inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-07-24 17:32:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AAE-18117] Use SHA for GitHub actions (#9113)

Browse Source 
* AAE-18117 - Add pre-checks job

* AAE-18117 - Use pinned SHA

* AAE-18117 - Update dependabot.yml
This commit is contained in:
Giovanni Fertuso
2023-11-27 10:58:24 +00:00
committed by GitHub
parent 3cf2ffa7bd
commit 3daecb1b1c
15 changed files with 123 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/actions/artifact-append/action.yml vendored
View File

@@ -22,13 +22,13 @@ runs:
- run: echo "Artifact Append"
shell: bash
- name: Download artifact
uses: actions/download-artifact@v3
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: ${{ inputs.artifact-name }}
- run: ls
shell: bash
- name: Append content
uses: actions/github-script@v6
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
env:
contentFile: ${{ inputs.content }}
fileName: ${{ inputs.file-name }}
@@ -83,7 +83,7 @@ runs:
}
}
- name: Upload artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: ${{ inputs.artifact-name }}
path: ${{ inputs.file-name }}

4
.github/actions/artifact-extract/action.yml vendored
View File

@@ -24,11 +24,11 @@ runs:
using: "composite"
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- run: echo "Artifact Extract"
shell: bash
- name: Download artifact
uses: actions/download-artifact@v3
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: ${{ inputs.artifact-name }}
- id: extract

4
.github/actions/artifact-initialize/action.yml vendored
View File

@@ -19,14 +19,14 @@ runs:
using: "composite"
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Create empty artifact
shell: bash
run:
echo "${{inputs.content}}" > ${{ inputs.file-name }}
- name: Upload artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: ${{ inputs.artifact-name }}
path: ${{ inputs.file-name }}

2
.github/actions/e2e/action.yml vendored
View File

@@ -184,7 +184,7 @@ runs:
- name: upload artifacts on gh
id: upload_gh
if: ${{ steps.determine-affected.outputs.isAffected == 'true' }}
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: e2e-artifact-output
path: /home/runner/work/alfresco-ng2-components/alfresco-ng2-components/e2e-output-*

8
.github/actions/setup/action.yml vendored
View File

@@ -20,18 +20,18 @@ runs:
using: "composite"
steps:
- name: install NPM
uses: actions/setup-node@v3
uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
with:
node-version-file: '.nvmrc'
cache-dependency-path: package-lock.json
- name: get latest tag sha
id: tag-sha
uses: Alfresco/alfresco-build-tools/.github/actions/git-latest-tag@v1.29.0
uses: Alfresco/alfresco-build-tools/.github/actions/git-latest-tag@d3b4d2e2e08dc33a5d1d60138e9e5989a3dd264c # v1.29.0
# CACHE
- name: Node Modules cache
id: node-modules-cache
if: ${{ inputs.enable-node-modules-cache == 'true' }}
uses: actions/cache@v3
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
env:
cache-name: node-modules-cache
with:
@@ -43,7 +43,7 @@ runs:
node_modules-${{ runner.os }}-build-
node_modules-${{ runner.os }}-
- name: pip cache
uses: actions/cache@v3
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
if: ${{ inputs.enable-cache == 'true' }}
with:
path: ~/.cache/pip

2
.github/actions/slack-group-area/action.yml vendored
View File

@@ -18,7 +18,7 @@ runs:
steps:
- name: Append group
id: group
uses: actions/github-script@v6
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
env:
affectedLib: ${{ inputs.affected }}
with:

67
.github/dependabot.yml vendored
View File

@@ -24,8 +24,73 @@ updates:
- label: "nrwl Updates"
packages:
- "@nrwl/*"
version: "widen"
version: "widen"
ignore:
- dependency-name: "pdfjs-dist"
- dependency-name: "@types/*"
- dependency-name: "typescript"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/artifact-append"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/artifact-extract"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/artifact-initialize"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/before-install"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/download-node-modules-and-artifacts"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/e2e"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/enable-dryrun"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/get-latest-tag-sha"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/npm-check-bundle"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/print-affected-libs"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/set-npm-tag"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/setup"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/setup-chrome"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/slack-group-area"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/.github/actions/upload-node-modules-and-artifacts"
schedule:
interval: "weekly"

8
.github/workflows/codeql-analysis.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
@@ -30,7 +30,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
# Override language selection by uncommenting this and choosing your languages
with:
languages: javascript
@@ -39,7 +39,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
@@ -53,4 +53,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8

2
.github/workflows/cron-e2e.yml vendored
View File

@@ -73,7 +73,7 @@ jobs:
runs-on: ubuntu-latest
name: Initialize artifacts
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- uses: ./.github/actions/artifact-initialize
with:
artifact-name: global-e2e-result

4
.github/workflows/git-tag.yml vendored
View File

@@ -96,13 +96,13 @@ jobs:
GITHUB_TOKEN: $BOT_GITHUB_TOKEN
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- id: set-dryrun
uses: ./.github/actions/enable-dryrun
with:
dry-run-flag: ${{ inputs.dry-run-flag }}
- name: install NPM
uses: actions/setup-node@v3
uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
with:
node-version-file: '.nvmrc'
- name: "Release tag"

2
.github/workflows/package_dispatch.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
if: github.event.registry_package.package_type == 'npm' && github.event.registry_package.name == 'adf-core'
steps:
- name: Dispatch event to monorepo
uses: actions/github-script@v6
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
github-token: ${{ secrets.PAT_WRITE_PKG }}
retries: 3

39
.github/workflows/pull-request.yml vendored
View File

@@ -94,11 +94,14 @@ env:
PROXY_HOST_ECM: ${{ secrets.E2E_HOST }}
jobs:
check-package-lock:
pre-checks:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b35f285b9bb7e80de0967367cee66d3b6d50ceca # v3.0.1
- name: Check package-lock.json version
run: |
@@ -113,15 +116,15 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- name: Get branch name
uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v1.36.0
uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@7b0536b4e403e95365d83695c9ab3119b885ce36 # v1.36.0
- name: Save commit message
uses: Alfresco/alfresco-build-tools/.github/actions/get-commit-message@v1.36.0
uses: Alfresco/alfresco-build-tools/.github/actions/get-commit-message@7b0536b4e403e95365d83695c9ab3119b885ce36 # v1.36.0
- name: ci:force flag parser
shell: bash
@@ -136,7 +139,7 @@ jobs:
- name: Get PR number
if: ${{ github.event_name != 'schedule' }}
uses: kamatama41/get-pr-number-action@5c77b38a1b4974ebf8a9521a689f38a5898eadd6
uses: kamatama41/get-pr-number-action@5c77b38a1b4974ebf8a9521a689f38a5898eadd6 # v0.7.0
id: action
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -193,10 +196,10 @@ jobs:
timeout-minutes: 30
name: "Setup"
runs-on: ubuntu-22.04
needs: [check-if-pr-is-approved, check-package-lock]
needs: [check-if-pr-is-approved, pre-checks]
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0 # Fetch all history for all tags and branches
- uses: ./.github/actions/setup
@@ -232,7 +235,7 @@ jobs:
exclude: "insights,core,extensions,content-services,process-services,eslint-plugin-eslint-angular,js-api"
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0 # Fetch all history for all tags and branches
- uses: ./.github/actions/setup
@@ -249,7 +252,7 @@ jobs:
needs: [setup]
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0 # Fetch all history for all tags and branches
- uses: ./.github/actions/setup
@@ -264,7 +267,7 @@ jobs:
needs: [setup]
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0 # Fetch all history for all tags and branches
- uses: ./.github/actions/setup
@@ -281,7 +284,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0 # Fetch all history for all
- uses: ./.github/actions/setup
@@ -424,7 +427,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0 # Fetch all history for all
- uses: ./.github/actions/setup
@@ -454,12 +457,12 @@ jobs:
steps:
- id: checkoutRepo
name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 1
- name: PR contains forbidden labels
id: pr-forbidden
uses: actions/github-script@v6
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |
const issueHasLabels = require('./scripts/github/update/check-issue-has-label.js');
@@ -479,9 +482,9 @@ jobs:
if: ${{ always() }}
runs-on: ubuntu-latest
name: Final Results
needs: [check-if-pr-is-approved, check-package-lock, setup, unit-tests, lint, build-libs, e2e, e2e-storybook]
needs: [check-if-pr-is-approved, pre-checks, setup, unit-tests, lint, build-libs, e2e, e2e-storybook]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Log e2e result
id: e2e-result
if: ${{ github.event_name == 'schedule' }}
@@ -495,7 +498,7 @@ jobs:
uses: ./.github/actions/slack-group-area
with:
affected: ${{ steps.e2e-result.outputs.result }}
- uses: slackapi/slack-github-action@v1.23.0
- uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
name: Nofify QA failure
if: ${{ github.event_name == 'schedule' && contains(needs.*.result, 'failure') }}
env:

4
.github/workflows/rebase.yml vendored
View File

@@ -9,10 +9,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the latest code
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- name: Automatic Rebase
uses: cirrus-actions/rebase@1.8
uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

10
.github/workflows/release-branch.yml vendored
View File

@@ -87,7 +87,7 @@ jobs:
echo "Set TAG with name: ${TAG_NPM}"
echo "TAG_NPM=${TAG_NPM}" >> $GITHUB_ENV
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- uses: ./.github/actions/setup
@@ -110,7 +110,7 @@ jobs:
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- uses: ./.github/actions/setup
@@ -128,7 +128,7 @@ jobs:
./scripts/update-version.sh -gnu || exit 1;
npx nx affected:build $NX_CALCULATION_FLAGS --prod --exclude="demoshell" --skip-nx-cache
npx nx affected $NX_CALCULATION_FLAGS --target=pretheme
- uses: actions/setup-node@v3
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
name: release libraries GH registry
with:
node-version-file: '.nvmrc'
@@ -137,7 +137,7 @@ jobs:
- run: npx nx affected --target=npm-publish $NX_CALCULATION_FLAGS --tag=branch|| exit 1
env:
NODE_AUTH_TOKEN: ${{ secrets.PAT_WRITE_PKG }}
- uses: actions/setup-node@v3
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
name: release libraries Npm registry
with:
node-version-file: '.nvmrc'
@@ -153,5 +153,5 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- uses: ./.github/actions/npm-check-bundle

16
.github/workflows/release.yml vendored
View File

@@ -88,7 +88,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- uses: ./.github/actions/setup
@@ -109,7 +109,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 1
- run: git fetch --all
@@ -135,7 +135,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 1
- run: git fetch --all
@@ -165,7 +165,7 @@ jobs:
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- uses: ./.github/actions/setup
@@ -183,7 +183,7 @@ jobs:
./scripts/github/build/bumpversion.sh
npx nx affected:build $NX_CALCULATION_FLAGS --prod --exclude="demoshell" --skip-nx-cache
npx nx affected $NX_CALCULATION_FLAGS --target=pretheme
- uses: actions/setup-node@v3
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
name: release libraries GH registry
with:
node-version-file: '.nvmrc'
@@ -192,7 +192,7 @@ jobs:
- run: npx nx affected --target=npm-publish $NX_CALCULATION_FLAGS --tag=$TAG_NPM || exit 1
env:
NODE_AUTH_TOKEN: ${{ secrets.PAT_WRITE_PKG }}
- uses: actions/setup-node@v3
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
name: release libraries Npm registry
with:
node-version-file: '.nvmrc'
@@ -209,7 +209,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- uses: ./.github/actions/npm-check-bundle
finalize:
@@ -219,7 +219,7 @@ jobs:
needs: [release-demoshell, release-storybook, release-npm, npm-check-bundle]
steps:
- uses: slackapi/slack-github-action@v1.23.0
- uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
name: Nofify FE hxp-front-end-apps workflow failed
if: ${{ contains(toJson(needs.*.result), 'failure') }}
env: