From a14958252bffdfb1b514ab492410b839c5081c62 Mon Sep 17 00:00:00 2001 From: jmeridth Date: Wed, 20 Nov 2024 10:31:22 -0600 Subject: [PATCH] chore: github actions cleanup - [x] add stale workflow - [x] switch to umutable actions on ones that allow it (closes 8 security warnings) - [x] solve actionlint issues - [x] group commands instead of instead of individual redirects - [x] double quote variable to prevent globbing and word splitting Signed-off-by: jmeridth --- .github/workflows/docker-ci.yml | 2 +- .github/workflows/major-version-updater.yml | 6 ++---- .github/workflows/python-ci.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/stale.yml | 21 +++++++++++++++++++++ .github/workflows/super-linter.yaml | 2 +- 7 files changed, 31 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index 90fe96b..14cc976 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -14,6 +14,6 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4.2.2 - name: Build the Docker image run: docker build . --file Dockerfile --platform linux/amd64 diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml index 066d389..3f6e2f0 100644 --- a/.github/workflows/major-version-updater.yml +++ b/.github/workflows/major-version-updater.yml @@ -15,7 +15,7 @@ jobs: contents: write steps: - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4.2.2 - name: version id: version @@ -25,9 +25,7 @@ jobs: tag=${GITHUB_REF/refs\/tags\//}; version=${tag#v} ; major=${version%%.*} ; - echo "tag=${tag}" >> "$GITHUB_OUTPUT" ; - echo "version=${version}" >> "$GITHUB_OUTPUT" ; - echo "major=${major}" >> "$GITHUB_OUTPUT" ; + { echo "tag=${tag}"; echo "version=${version}"; echo "major=${major}"; } >> "$GITHUB_OUTPUT" ; - name: force update major tag run: | diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index ff0f30e..5eef415 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -20,9 +20,9 @@ jobs: matrix: python-version: [3.11, 3.12] steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4.2.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b + uses: actions/setup-python@v5.3.0 with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e681c61..284ecf9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,7 +42,7 @@ jobs: id: get_tag_name run: | short_tag=$(echo ${{ steps.release-drafter.outputs.tag_name }} | cut -d. -f1) - echo "SHORT_TAG=$short_tag" >> $GITHUB_OUTPUT + echo "SHORT_TAG=$short_tag" >> "$GITHUB_OUTPUT" create_action_images: needs: create_release runs-on: ubuntu-latest @@ -60,7 +60,7 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4.2.2 - name: Push Docker Image if: ${{ success() }} uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c6f2e01..4ec0280 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4.2.2 with: persist-credentials: false @@ -36,7 +36,7 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@v4.4.3 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..2d8c416 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,21 @@ +name: "Close stale issues" +on: + schedule: + - cron: "30 1 * * *" + +permissions: + issues: write + pull-requests: read + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v9.0.0 + with: + stale-issue-message: "This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days." + close-issue-message: "This issue was closed because it has been stalled for 35 days with no activity." + days-before-stale: 21 + days-before-close: 14 + days-before-pr-close: -1 + exempt-issue-labels: keep diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index b41f192..e7aba3f 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -18,7 +18,7 @@ jobs: statuses: write steps: - name: Checkout Code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4.2.2 with: fetch-depth: 0 - name: Install dependencies