build(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.9 to 3.0.14 #613
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| pull_request: | |
| branches: | |
| - develop | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - labeled | |
| workflow_dispatch: | |
| env: | |
| CHART_NAME: common | |
| CHART_DIR: charts/common | |
| HELM_REPO: Activiti/activiti-cloud-helm-charts | |
| HELM_REPO_NAME: activiti-cloud-helm-charts | |
| HELM_REPO_BASE_URL: https://activiti.github.io/activiti-cloud-helm-charts | |
| HELM_REPO_BRANCH: gh-pages | |
| HELM_REPO_SUBFOLDER: . | |
| jobs: | |
| pre-checks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Check dependabot build | |
| uses: Activiti/Activiti/.github/actions/check-ext-build@d50dea0ec2f4b06b26a8018e5b9083fbced01ed5 # 8.0.0-alpha.10 | |
| - name: Setup Helm Docs | |
| uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@76affd16a4dd9a440cf66bf42656b1d826e8dfc2 # v5.34.0 | |
| with: | |
| version: 1.13.1 | |
| - name: Run Checkov | |
| uses: bridgecrewio/checkov-action@e1bb78184f5dd3690fb1089d6c4f51295f9dff48 # v12.1839.0 | |
| with: | |
| framework: kubernetes | |
| - name: pre-commit | |
| uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@76affd16a4dd9a440cf66bf42656b1d826e8dfc2 # v5.34.0 | |
| with: | |
| skip_checkout: true | |
| - name: Ensure SHA pinned actions | |
| uses: zgosalvez/github-actions-ensure-sha-pinned-actions@40ba2d51b6b6d8695f2b6bd74e785172d4f8d00f # v3.0.14 | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: pre-checks | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Build | |
| uses: Alfresco/alfresco-build-tools/.github/actions/helm-build-chart@76affd16a4dd9a440cf66bf42656b1d826e8dfc2 # v5.34.0 | |
| with: | |
| chart-dir: ${{ env.CHART_DIR }} | |
| - name: Setup Helm test plugin | |
| run: helm plugin install https://github.com/helm-unittest/helm-unittest.git --version v0.5.1 || true | |
| - name: Test | |
| run: helm unittest $CHART_DIR | |
| publish: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| outputs: | |
| version: ${{ steps.calculate-next-internal-version.outputs.next-prerelease }} | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Parse next release | |
| id: helm-parse-next-release | |
| uses: Alfresco/alfresco-build-tools/.github/actions/helm-parse-next-release@76affd16a4dd9a440cf66bf42656b1d826e8dfc2 # v5.34.0 | |
| with: | |
| chart-dir: ${{ env.CHART_DIR }} | |
| - id: calculate-next-internal-version | |
| name: Calculate next internal release | |
| uses: Alfresco/alfresco-build-tools/.github/actions/calculate-next-internal-version@76affd16a4dd9a440cf66bf42656b1d826e8dfc2 # v5.34.0 | |
| with: | |
| next-version: ${{ steps.helm-parse-next-release.outputs.next-release }} | |
| - id: helm-release-and-publish | |
| name: Release and publish helm chart | |
| uses: Alfresco/alfresco-build-tools/.github/actions/helm-release-and-publish@76affd16a4dd9a440cf66bf42656b1d826e8dfc2 # v5.34.0 | |
| with: | |
| version: ${{ steps.calculate-next-internal-version.outputs.next-prerelease }} | |
| chart-dir: ${{ env.CHART_DIR }} | |
| helm-repository: ${{ env.HELM_REPO }} | |
| helm-repository-branch: ${{ env.HELM_REPO_BRANCH }} | |
| helm-repository-subfolder: ${{ env.HELM_REPO_SUBFOLDER }} | |
| helm-repository-base-url: ${{ env.HELM_REPO_BASE_URL }} | |
| helm-repository-token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| git-username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
| do-push: ${{ github.event_name == 'push' }} | |
| propagate: | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| needs: publish | |
| env: | |
| VERSION: ${{ needs.publish.outputs.version }} | |
| DEVELOPMENT_BRANCH: ${{ github.ref_name }} | |
| steps: | |
| - uses: Activiti/activiti-scripts/.github/actions/wait-for-chart@dcd77f72b8bfe93bc2ed1cc975b321593747621a # 8.5.0 | |
| with: | |
| chart-name: ${{ env.CHART_NAME }} | |
| version: ${{ env.VERSION }} | |
| helm-repo-name: ${{ env.HELM_REPO_NAME }} | |
| helm-repo-url: ${{ env.HELM_REPO_BASE_URL }} | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@76affd16a4dd9a440cf66bf42656b1d826e8dfc2 # v5.34.0 | |
| with: | |
| version: 1.13.1 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/jx-updatebot-pr@76affd16a4dd9a440cf66bf42656b1d826e8dfc2 # v5.34.0 | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| with: | |
| version: ${{ env.VERSION }} | |
| auto-merge: 'true' | |
| labels: ${{ env.DEVELOPMENT_BRANCH }} | |
| base-branch-name: ${{ env.DEVELOPMENT_BRANCH }} | |
| git-username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
| git-token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| git-author-name: ${{ secrets.BOT_GITHUB_USERNAME }} | |
| git-author-email: ${{ secrets.BOT_GITHUB_USERNAME }}@users.noreply.github.com | |
| notify: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - propagate | |
| if: always() && failure() && github.event_name == 'push' | |
| steps: | |
| - name: Slack Notification | |
| uses: Alfresco/alfresco-build-tools/.github/actions/send-slack-notification@76affd16a4dd9a440cf66bf42656b1d826e8dfc2 # v5.34.0 | |
| with: | |
| channel-id: 'C03PMT6APFU' # eng-hxp-studio-activiti-gh-notifs, to be renamed eng-automate-activiti-gh-notifs | |
| token: ${{ secrets.SLACK_NOTIFICATION_BOT_TOKEN }} |