From 5d68effa0232e714a618f4cb1bdc8754744a50f5 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 19 Apr 2024 11:47:48 +0200 Subject: [PATCH 1/3] add workflow to generate GH release pages --- .github/release.yml | 20 ++++++++++++++++++++ .github/workflows/release.yml | 14 ++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 .github/release.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..bced958 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,20 @@ +--- +# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes + +changelog: + exclude: + labels: + - skip-changelog + + categories: + - title: Breaking Changes 🛠 + labels: + - backwards-incompatible + + - title: New Features 🎉 + labels: + - enhancement + + - title: Other Changes + labels: + - "*" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..c58610c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,14 @@ +--- +name: Release 🚀 + +on: + push: + tags: + - '*' + +jobs: + release: + name: Release + uses: voxpupuli/crafty/.github/workflows/release.yml@main + with: + allowed_owner: ${{ github.repository_owner }} From abbf5f1c9a7361710d0f8ef0f9323c5e519e48ec Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 19 Apr 2024 11:48:08 +0200 Subject: [PATCH 2/3] use labeler from crafty --- .github/workflows/labeler.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index c708d34..6bbf7dc 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -1,14 +1,12 @@ --- -name: "Pull Request Labeler" +name: Labeler 🏷️ on: - pull_request_target: {} + - pull_request_target jobs: labeler: - permissions: - contents: read - pull-requests: write - runs-on: ubuntu-latest - steps: - - uses: actions/labeler@v5 + name: Labeler + uses: voxpupuli/crafty/.github/workflows/labeler.yml@main + with: + allowed_owner: ${{ github.repository_owner }} From 118e3234b938b9e3196e1e4a73117e2f21ba5601 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 19 Apr 2024 11:48:48 +0200 Subject: [PATCH 3/3] try to differentiate sraif files to make trivy work again --- .github/workflows/ci.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4990885..af141e2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -57,14 +57,13 @@ jobs: with: image-ref: 'ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }}' format: 'sarif' - output: 'trivy-results.sarif' + output: 'trivy-results-${{ matrix.rubygem_puppet }}.sarif' severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: 'trivy-results.sarif' - matrix: ${{ toJson(matrix) }} + sarif_file: 'trivy-results-${{ matrix.rubygem_puppet }}.sarif' # - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph # uses: aquasecurity/trivy-action@master