From 496cfcbd55a363c64881d873d46556d0d85018d4 Mon Sep 17 00:00:00 2001 From: Remco van 't Veer Date: Tue, 21 May 2024 17:01:07 +0200 Subject: [PATCH] Improve GH action triggers for dependency checks Reorganised workflow into 4 separate flows: - nvd On every push and every workday. - test On every push. - ancient Run it when opening / reopening a PR, and every first of the month. - docker (renamed from build) Build and push docker image. --- .github/workflows/ancient.yml | 24 +++++++++++++++++ .github/workflows/deps.yml | 20 -------------- .github/workflows/{build.yml => docker.yml} | 2 +- .github/workflows/nvd.yml | 29 +++++++++++++++++++++ .github/workflows/test.yml | 20 ++------------ 5 files changed, 56 insertions(+), 39 deletions(-) create mode 100644 .github/workflows/ancient.yml delete mode 100644 .github/workflows/deps.yml rename .github/workflows/{build.yml => docker.yml} (96%) create mode 100644 .github/workflows/nvd.yml diff --git a/.github/workflows/ancient.yml b/.github/workflows/ancient.yml new file mode 100644 index 00000000..71423a82 --- /dev/null +++ b/.github/workflows/ancient.yml @@ -0,0 +1,24 @@ +name: Check deps for freshness + +on: + schedule: + - cron: '0 1 1 * 1' # every first of the month + pull_request: + types: [opened, reopened] + +jobs: + deps: + runs-on: ubuntu-latest + + steps: + - name: Cache lein project dependencies + uses: actions/cache@v4 + with: + path: "~/.m2/repository" + key: "${{ runner.os }}-clojure-${{ hashFiles('**/project.clj') }}" + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Check dependency freshness + run: lein check-deps diff --git a/.github/workflows/deps.yml b/.github/workflows/deps.yml deleted file mode 100644 index dc738914..00000000 --- a/.github/workflows/deps.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Check deps - -on: - schedule: - - cron: '0 0 * * 1' - -jobs: - deps: - runs-on: ubuntu-latest - - env: - NVD_API_TOKEN: ${{ secrets.NVD_API_TOKEN }} - - steps: - - - name: Checkout code - uses: actions/checkout@v4 - - - name: NVD clojure - uses: jomco/nvd-clojure-action@v3 diff --git a/.github/workflows/build.yml b/.github/workflows/docker.yml similarity index 96% rename from .github/workflows/build.yml rename to .github/workflows/docker.yml index 66fecdbf..290bb62d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/docker.yml @@ -1,4 +1,4 @@ -name: Build docker image +name: Build and publish docker image on: push: diff --git a/.github/workflows/nvd.yml b/.github/workflows/nvd.yml new file mode 100644 index 00000000..a523f7d7 --- /dev/null +++ b/.github/workflows/nvd.yml @@ -0,0 +1,29 @@ +name: Check deps for vulnerabilities + +on: + push: + branches: ["*"] + tags: ["*"] + schedule: + - cron: '0 1 * * 1,2,3,4,5' # every workday + +jobs: + deps: + runs-on: ubuntu-latest + + env: + NVD_API_TOKEN: ${{ secrets.NVD_API_TOKEN }} + + steps: + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Cache lein project dependencies + uses: actions/cache@v4 + with: + path: "~/.m2/repository" + key: "${{ runner.os }}-clojure-${{ hashFiles('**/project.clj') }}" + + - name: NVD clojure + uses: jomco/nvd-clojure-action@v3 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7a582fd1..48609528 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,24 +1,8 @@ -name: Run tests +name: Run checks, tests and docker build + on: push jobs: - deps: - runs-on: ubuntu-latest - - env: - NVD_API_TOKEN: ${{ secrets.NVD_API_TOKEN }} - - steps: - - uses: actions/checkout@v4 - - uses: actions/cache@v4 - with: { path: "~/.m2", key: "${{ runner.os }}-m2" } - - - name: Check dependency freshness - run: lein check-deps - - - name: NVD clojure - uses: jomco/nvd-clojure-action@v3 - lint: runs-on: ubuntu-latest