Skip to content

Commit

Permalink
chore: pin GitHub actions with their SHA-1 instead of their version n…
Browse files Browse the repository at this point in the history
…umber (#22

* chore: pin GitHub actions with their SHA-1 instead of their version number

* Keep versions for jenkins-infra GHA
  • Loading branch information
lemeurherve authored Feb 24, 2023
1 parent d464dba commit 1883b5d
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 26 deletions.
38 changes: 16 additions & 22 deletions .github/workflows/maven-cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ on:
MAVEN_TOKEN:
required: true
description: Maven token used for deploying the plugin jar to Jenkins Artifactory Repository

jobs:
validate:
runs-on: ubuntu-latest
Expand All @@ -23,9 +22,8 @@ jobs:
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
output_result: true

- name: Release Drafter
uses: release-drafter/release-drafter@v5
uses: release-drafter/release-drafter@569eb7ee3a85817ab916c8f8ff03a5bd96c9c83e # v5
id: draft
if: steps.verify-ci-status.outputs.result == 'success'
with:
Expand All @@ -34,34 +32,30 @@ jobs:
version: next
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Check interesting categories
uses: jenkins-infra/[email protected]
id: interesting-categories
if: steps.verify-ci-status.outputs.result == 'success'
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_DRAFT_BODY: ${{ steps.draft.outputs.body }}

release:
runs-on: ubuntu-latest
needs: [validate]
if: needs.validate.outputs.should_release == 'true'
steps:
- name: Check out
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 11

- name: Release
uses: jenkins-infra/[email protected]
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }}
- name: Check out
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 11
- name: Release
uses: jenkins-infra/[email protected]
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }}
4 changes: 0 additions & 4 deletions .github/workflows/self-update-major-tag.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
name: Release

on:
release:
types: [published]
Expand All @@ -9,7 +8,6 @@ on:
required: false
description: The tag to move major version tag to
default: ""

jobs:
build:
runs-on: ubuntu-latest
Expand All @@ -18,7 +16,6 @@ jobs:
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: version
id: version
env:
Expand All @@ -39,7 +36,6 @@ jobs:
echo "tag=${tag}" >> $GITHUB_OUTPUT
echo "version=${version}" >> $GITHUB_OUTPUT
echo "major=${major}" >> $GITHUB_OUTPUT
- name: force update major tag
run: |
git tag v${{ steps.version.outputs.major }} ${{ steps.version.outputs.tag }} -f
Expand Down

0 comments on commit 1883b5d

Please sign in to comment.