df30aee4 100644 --- a/.github/workflows/ci-docker-build-publish-image.yml +++ b/.github/workflows/ci-docker-build-publish-image.yml @@ -117,7 +117,7 @@ jobs: echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Build image run: | @@ -141,17 +141,13 @@ jobs: os-exit-code: "1" trivy-version: ${{ inputs.trivy-version }} - - name: Login to ACR - uses: azure/login@v2 + - name: ACR login + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - run: az acr login --name "$ACR_NAME" - env: - ACR_NAME: ${{ inputs.container-registry }} + acr-name: ${{ inputs.container-registry }} - name: "Push image" run: docker push ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} @@ -191,7 +187,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} diff --git a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml index 54881235..d72d7522 100644 --- a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml +++ b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml @@ -121,12 +121,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 with: fetch-depth: ${{ inputs.fetch-depth }} - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -166,7 +166,7 @@ jobs: trivy-version: ${{ inputs.trivy-version }} - name: Login to GitHub Container Registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # pin@v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # pin@v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -210,7 +210,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} diff --git a/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml b/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml index 922caca0..724f5614 100644 --- a/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml +++ b/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml @@ -109,10 +109,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -178,7 +178,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} diff --git a/.github/workflows/ci-maven-build-lib.yml b/.github/workflows/ci-maven-build-lib.yml index f0d7ff41..77125f7f 100644 --- a/.github/workflows/ci-maven-build-lib.yml +++ b/.github/workflows/ci-maven-build-lib.yml @@ -54,7 +54,7 @@ jobs: if: ${{ github.event_name == 'pull_request'}} runs-on: ubuntu-latest steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # pin@v8.0.0 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # pin@v9.0.0 with: script: | const REGEX = new RegExp("^[^…]+$"); // Title must match this regex @@ -106,9 +106,10 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 + - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} diff --git a/.github/workflows/ci-maven-build.yml b/.github/workflows/ci-maven-build.yml index 375ec2df..b05980f4 100644 --- a/.github/workflows/ci-maven-build.yml +++ b/.github/workflows/ci-maven-build.yml @@ -54,7 +54,7 @@ jobs: if: ${{ github.event_name == 'pull_request'}} runs-on: ubuntu-latest steps: - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # pin@v8.0.0 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # pin@v9.0.0 with: script: | const REGEX = new RegExp("^[^…]+$"); // Title must match this regex @@ -107,10 +107,10 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} diff --git a/.github/workflows/ci-maven-deploy.yml b/.github/workflows/ci-maven-deploy.yml index 0080fa5e..df9f5985 100644 --- a/.github/workflows/ci-maven-deploy.yml +++ b/.github/workflows/ci-maven-deploy.yml @@ -66,10 +66,10 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} diff --git a/.github/workflows/ci-maven-install-deploy-lib.yml b/.github/workflows/ci-maven-install-deploy-lib.yml index 1bcfa6b2..909d8296 100644 --- a/.github/workflows/ci-maven-install-deploy-lib.yml +++ b/.github/workflows/ci-maven-install-deploy-lib.yml @@ -77,12 +77,12 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 with: fetch-depth: ${{ inputs.fetch-depth }} - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} diff --git a/.github/workflows/ci-pr-checks.yml b/.github/workflows/ci-pr-checks.yml index 8039f871..06c2f919 100644 --- a/.github/workflows/ci-pr-checks.yml +++ b/.github/workflows/ci-pr-checks.yml @@ -138,7 +138,7 @@ jobs: steps: - name: Check PR title id: check-pr-title - uses: felleslosninger/github-actions/validate-pull-request-title@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/validate-pull-request-title@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: pull-request-title: ${{ inputs.pull-request-title }} allowed-prefixes: ${{ inputs.pull-request-allowed-prefixes }} @@ -153,7 +153,7 @@ jobs: - name: Fail if PR title is not valid if: steps.check-pr-title.outputs.is-valid == 'false' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # pin@v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # pin@v9.0.0 with: script: | core.setFailed('${{ steps.check-pr-title.outputs.error-message }}') @@ -168,10 +168,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -201,7 +201,7 @@ jobs: if: | !cancelled() && inputs.artifact-path != '' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # pin@v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # pin@v7.0.1 with: name: ${{ inputs.artifact-name }} path: ${{ inputs.artifact-path }} @@ -283,6 +283,6 @@ jobs: needs: call-auto-merge steps: - name: call-build-publish-image - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # pin@v3.0.0 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # pin@v4.0.1 with: event-type: build-publish-image diff --git a/.github/workflows/ci-quarkus-build-publish-image.yml b/.github/workflows/ci-quarkus-build-publish-image.yml index e498f04f..bdf45996 100644 --- a/.github/workflows/ci-quarkus-build-publish-image.yml +++ b/.github/workflows/ci-quarkus-build-publish-image.yml @@ -135,10 +135,10 @@ jobs: echo "IMAGE-NAME=${{ inputs.container-registry }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -219,17 +219,13 @@ jobs: os-severity: ${{ inputs.trivy-os-severity }} trivy-version: ${{ inputs.trivy-version }} - - name: Login to ACR - uses: azure/login@v2 + - name: ACR login + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - run: az acr login --name "$ACR_NAME" - env: - ACR_NAME: ${{ inputs.container-registry }} + acr-name: ${{ inputs.container-registry }} - name: Push image run: docker push ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} @@ -267,7 +263,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} diff --git a/.github/workflows/ci-quarkus-container-scan.yml b/.github/workflows/ci-quarkus-container-scan.yml index 43d836ff..eb506e81 100644 --- a/.github/workflows/ci-quarkus-container-scan.yml +++ b/.github/workflows/ci-quarkus-container-scan.yml @@ -100,10 +100,10 @@ jobs: run: | echo "IMAGE-NAME=${{ inputs.registry-url }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} diff --git a/.github/workflows/ci-spring-boot-build-publish-image.yml b/.github/workflows/ci-spring-boot-build-publish-image.yml index 4540bcf9..faf4c06a 100644 --- a/.github/workflows/ci-spring-boot-build-publish-image.yml +++ b/.github/workflows/ci-spring-boot-build-publish-image.yml @@ -160,10 +160,10 @@ jobs: echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} @@ -225,26 +225,20 @@ jobs: # Login to GHCR if container-registry starts with ghcr.io - name: Login to GitHub Container Registry if: contains(inputs.container-registry, 'ghcr.io') - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # pin@v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # Login to Azure if container-registry is ACR - - name: Login to Azure + - name: ACR login if: contains(inputs.container-registry, 'azurecr.io') - uses: azure/login@v2 + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets[inputs.sp-container-registry-client-id] }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - if: contains(inputs.container-registry, 'azurecr.io') - run: az acr login --name "$ACR_NAME" - env: - ACR_NAME: ${{ inputs.container-registry }} + acr-name: ${{ inputs.container-registry }} - name: Push image run: docker push ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} @@ -284,7 +278,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }} diff --git a/.github/workflows/ci-spring-boot-container-scan.yml b/.github/workflows/ci-spring-boot-container-scan.yml index aa21468e..2909c39b 100644 --- a/.github/workflows/ci-spring-boot-container-scan.yml +++ b/.github/workflows/ci-spring-boot-container-scan.yml @@ -89,7 +89,7 @@ on: jobs: build-and-scan-image: runs-on: ubuntu-latest - permissions: + permissions: contents: read env: REPOSITORY-NAME: ${{ github.event.repository.name }} @@ -106,10 +106,10 @@ jobs: echo "image-name=${{ inputs.registry-url }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_OUTPUT" - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Set up JDK ${{ inputs.java-version }} - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # pin@v5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # pin@v5.2.0 with: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} diff --git a/.github/workflows/misc-approve-and-merge-dependabot-pr.yml b/.github/workflows/misc-approve-and-merge-dependabot-pr.yml index 7e5fc252..0e1c6d99 100644 --- a/.github/workflows/misc-approve-and-merge-dependabot-pr.yml +++ b/.github/workflows/misc-approve-and-merge-dependabot-pr.yml @@ -29,7 +29,7 @@ jobs: if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Fetch update types id: update-types @@ -46,7 +46,7 @@ jobs: - name: Fetch Dependabot metadata if: ${{ fromJson(steps.update-types.outputs.count) > 0 }} id: dependabot-metadata - uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # pin@v2.4.0 + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # pin@v3.1.0 - name: Approve and auto-merge id: auto-merge diff --git a/.github/workflows/misc-publish-dev-docker.yml b/.github/workflows/misc-publish-dev-docker.yml index c132f5d6..ba557153 100644 --- a/.github/workflows/misc-publish-dev-docker.yml +++ b/.github/workflows/misc-publish-dev-docker.yml @@ -20,20 +20,20 @@ jobs: REPOSITORY-NAME: ${{ github.event.repository.name }} steps: - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # pin@v3.6.0 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # pin@v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # pin@v3.0.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # pin@v4.0.0 - name: Login to crutvikling (Azure container registry) - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # pin@v3.5.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # pin@v4.1.0 with: registry: ${{ vars.CR_DEV_URL }} username: ${{ secrets.CR_DEV_USERNAME }} password: ${{ secrets.CR_DEV_SECRET }} - name: Build and push - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # pin@v6.18.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # pin@v7.1.0 with: push: true platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/on-pr-label.yml b/.github/workflows/on-pr-label.yml index 0502ecd8..0e40afdd 100644 --- a/.github/workflows/on-pr-label.yml +++ b/.github/workflows/on-pr-label.yml @@ -16,7 +16,7 @@ jobs: if: github.event.label.name == 'internal' steps: - name: Append ${{ env.internal-commit-string }} to PR title - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # pin@v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # pin@v9.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/test-k6-build-docker.yml b/.github/workflows/test-k6-build-docker.yml index 0e698cf2..1f10b3de 100644 --- a/.github/workflows/test-k6-build-docker.yml +++ b/.github/workflows/test-k6-build-docker.yml @@ -81,7 +81,7 @@ jobs: run: | echo "IMAGE-NAME=${{ env.REGISTRY_URL }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Copy k6-tests to docker temp run: | diff --git a/.github/workflows/test-k6-build-publish-docker.yml b/.github/workflows/test-k6-build-publish-docker.yml index f313ec7d..2b9c2732 100644 --- a/.github/workflows/test-k6-build-publish-docker.yml +++ b/.github/workflows/test-k6-build-publish-docker.yml @@ -99,7 +99,7 @@ jobs: run: | echo "IMAGE_NAME=${{ secrets.REGISTRY_URL }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 - name: Find and replace image version for ${{ env.IMAGETAG }} in version endpoint uses: jacobtomlinson/gha-find-replace@f1069b438f125e5395d84d1c6fd3b559a7880cb5 # pin@v3.0.5 @@ -133,17 +133,13 @@ jobs: os-exit-code: ${{ inputs.trivy-os-exit-code }} trivy-version: ${{ inputs.trivy-version }} - - name: Login to ACR - uses: azure/login@v2 + - name: ACR login + uses: felleslosninger/github-workflows/.github/actions/acr-login@main with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - run: az acr login --name "$ACR_NAME" - env: - ACR_NAME: ${{ vars.ACR_NAME }} + acr-name: ${{ vars.ACR_NAME }} - name: "Build the tagged Docker image" run: | @@ -173,7 +169,7 @@ jobs: slack-channel: ["${{ inputs.slack-channel-id }}", "C05G4B8R2GG"] steps: - name: Send Slack notification - uses: felleslosninger/github-actions/send-slack-notification@e4ba7c675762d5e9d3eeb48d6b75042e3dd325d3 # pin@v0.7.5 + uses: felleslosninger/github-actions/send-slack-notification@d7888fecafbf48e5845c8a0c76389f71c517ee6d # pin@v0.8.0 with: slack-channel-id: ${{ matrix.slack-channel }} slack-bot-token: ${{ secrets.SLACK_CICD_NOTIFICATION_TOKEN }}