Skip to content

Commit

Permalink
Merge pull request #2 from rdimitrov/implement-frizbee-action
Browse files Browse the repository at this point in the history
Initial implementation of the frizbee action
  • Loading branch information
rdimitrov authored Jun 11, 2024
2 parents 2679929 + 5602ab2 commit 327fadc
Show file tree
Hide file tree
Showing 18 changed files with 1,170 additions and 52 deletions.
120 changes: 120 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
name: Test workflow for developing the frizbee-action
on:
push:
workflow_dispatch:

permissions: write-all

jobs:
test_pr_and_fail_defaults:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./ # Uses an action in the root directory
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
open_pr: true
fail_on_unpinned: true
test_pr_and_fail:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./ # Uses an action in the root directory
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
actions: tests/workflows
dockerfiles: tests/dockerfiles
kubernetes: tests/k8s
docker_compose: tests/docker_compose
open_pr: true
fail_on_unpinned: true
test_pr_and_fail_again:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./ # Uses an action in the root directory
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
actions: tests/workflows
dockerfiles: tests/dockerfiles
kubernetes: tests/k8s
docker_compose: tests/docker_compose
open_pr: true
fail_on_unpinned: true
test_no_pr_and_fail:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./ # Uses an action in the root directory
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
actions: tests/workflows
dockerfiles: tests/dockerfiles
kubernetes: tests/k8s
docker_compose: tests/docker_compose
open_pr: false
fail_on_unpinned: true
test_no_pr_and_no_fail:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./ # Uses an action in the root directory
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
actions: tests/workflows
dockerfiles: tests/dockerfiles
kubernetes: tests/k8s
docker_compose: tests/docker_compose
open_pr: false
fail_on_unpinned: false
test_no_pr_and_no_fail_no_actions:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./ # Uses an action in the root directory
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
actions: ""
dockerfiles: "."
kubernetes: ""
docker_compose: ""
open_pr: false
fail_on_unpinned: false
test_no_pr_and_no_fail_default:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./ # Uses an action in the root directory
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
open_pr: false
fail_on_unpinned: false
test_no_pr_and_no_fail_conflict:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./ # Uses an action in the root directory
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
actions: ""
dockerfiles: "."
kubernetes: "."
docker_compose: "."
open_pr: false
fail_on_unpinned: false
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,5 @@ Thumbs.db

# asdf
.tool-versions

frizbee-action
48 changes: 48 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@

# Contributing to Frizbee Action
First off, thank you for taking the time to contribute to Frizbee Action! :+1: :tada: Frizbee Action is released under the Apache 2.0 license. If you would like to contribute something or want to hack on the code, this document should help you get started. You can find some hints for starting development in Frizbee's [README](https://github.com/stacklok/frizbee-action/blob/main/README.md).

## Table of contents
- [Code of Conduct](#code-of-conduct)
- [Reporting Security Vulnerabilities](#reporting-security-vulnerabilities)
- [How to Contribute](#how-to-contribute)
- [Sign the Contributor License Agreement](#sign-the-contributor-license-agreement)
- [Using GitHub Issues](#using-github-issues)
- [Not sure how to start contributing...](#not-sure-how-to-start-contributing)
- [Pull Request Process](#pull-request-process)
- [Contributing to docs](#contributing-to-docs)
- [Commit Message Guidelines](#commit-message-guidelines)


## Code of Conduct
This project adheres to the [Contributor Covenant](https://github.com/stacklok/frizbee/blob/main/CODE_OF_CONDUCT.md) code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to [email protected].

## Reporting Security Vulnerabilities

If you think you have found a security vulnerability in Frizbee please DO NOT disclose it publicly until we’ve had a chance to fix it. Please don’t report security vulnerabilities using GitHub issues; instead, please follow this [process](https://github.com/stacklok/frizbee/blob/main/SECURITY.md)

## How to Contribute

### Using GitHub Issues
We use GitHub issues to track bugs and enhancements. If you have a general usage question, please ask in [Frizbee's discussion forum](https://discord.com/invite/RkzVuTp3WK).

If you are reporting a bug, please help to speed up problem diagnosis by providing as much information as possible. Ideally, that would include a small sample project that reproduces the problem.

### Sign the Contributor License Agreement
Before we accept a non-trivial patch or pull request, we will need you to sign the [Contributor License Agreement](https://github.com/stacklok/frizbee). Signing the contributor’s agreement does not grant anyone commit rights to the main repository, but it does mean that we can accept your contributions, and you will get an author credit if we do. Active contributors might be asked to join the core team and given the ability to merge pull requests.

### Not sure how to start contributing...
PRs to resolve existing issues are greatly appreciated and issues labeled as ["good first issue"](https://github.com/stacklok/frizbee/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) are a great place to start!

### Pull Request Process
* Create an issue outlining the fix or feature.
* Fork the Frizbee Action repository to your own GitHub account and clone it locally.
* Hack on your changes.
* Correctly format your commit messages, see [Commit Message Guidelines](#Commit-Message-Guidelines) below.
* Open a PR by ensuring the title and its description reflect the content of the PR.
* Ensure that CI passes, if it fails, fix the failures.
* Every pull request requires a review from the core Frizbee Action team before merging.
* Once approved, all of your commits will be squashed into a single commit with your PR title.

### Commit Message Guidelines
We follow the commit formatting recommendations found on [Chris Beams' How to Write a Git Commit Message article](https://chris.beams.io/posts/git-commit/).
1 change: 0 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
FROM golang:alpine3.19@sha256:0466223b8544fb7d4ff04748acc4d75a608234bf4e79563bff208d2060c0dd79
RUN apk add git

COPY . /home/src
WORKDIR /home/src
Expand Down
94 changes: 94 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,96 @@
![image](https://github.com/stacklok/frizbee/assets/16540482/35034046-d962-475d-b8e2-67b7625f2a60)

---
[![License: Apache 2.0](https://img.shields.io/badge/License-Apache2.0-brightgreen.svg)](https://opensource.org/licenses/Apache-2.0) | [![](https://dcbadge.vercel.app/api/server/RkzVuTp3WK?logo=discord&label=Discord&color=5865&style=flat)](https://discord.gg/RkzVuTp3WK)

---
# Frizbee Action

Frizbee Action helps you pin your GitHub Actions and container images to specific versions using checksums.

You can configure it to fix it all for you and open a PR with the proposed changes,
fail the CI if unpinned actions are found and much more.

The action is based on the Frizbee tool, available both as a CLI and as a library - https://github.com/stacklok/frizbee

## Table of Contents

- [Usage](#usage)
- [Configuration](#configuration)
- [Contributing](#contributing)
- [License](#license)

## Usage

To use the Frizbee Action, you can use the following methods:

```bash
name: Frizbee Pinned Actions and Container Images Check

on:
schedule:
- cron: '0 0 * * *' # Run every day at midnight
workflow_dispatch:

jobs:
frizbee_check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: stacklok/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
actions: .github/workflows
dockerfiles: ./docker
kubernetes: ./k8s
docker_compose: ./docker
open_pr: true
fail_on_unpinned: true
```

## Configuration

The Frizbee Action can be configured through the following inputs:

```yml
actions:
description: "Actions to correct"
required: false
default: ".github/workflows"
dockerfiles:
description: "Dockerfiles to correct"
required: false
default: "Dockerfile"
kubernetes:
description: "Kubernetes manifests to correct"
required: false
default: ""
docker_compose:
description: "Docker Compose files to correct"
required: false
default: ""
open_pr:
description: "Open a PR with the changes"
required: false
default: "true"
fail_on_unpinned:
description: "Fail if an unpinned action/image is found"
required: false
default: "false"
```
### Limitations
The default `GITHUB_TOKEN` doesn't have the necessary permissions (`workflows`) to open a PR.
In case you want to use the `open_pr` feature, you will need to create a new token with the correct scope, add it as a secret
and pass it to the action through the `GITHUB_TOKEN` environment variable.

## Contributing

We welcome contributions to Frizbee Action. Please see our [Contributing](./CONTRIBUTING.md) guide for more information.

## License

Frizbee is licensed under the [Apache 2.0 License](./LICENSE).
28 changes: 24 additions & 4 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,30 @@ branding:
icon: "at-sign"
color: "green"
inputs:
GITHUB_TOKEN:
description: "GitHub token"
required: true

actions:
description: "Actions to correct"
required: false
default: ".github/workflows"
dockerfiles:
description: "Dockerfiles to correct"
required: false
default: "Dockerfile"
kubernetes:
description: "Kubernetes manifests to correct"
required: false
default: ""
docker_compose:
description: "Docker Compose files to correct"
required: false
default: ""
open_pr:
description: "Open a PR with the changes"
required: false
default: "true"
fail_on_unpinned:
description: "Fail if an unpinned action/image is found"
required: false
default: "false"
runs:
using: "docker"
image: "Dockerfile"
Expand Down
48 changes: 47 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,54 @@ module github.com/stacklok/frizbee-action
go 1.22.1

require (
github.com/deckarep/golang-set/v2 v2.6.0
github.com/go-git/go-billy/v5 v5.5.0
github.com/go-git/go-git/v5 v5.12.0
github.com/google/go-github/v60 v60.0.0
github.com/stacklok/frizbee v0.0.19
golang.org/x/oauth2 v0.21.0
)

require github.com/google/go-querystring v1.1.0 // indirect
require (
dario.cat/mergo v1.0.0 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/ProtonMail/go-crypto v1.0.0 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/docker/cli v24.0.0+incompatible // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/docker v24.0.9+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/go-containerregistry v0.19.1 // indirect
github.com/google/go-github/v61 v61.0.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/compress v1.16.5 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/puzpuzpuz/xsync v1.5.2 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/sirupsen/logrus v1.9.1 // indirect
github.com/skeema/knownhosts v1.2.2 // indirect
github.com/spf13/cobra v1.8.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/vbatts/tar-split v0.11.3 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/net v0.22.0 // indirect
golang.org/x/sync v0.7.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/tools v0.13.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
Loading

0 comments on commit 327fadc

Please sign in to comment.