From 9671e4ead0a707055d9fdcb94fb13215b4854fa0 Mon Sep 17 00:00:00 2001 From: raj pandey Date: Thu, 13 Jul 2023 19:15:31 +0530 Subject: [PATCH 1/3] Modified workflows to use the latest version of the github actions --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/jira.yml | 2 +- .github/workflows/release.yml | 50 ++++++++++++--------------- .github/workflows/sast-scan.yml | 2 +- .github/workflows/sca-scan.yml | 4 +-- .github/workflows/secrets-scan.yml | 2 +- 6 files changed, 29 insertions(+), 33 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3566f965ec..ef4bb176cc 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v3.5.3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index 5ddf87a65c..c4f9d9f575 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -7,7 +7,7 @@ jobs: if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.5.3 - name: Login into JIRA uses: atlassian/gajira-login@master env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 962a304c9b..5a9c8e7ac6 100755 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,11 +8,11 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: pnpm/action-setup@v2 + - uses: actions/checkout@v3.5.3 + - uses: pnpm/action-setup@v2.2.4 with: version: 7 - - uses: actions/setup-node@v1 + - uses: actions/setup-node@v3.7.0 with: node-version: '18.x' cache: 'pnpm' @@ -32,7 +32,7 @@ jobs: working-directory: ./packages/contentstack-dev-dependencies run: npm run prepack - name: Publishing dev dependencies - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.dev-dependencies-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -47,7 +47,7 @@ jobs: working-directory: ./packages/contentstack-utilities run: npm run prepack - name: Publishing utilities - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.utilities-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -62,7 +62,7 @@ jobs: working-directory: ./packages/contentstack-command run: npm run prepack - name: Publishing command - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.command-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -77,7 +77,7 @@ jobs: working-directory: ./packages/contentstack-config run: npm run prepack - name: Publishing config - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.config-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -92,7 +92,7 @@ jobs: working-directory: ./packages/contentstack-auth run: npm run prepack - name: Publishing auth - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.auth-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -103,7 +103,7 @@ jobs: working-directory: ./packages/contentstack-export run: npm install - name: Publishing export - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.export-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -114,7 +114,7 @@ jobs: working-directory: ./packages/contentstack-import run: npm install - name: Publishing import - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.import-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -125,7 +125,7 @@ jobs: working-directory: ./packages/contentstack-clone run: npm install - name: Publishing clone - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.clone-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -136,7 +136,7 @@ jobs: working-directory: ./packages/contentstack-export-to-csv run: npm install - name: Publishing export to csv - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.export-to-csv-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -147,7 +147,7 @@ jobs: working-directory: ./packages/contentstack-migrate-rte run: npm install - name: Publishing migrate rte - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.migrate-rte-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -158,7 +158,7 @@ jobs: working-directory: ./packages/contentstack-migration run: npm install - name: Publishing migration - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.migration-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -173,7 +173,7 @@ jobs: working-directory: ./packages/contentstack-seed run: npm run prepack - name: Publishing seed - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.seed-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -188,7 +188,7 @@ jobs: working-directory: ./packages/contentstack-bootstrap run: npm run prepack - name: Publishing bootstrap - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.bootstrap-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -199,7 +199,7 @@ jobs: working-directory: ./packages/contentstack-bulk-publish run: npm install - name: Publishing bulk publish - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.bulk-publish-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -214,7 +214,7 @@ jobs: working-directory: ./packages/contentstack-launch run: npm run prepack - name: Publishing launch - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.launch-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -230,7 +230,7 @@ jobs: working-directory: ./packages/contentstack-branches run: npm run prepack - name: Publishing branches - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.branches-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} @@ -243,12 +243,12 @@ jobs: run: npm install - name: Publishing core id: publish-core - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v2.2.1 if: ${{ steps.core-installation.conclusion == 'success' }} with: token: ${{ secrets.NPM_TOKEN }} package: ./packages/contentstack/package.json - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.5.3 with: ref: 'prod-qa-pipeline' - run: echo ${{ steps.publish-core.outputs.version }} > version.md @@ -256,12 +256,8 @@ jobs: with: message: 'Released version' - name: Create Release - uses: actions/create-release@v1 + uses: actions/create-release@v1.1.4 id: create_release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: v${{ steps.publish-core.outputs.version }} - release_name: Release ${{ steps.publish-core.outputs.version }} - draft: false # Default value, but nice to set explicitly - prerelease: false # Default value, but nice to set explicitly + run: gh release create v${{ steps.publish-core.outputs.version }} --title "Release ${{ steps.publish-core.outputs.version }}" --generate-notes diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml index f9316303a9..1c735eca7f 100644 --- a/.github/workflows/sast-scan.yml +++ b/.github/workflows/sast-scan.yml @@ -6,6 +6,6 @@ jobs: security: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.5.3 - name: Horusec Scan run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd) \ No newline at end of file diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index 1857400ff9..21ac795a5b 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -10,8 +10,8 @@ jobs: - uses: pnpm/action-setup@v2 with: version: 7 - - name: Use Node.js 16.x - uses: actions/setup-node@v3 + - name: Use Node.js 18.x + uses: actions/setup-node@v3.7.0 with: node-version: '18.x' cache: 'pnpm' diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml index 1e8f176164..24377a5969 100644 --- a/.github/workflows/secrets-scan.yml +++ b/.github/workflows/secrets-scan.yml @@ -6,6 +6,6 @@ jobs: security: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.5.3 - name: Gittyleaks uses: gupy-io/gittyleaks-action@v0.1 \ No newline at end of file From c8fe0b0669261969b83b306c0cee29de79cc26e4 Mon Sep 17 00:00:00 2001 From: raj pandey Date: Thu, 13 Jul 2023 19:16:40 +0530 Subject: [PATCH 2/3] Resolved the error in yaml --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5a9c8e7ac6..4373684d5c 100755 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -256,7 +256,6 @@ jobs: with: message: 'Released version' - name: Create Release - uses: actions/create-release@v1.1.4 id: create_release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From ec1e5ae4c6c1f9690d9016dc683c259161ef5124 Mon Sep 17 00:00:00 2001 From: raj pandey Date: Tue, 25 Jul 2023 12:30:54 +0530 Subject: [PATCH 3/3] Removed secrets-scan --- .github/workflows/secrets-scan.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml deleted file mode 100644 index 58ad2321ee..0000000000 --- a/.github/workflows/secrets-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Secrets Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.5.3 - - name: Gittyleaks - uses: gupy-io/gittyleaks-action@v0.1