Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automated update to primary components #322

Merged
merged 5 commits into from
Apr 23, 2024
Merged

Automated update to primary components #322

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ce2f78a
Automated update to primary components
JonZeolla Apr 22, 2024
a92fb21
Cleanup
JonZeolla Apr 23, 2024
4326acb
update github actions
JonZeolla Apr 23, 2024
1680add
Only upload the versioned sboms and vulns
JonZeolla Apr 23, 2024
e834015
Skip sbom and vulnscan unless you are root
JonZeolla Apr 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 34 additions & 30 deletions .github/workflows/commit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout the repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- uses: seisollc/goat@main
with:
exclude: (.*tests/(ansible|terraform|cloudformation)/.*|.*build/Dockerfile\.j2$)
Expand All @@ -35,18 +35,18 @@ jobs:
test-matrix: ${{ steps.set-testing-outputs.outputs.test-matrix }}
steps:
- name: Checkout the repository
uses: actions/checkout@v3
- uses: actions/setup-python@v4
uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python_version }}
- uses: actions/cache@v3
- uses: actions/cache@v4
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
- name: Install the dependencies
run: python -m pip install --upgrade pipenv
- name: Install Task
uses: arduino/setup-task@v1
uses: arduino/setup-task@v2
- name: Initialize the repo
run: task -v init
- name: Gather the image matrix
Expand All @@ -71,11 +71,11 @@ jobs:
matrix: ${{ fromJSON(needs.generate-matrixes.outputs.test-matrix) }}
steps:
- name: Checkout the repository
uses: actions/checkout@v3
- uses: actions/setup-python@v4
uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python_version }}
- uses: actions/cache@v3
- uses: actions/cache@v4
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
Expand All @@ -89,7 +89,7 @@ jobs:
chmod +x "${RUNNER_TEMP}/bin/grype"
echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}"
- name: Install Task
uses: arduino/setup-task@v1
uses: arduino/setup-task@v2
- name: Initialize the repo
run: task -v init
- name: Build the image
Expand All @@ -99,25 +99,29 @@ jobs:
ENVIRONMENT: ${{ matrix.environment }}
- name: Generate the SBOM
run: task -v sbom
if: matrix.user == 'root'
env:
TOOL: ${{ matrix.tool }}
ENVIRONMENT: ${{ matrix.environment }}
- name: Upload the SBOM
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: matrix.user == 'root'
with:
name: SBOM_${{ matrix.tool }}_${{ matrix.environment }}
path: sbom.*.json
path: sbom.2*.json
if-no-files-found: error
- name: Generate Vuln scan results
run: task -v vulnscan
if: matrix.user == 'root'
env:
TOOL: ${{ matrix.tool }}
ENVIRONMENT: ${{ matrix.environment }}
- name: Upload Vuln scan result
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
if: matrix.user == 'root'
with:
name: Vulns_${{ matrix.tool }}_${{ matrix.environment }}
path: vulns.*.json
path: vulns.2*.json
if-no-files-found: error
- name: Run tests
run: task -v test
Expand All @@ -137,21 +141,21 @@ jobs:
git_tag: ${{ steps.bump-version.outputs.git_tag }}
steps:
- name: Checkout the repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
token: ${{ secrets.SEISO_AUTOMATION_PAT }}
fetch-depth: 0
- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python_version }}
- uses: actions/cache@v3
- uses: actions/cache@v4
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
- name: Install the dependencies
run: python -m pip install --upgrade pipenv
- name: Install Task
uses: arduino/setup-task@v1
uses: arduino/setup-task@v2
- name: Initialize the repo
run: task -v init
- name: Bump the version
Expand All @@ -173,14 +177,14 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout the repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: "${{ needs.bump-version.outputs.git_tag }}"
- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python_version }}
- uses: actions/cache@v3
- uses: actions/cache@v4
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
Expand All @@ -194,7 +198,7 @@ jobs:
chmod +x "${RUNNER_TEMP}/bin/grype"
echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}"
- name: Install Task
uses: arduino/setup-task@v1
uses: arduino/setup-task@v2
- name: Initialize the repo
run: task -v init
- name: Build the image
Expand All @@ -208,21 +212,21 @@ jobs:
TOOL: ${{ matrix.tool }}
ENVIRONMENT: ${{ matrix.environment }}
- name: Upload the SBOM
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: SBOM_${{ matrix.tool }}_${{ matrix.environment }}
path: sbom.*.json
path: sbom.2*.json
if-no-files-found: error
- name: Generate Vuln scan results
run: task -v vulnscan
env:
TOOL: ${{ matrix.tool }}
ENVIRONMENT: ${{ matrix.environment }}
- name: Upload Vuln scan result
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: Vulns_${{ matrix.tool }}_${{ matrix.environment }}
path: vulns.*.json
path: vulns.2*.json
if-no-files-found: error
- name: Run tests
run: task -v test
Expand All @@ -232,7 +236,7 @@ jobs:
USER: ${{ matrix.user }}
DEBUG: "True"
- name: Log in to Docker Hub
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Expand Down Expand Up @@ -268,16 +272,16 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout the repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: "${{ needs.bump-version.outputs.git_tag }}"
- name: Download the SBOMs and Vuln scan results
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}
- name: Publish the release to GitHub
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -291,7 +295,7 @@ jobs:
draft: false
prerelease: false
- name: Publish the release README to Docker Hub
uses: peter-evans/dockerhub-description@v3
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/update.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,20 +19,20 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout the repository
uses: actions/checkout@v3
- uses: actions/setup-python@v4
uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python_version }}
- name: Install the dependencies
run: python -m pip install --upgrade pipenv
- name: Install Task
uses: arduino/setup-task@v1
uses: arduino/setup-task@v2
- name: Initialize the repo
run: task -v init
- name: Update the repository
run: task -v update
- name: Create or update a pull request
uses: peter-evans/create-pull-request@v4
uses: peter-evans/create-pull-request@v6
with:
title: Automated update to primary components
commit-message: Automated update to primary components
Expand Down
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
repos:
- repo: https://github.com/seisollc/goat
rev: c1efc95962d02dd9f6952f74de6f91a11e15459f # frozen: v2024.01.04
rev: b571b58cefe8a8560badcf428978323aa769f9f9 # frozen: v2024.04.01
hooks:
- id: seiso-lint
4 changes: 2 additions & 2 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ To get started with contributing to this project, you first want to ensure that
First, ensure you have the `task` binary available in your `PATH`. To download `task`, [click here](https://taskfile.dev/).
You'll also need `docker`, `git`, `pipenv`, and `python3` installed locally, and have the `docker` daemon running. Then run `task init` to initialize the repository.

If you'd like to [run the test suite](#running-the-tests), you will also need `grype` downloaded and in your `PATH`.
If you'd like to run the test suite, you will also need `grype` downloaded and in your `PATH`.

If you'd like to [generate an SBOM](#generating-the-sboms), you will also need `syft` downloaded and in your `PATH`.
If you'd like to generate an SBOM, you will also need `syft` downloaded and in your `PATH`.

### Building the images

Expand Down
56 changes: 28 additions & 28 deletions Pipfile.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading