Skip to content

Commit

Permalink
chore: pin GitHub actions with their SHA-1 instead of their version n…
Browse files Browse the repository at this point in the history
…umber
  • Loading branch information
lemeurherveCB committed Feb 24, 2023
1 parent d464dba commit ff8382b
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 28 deletions.
42 changes: 18 additions & 24 deletions .github/workflows/maven-cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,22 +10,20 @@ on:
MAVEN_TOKEN:
required: true
description: Maven token used for deploying the plugin jar to Jenkins Artifactory Repository

jobs:
validate:
runs-on: ubuntu-latest
outputs:
should_release: ${{ steps.verify-ci-status.outputs.result == 'success' && steps.interesting-categories.outputs.interesting == 'true' }}
steps:
- name: Verify CI status
uses: jenkins-infra/[email protected]
uses: jenkins-infra/verify-ci-status-action@7d194d0c5785a12623f350581db5243063542f90 # v1.2.2
id: verify-ci-status
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
output_result: true

- name: Release Drafter
uses: release-drafter/release-drafter@v5
uses: release-drafter/release-drafter@569eb7ee3a85817ab916c8f8ff03a5bd96c9c83e # v5
id: draft
if: steps.verify-ci-status.outputs.result == 'success'
with:
Expand All @@ -34,34 +32,30 @@ jobs:
version: next
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Check interesting categories
uses: jenkins-infra/[email protected]
uses: jenkins-infra/interesting-category-action@78f4b74509528c18790d9c36b2cccb5b21ed3451 # v1.2.1
id: interesting-categories
if: steps.verify-ci-status.outputs.result == 'success'
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_DRAFT_BODY: ${{ steps.draft.outputs.body }}

release:
runs-on: ubuntu-latest
needs: [validate]
if: needs.validate.outputs.should_release == 'true'
steps:
- name: Check out
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 11

- name: Release
uses: jenkins-infra/[email protected]
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }}
- name: Check out
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 11
- name: Release
uses: jenkins-infra/jenkins-maven-cd-action@5f5529707ac2bef1ff86da2553ce465ed669aa65 # v1.3.3
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }}
4 changes: 0 additions & 4 deletions .github/workflows/self-update-major-tag.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
name: Release

on:
release:
types: [published]
Expand All @@ -9,7 +8,6 @@ on:
required: false
description: The tag to move major version tag to
default: ""

jobs:
build:
runs-on: ubuntu-latest
Expand All @@ -18,7 +16,6 @@ jobs:
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: version
id: version
env:
Expand All @@ -39,7 +36,6 @@ jobs:
echo "tag=${tag}" >> $GITHUB_OUTPUT
echo "version=${version}" >> $GITHUB_OUTPUT
echo "major=${major}" >> $GITHUB_OUTPUT
- name: force update major tag
run: |
git tag v${{ steps.version.outputs.major }} ${{ steps.version.outputs.tag }} -f
Expand Down

0 comments on commit ff8382b

Please sign in to comment.