-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from rdimitrov/implement-frizbee-action
Initial implementation of the frizbee action
- Loading branch information
Showing
18 changed files
with
1,170 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
name: Test workflow for developing the frizbee-action | ||
on: | ||
push: | ||
workflow_dispatch: | ||
|
||
permissions: write-all | ||
|
||
jobs: | ||
test_pr_and_fail_defaults: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: ./ # Uses an action in the root directory | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
open_pr: true | ||
fail_on_unpinned: true | ||
test_pr_and_fail: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: ./ # Uses an action in the root directory | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
actions: tests/workflows | ||
dockerfiles: tests/dockerfiles | ||
kubernetes: tests/k8s | ||
docker_compose: tests/docker_compose | ||
open_pr: true | ||
fail_on_unpinned: true | ||
test_pr_and_fail_again: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: ./ # Uses an action in the root directory | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
actions: tests/workflows | ||
dockerfiles: tests/dockerfiles | ||
kubernetes: tests/k8s | ||
docker_compose: tests/docker_compose | ||
open_pr: true | ||
fail_on_unpinned: true | ||
test_no_pr_and_fail: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: ./ # Uses an action in the root directory | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
actions: tests/workflows | ||
dockerfiles: tests/dockerfiles | ||
kubernetes: tests/k8s | ||
docker_compose: tests/docker_compose | ||
open_pr: false | ||
fail_on_unpinned: true | ||
test_no_pr_and_no_fail: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: ./ # Uses an action in the root directory | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
actions: tests/workflows | ||
dockerfiles: tests/dockerfiles | ||
kubernetes: tests/k8s | ||
docker_compose: tests/docker_compose | ||
open_pr: false | ||
fail_on_unpinned: false | ||
test_no_pr_and_no_fail_no_actions: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: ./ # Uses an action in the root directory | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
actions: "" | ||
dockerfiles: "." | ||
kubernetes: "" | ||
docker_compose: "" | ||
open_pr: false | ||
fail_on_unpinned: false | ||
test_no_pr_and_no_fail_default: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: ./ # Uses an action in the root directory | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
open_pr: false | ||
fail_on_unpinned: false | ||
test_no_pr_and_no_fail_conflict: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: ./ # Uses an action in the root directory | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
actions: "" | ||
dockerfiles: "." | ||
kubernetes: "." | ||
docker_compose: "." | ||
open_pr: false | ||
fail_on_unpinned: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -42,3 +42,5 @@ Thumbs.db | |
|
||
# asdf | ||
.tool-versions | ||
|
||
frizbee-action |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
|
||
# Contributing to Frizbee Action | ||
First off, thank you for taking the time to contribute to Frizbee Action! :+1: :tada: Frizbee Action is released under the Apache 2.0 license. If you would like to contribute something or want to hack on the code, this document should help you get started. You can find some hints for starting development in Frizbee's [README](https://github.com/stacklok/frizbee-action/blob/main/README.md). | ||
|
||
## Table of contents | ||
- [Code of Conduct](#code-of-conduct) | ||
- [Reporting Security Vulnerabilities](#reporting-security-vulnerabilities) | ||
- [How to Contribute](#how-to-contribute) | ||
- [Sign the Contributor License Agreement](#sign-the-contributor-license-agreement) | ||
- [Using GitHub Issues](#using-github-issues) | ||
- [Not sure how to start contributing...](#not-sure-how-to-start-contributing) | ||
- [Pull Request Process](#pull-request-process) | ||
- [Contributing to docs](#contributing-to-docs) | ||
- [Commit Message Guidelines](#commit-message-guidelines) | ||
|
||
|
||
## Code of Conduct | ||
This project adheres to the [Contributor Covenant](https://github.com/stacklok/frizbee/blob/main/CODE_OF_CONDUCT.md) code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to [email protected]. | ||
|
||
## Reporting Security Vulnerabilities | ||
|
||
If you think you have found a security vulnerability in Frizbee please DO NOT disclose it publicly until we’ve had a chance to fix it. Please don’t report security vulnerabilities using GitHub issues; instead, please follow this [process](https://github.com/stacklok/frizbee/blob/main/SECURITY.md) | ||
|
||
## How to Contribute | ||
|
||
### Using GitHub Issues | ||
We use GitHub issues to track bugs and enhancements. If you have a general usage question, please ask in [Frizbee's discussion forum](https://discord.com/invite/RkzVuTp3WK). | ||
|
||
If you are reporting a bug, please help to speed up problem diagnosis by providing as much information as possible. Ideally, that would include a small sample project that reproduces the problem. | ||
|
||
### Sign the Contributor License Agreement | ||
Before we accept a non-trivial patch or pull request, we will need you to sign the [Contributor License Agreement](https://github.com/stacklok/frizbee). Signing the contributor’s agreement does not grant anyone commit rights to the main repository, but it does mean that we can accept your contributions, and you will get an author credit if we do. Active contributors might be asked to join the core team and given the ability to merge pull requests. | ||
|
||
### Not sure how to start contributing... | ||
PRs to resolve existing issues are greatly appreciated and issues labeled as ["good first issue"](https://github.com/stacklok/frizbee/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) are a great place to start! | ||
|
||
### Pull Request Process | ||
* Create an issue outlining the fix or feature. | ||
* Fork the Frizbee Action repository to your own GitHub account and clone it locally. | ||
* Hack on your changes. | ||
* Correctly format your commit messages, see [Commit Message Guidelines](#Commit-Message-Guidelines) below. | ||
* Open a PR by ensuring the title and its description reflect the content of the PR. | ||
* Ensure that CI passes, if it fails, fix the failures. | ||
* Every pull request requires a review from the core Frizbee Action team before merging. | ||
* Once approved, all of your commits will be squashed into a single commit with your PR title. | ||
|
||
### Commit Message Guidelines | ||
We follow the commit formatting recommendations found on [Chris Beams' How to Write a Git Commit Message article](https://chris.beams.io/posts/git-commit/). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,96 @@ | ||
![image](https://github.com/stacklok/frizbee/assets/16540482/35034046-d962-475d-b8e2-67b7625f2a60) | ||
|
||
--- | ||
[![License: Apache 2.0](https://img.shields.io/badge/License-Apache2.0-brightgreen.svg)](https://opensource.org/licenses/Apache-2.0) | [![](https://dcbadge.vercel.app/api/server/RkzVuTp3WK?logo=discord&label=Discord&color=5865&style=flat)](https://discord.gg/RkzVuTp3WK) | ||
|
||
--- | ||
# Frizbee Action | ||
|
||
Frizbee Action helps you pin your GitHub Actions and container images to specific versions using checksums. | ||
|
||
You can configure it to fix it all for you and open a PR with the proposed changes, | ||
fail the CI if unpinned actions are found and much more. | ||
|
||
The action is based on the Frizbee tool, available both as a CLI and as a library - https://github.com/stacklok/frizbee | ||
|
||
## Table of Contents | ||
|
||
- [Usage](#usage) | ||
- [Configuration](#configuration) | ||
- [Contributing](#contributing) | ||
- [License](#license) | ||
|
||
## Usage | ||
|
||
To use the Frizbee Action, you can use the following methods: | ||
|
||
```bash | ||
name: Frizbee Pinned Actions and Container Images Check | ||
|
||
on: | ||
schedule: | ||
- cron: '0 0 * * *' # Run every day at midnight | ||
workflow_dispatch: | ||
|
||
jobs: | ||
frizbee_check: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- uses: stacklok/[email protected] | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
actions: .github/workflows | ||
dockerfiles: ./docker | ||
kubernetes: ./k8s | ||
docker_compose: ./docker | ||
open_pr: true | ||
fail_on_unpinned: true | ||
``` | ||
|
||
## Configuration | ||
|
||
The Frizbee Action can be configured through the following inputs: | ||
|
||
```yml | ||
actions: | ||
description: "Actions to correct" | ||
required: false | ||
default: ".github/workflows" | ||
dockerfiles: | ||
description: "Dockerfiles to correct" | ||
required: false | ||
default: "Dockerfile" | ||
kubernetes: | ||
description: "Kubernetes manifests to correct" | ||
required: false | ||
default: "" | ||
docker_compose: | ||
description: "Docker Compose files to correct" | ||
required: false | ||
default: "" | ||
open_pr: | ||
description: "Open a PR with the changes" | ||
required: false | ||
default: "true" | ||
fail_on_unpinned: | ||
description: "Fail if an unpinned action/image is found" | ||
required: false | ||
default: "false" | ||
``` | ||
### Limitations | ||
The default `GITHUB_TOKEN` doesn't have the necessary permissions (`workflows`) to open a PR. | ||
In case you want to use the `open_pr` feature, you will need to create a new token with the correct scope, add it as a secret | ||
and pass it to the action through the `GITHUB_TOKEN` environment variable. | ||
|
||
## Contributing | ||
|
||
We welcome contributions to Frizbee Action. Please see our [Contributing](./CONTRIBUTING.md) guide for more information. | ||
|
||
## License | ||
|
||
Frizbee is licensed under the [Apache 2.0 License](./LICENSE). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.