From 5f1f42fbff8140bc1730192f84b296c2cb7f5b46 Mon Sep 17 00:00:00 2001 From: Juan Manuel Perez Date: Fri, 17 Nov 2023 11:14:57 +0100 Subject: [PATCH] chore: rename all pipeline files to standardise them --- .../{on_prerelease.yml => on_prerelease.yaml} | 0 .../{push_pr.yml => on_push_pr.yaml} | 0 .../{on_release.yml => on_release.yaml} | 0 .github/workflows/repolinter.yml | 30 ++---------- .github/workflows/security.yaml | 17 +++++++ .github/workflows/security.yml | 47 ------------------- ...prerelease.yml => trigger_prerelease.yaml} | 2 +- 7 files changed, 23 insertions(+), 73 deletions(-) rename .github/workflows/{on_prerelease.yml => on_prerelease.yaml} (100%) rename .github/workflows/{push_pr.yml => on_push_pr.yaml} (100%) rename .github/workflows/{on_release.yml => on_release.yaml} (100%) create mode 100644 .github/workflows/security.yaml delete mode 100644 .github/workflows/security.yml rename .github/workflows/{trigger_prerelease.yml => trigger_prerelease.yaml} (87%) diff --git a/.github/workflows/on_prerelease.yml b/.github/workflows/on_prerelease.yaml similarity index 100% rename from .github/workflows/on_prerelease.yml rename to .github/workflows/on_prerelease.yaml diff --git a/.github/workflows/push_pr.yml b/.github/workflows/on_push_pr.yaml similarity index 100% rename from .github/workflows/push_pr.yml rename to .github/workflows/on_push_pr.yaml diff --git a/.github/workflows/on_release.yml b/.github/workflows/on_release.yaml similarity index 100% rename from .github/workflows/on_release.yml rename to .github/workflows/on_release.yaml diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml index 8c14aba..48344d2 100644 --- a/.github/workflows/repolinter.yml +++ b/.github/workflows/repolinter.yml @@ -2,30 +2,10 @@ # workflow_dispatch to work properly name: Repolinter Action -# NOTE: This workflow will ONLY check the default branch! -# Currently there is no elegant way to specify the default -# branch in the event filtering, so branches are instead -# filtered in the "Test Default Branch" step. -on: [push, workflow_dispatch] +on: + push: + workflow_dispatch: jobs: - repolint: - name: Run Repolinter - runs-on: ubuntu-latest - steps: - - name: Test Default Branch - id: default-branch - uses: actions/github-script@v2 - with: - script: | - const data = await github.repos.get(context.repo) - return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0] - - name: Checkout Self - if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: actions/checkout@v4 - - name: Run Repolinter - if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: newrelic/repolinter-action@v1 - with: - config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-plus.yml - output_type: issue + repolinter: + uses: newrelic/coreint-automation/.github/workflows/reusable_repolinter.yaml@v1 diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml new file mode 100644 index 0000000..9f538d1 --- /dev/null +++ b/.github/workflows/security.yaml @@ -0,0 +1,17 @@ +name: Security Scan + +on: + push: + branches: + - master + - main + - renovate/** + pull_request: + schedule: + - cron: "0 3 * * *" + +jobs: + security: + uses: newrelic/coreint-automation/.github/workflows/reusable_security.yaml@v1 + with: + skip-dirs: "build" diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml deleted file mode 100644 index 5b1bf93..0000000 --- a/.github/workflows/security.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Security Scan - -on: - push: - branches: - - master - - main - - renovate/** - pull_request: - schedule: - - cron: "0 3 * * *" - -jobs: - trivy: - name: Trivy security scan - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@0.13.1 - if: ${{ ! github.event.schedule }} # Do not run inline checks when running periodically - with: - scan-type: fs - ignore-unfixed: true - exit-code: 1 - severity: 'HIGH,CRITICAL' - skip-dirs: 'build' - - - name: Run Trivy vulnerability scanner sarif output - uses: aquasecurity/trivy-action@0.13.1 - if: ${{ github.event.schedule }} # Generate sarif when running periodically - with: - scan-type: fs - ignore-unfixed: true - severity: 'HIGH,CRITICAL' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - skip-dirs: 'build' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - if: ${{ github.event.schedule }} # Upload sarif when running periodically - with: - sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/trigger_prerelease.yml b/.github/workflows/trigger_prerelease.yaml similarity index 87% rename from .github/workflows/trigger_prerelease.yml rename to .github/workflows/trigger_prerelease.yaml index 0ce13b4..6ce8af6 100644 --- a/.github/workflows/trigger_prerelease.yml +++ b/.github/workflows/trigger_prerelease.yaml @@ -11,7 +11,7 @@ on: jobs: prerelease: - uses: newrelic/coreint-automation/.github/workflows/trigger_prerelease.yaml@v1 + uses: newrelic/coreint-automation/.github/workflows/reusable_trigger_prerelease.yaml@v1 secrets: bot_token: ${{ secrets.COREINT_BOT_TOKEN }} slack_channel: ${{ secrets.COREINT_SLACK_CHANNEL }}