Compare commits
59 Commits
946f94de75
..
master
| Author | SHA1 | Date | |
|---|---|---|---|
| af1e73f918 | |||
| da722bde43 | |||
| 2916ad60bd | |||
| ca0a662f78 | |||
| c455755a57 | |||
| 48351901f8 | |||
| 992421c6e6 | |||
| b249b43765 | |||
| 1b67977736 | |||
| 9d49d6a323 | |||
| c99871dec2 | |||
| b43355553d | |||
| 678a46a45e | |||
| f9a0aea0f2 | |||
| cc1e4cb459 | |||
| 02e1730369 | |||
| b548518374 | |||
| a244be3944 | |||
| ee0d698156 | |||
| 127dc2c62e | |||
| 28d93c8e86 | |||
| bb4abc2b4e | |||
| 46b0f7f7db | |||
| 02ce84ffb2 | |||
| aac44b8023 | |||
| e6a67367bb | |||
| e12cbe383a | |||
| 9ef03105cf | |||
| cca864db18 | |||
| ecd3da5c9a | |||
| 9f1db17ebe | |||
| c52380340b | |||
| f941705c01 | |||
| 1a44f13eda | |||
| 4691d54c76 | |||
| 2564fa2273 | |||
| 1d117b3de6 | |||
| 54354cec26 | |||
| 291ce15746 | |||
| d144cc9aaf | |||
| 9bc29939f1 | |||
| 42702f7ab5 | |||
| c5a66b573f | |||
| f356dc0f57 | |||
| 82c046b85a | |||
| f482210217 | |||
| 528895cbd3 | |||
| 3be61c42c8 | |||
| 3d128cd17b | |||
| 4755f4fe4d | |||
| 17f7c1809f | |||
| a2447fe0f6 | |||
| 3864d6aed8 | |||
| 64b25388de | |||
| 17162ab65f | |||
| 37a9a4b333 | |||
| eb1946f59c | |||
| c07548e8a6 | |||
| 20036e466f |
+78
-23
@@ -25,7 +25,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Stop docker
|
name: Stop docker
|
||||||
run: |
|
run: |
|
||||||
@@ -49,7 +49,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -67,7 +67,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -97,7 +97,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -122,7 +122,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to ACR
|
name: Login to ACR
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -142,7 +142,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to Docker Hub
|
name: Login to Docker Hub
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -161,7 +161,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to ECR
|
name: Login to ECR
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -181,10 +181,10 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Configure AWS Credentials
|
name: Configure AWS Credentials
|
||||||
uses: aws-actions/configure-aws-credentials@acca2b1b2070338fb9fd1ca27ecee81d687e58e5 # v6.1.2
|
uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1
|
||||||
with:
|
with:
|
||||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
@@ -195,6 +195,33 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com
|
registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com
|
||||||
|
|
||||||
|
ecr-oidc:
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
id-token: write
|
||||||
|
runs-on: ${{ matrix.os }}
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
os:
|
||||||
|
- ubuntu-latest
|
||||||
|
- windows-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
-
|
||||||
|
name: Configure AWS Credentials
|
||||||
|
uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1
|
||||||
|
with:
|
||||||
|
role-to-assume: arn:aws:iam::175142243308:role/official_gha_cicd_login_action
|
||||||
|
aws-region: us-east-1
|
||||||
|
-
|
||||||
|
name: Login to ECR
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
registry: 175142243308.dkr.ecr.us-east-1.amazonaws.com
|
||||||
|
|
||||||
ecr-public:
|
ecr-public:
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
@@ -206,7 +233,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to Public ECR
|
name: Login to Public ECR
|
||||||
continue-on-error: ${{ matrix.os == 'windows-latest' }}
|
continue-on-error: ${{ matrix.os == 'windows-latest' }}
|
||||||
@@ -229,10 +256,10 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Configure AWS Credentials
|
name: Configure AWS Credentials
|
||||||
uses: aws-actions/configure-aws-credentials@acca2b1b2070338fb9fd1ca27ecee81d687e58e5 # v6.1.2
|
uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1
|
||||||
with:
|
with:
|
||||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
@@ -244,6 +271,34 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
registry: public.ecr.aws
|
registry: public.ecr.aws
|
||||||
|
|
||||||
|
ecr-public-oidc:
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
id-token: write
|
||||||
|
runs-on: ${{ matrix.os }}
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
os:
|
||||||
|
- ubuntu-latest
|
||||||
|
- windows-latest
|
||||||
|
steps:
|
||||||
|
-
|
||||||
|
name: Checkout
|
||||||
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
-
|
||||||
|
name: Configure AWS Credentials
|
||||||
|
uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1
|
||||||
|
with:
|
||||||
|
role-to-assume: arn:aws:iam::175142243308:role/official_gha_cicd_login_action
|
||||||
|
aws-region: us-east-1
|
||||||
|
-
|
||||||
|
name: Login to Public ECR
|
||||||
|
continue-on-error: ${{ matrix.os == 'windows-latest' }}
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
registry: public.ecr.aws
|
||||||
|
|
||||||
ghcr:
|
ghcr:
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
@@ -255,7 +310,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -275,7 +330,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to GitLab
|
name: Login to GitLab
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -295,7 +350,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to Google Artifact Registry
|
name: Login to Google Artifact Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -315,7 +370,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to Google Container Registry
|
name: Login to Google Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -329,7 +384,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to registries
|
name: Login to registries
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -352,7 +407,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to registries
|
name: Login to registries
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -373,7 +428,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to registries
|
name: Login to registries
|
||||||
id: login
|
id: login
|
||||||
@@ -405,7 +460,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to Docker Hub
|
name: Login to Docker Hub
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -435,7 +490,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to Docker Hub
|
name: Login to Docker Hub
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -465,7 +520,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -496,7 +551,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Login to GitHub Container Registry
|
name: Login to GitHub Container Registry
|
||||||
uses: ./
|
uses: ./
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Enable corepack
|
name: Enable corepack
|
||||||
run: |
|
run: |
|
||||||
@@ -35,12 +35,12 @@ jobs:
|
|||||||
node-version: ${{ env.NODE_VERSION }}
|
node-version: ${{ env.NODE_VERSION }}
|
||||||
-
|
-
|
||||||
name: Initialize CodeQL
|
name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
|
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
||||||
with:
|
with:
|
||||||
languages: javascript-typescript
|
languages: javascript-typescript
|
||||||
build-mode: none
|
build-mode: none
|
||||||
-
|
-
|
||||||
name: Perform CodeQL Analysis
|
name: Perform CodeQL Analysis
|
||||||
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
|
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
||||||
with:
|
with:
|
||||||
category: "/language:javascript-typescript"
|
category: "/language:javascript-typescript"
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ on:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
run:
|
run:
|
||||||
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
|
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
pull-requests: write
|
pull-requests: write
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Publish
|
name: Publish
|
||||||
uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
|
uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
|
||||||
|
|||||||
@@ -20,16 +20,16 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Test
|
name: Test
|
||||||
uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
|
uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0
|
||||||
with:
|
with:
|
||||||
source: .
|
source: .
|
||||||
targets: test
|
targets: test
|
||||||
-
|
-
|
||||||
name: Upload coverage
|
name: Upload coverage
|
||||||
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
|
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
|
||||||
with:
|
with:
|
||||||
files: ./coverage/clover.xml
|
files: ./coverage/clover.xml
|
||||||
token: ${{ secrets.CODECOV_TOKEN }}
|
token: ${{ secrets.CODECOV_TOKEN }}
|
||||||
|
|||||||
@@ -30,14 +30,14 @@ jobs:
|
|||||||
permission-contents: write
|
permission-contents: write
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
ref: ${{ github.event.pull_request.head.ref }}
|
ref: ${{ github.event.pull_request.head.ref }}
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
token: ${{ steps.docker-read-app.outputs.token }}
|
token: ${{ steps.docker-read-app.outputs.token }}
|
||||||
-
|
-
|
||||||
name: Build
|
name: Build
|
||||||
uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
|
uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0
|
||||||
with:
|
with:
|
||||||
source: .
|
source: .
|
||||||
targets: build
|
targets: build
|
||||||
@@ -50,7 +50,7 @@ jobs:
|
|||||||
git config user.name "github-actions[bot]"
|
git config user.name "github-actions[bot]"
|
||||||
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
||||||
git add dist
|
git add dist
|
||||||
git commit -m "chore: update generated content"
|
git commit -m "[dependabot skip] chore: update generated content"
|
||||||
git push
|
git push
|
||||||
)
|
)
|
||||||
else
|
else
|
||||||
|
|||||||
@@ -22,11 +22,11 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
-
|
-
|
||||||
name: Generate matrix
|
name: Generate matrix
|
||||||
id: generate
|
id: generate
|
||||||
uses: docker/bake-action/subaction/matrix@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
|
uses: docker/bake-action/subaction/matrix@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0
|
||||||
with:
|
with:
|
||||||
target: validate
|
target: validate
|
||||||
|
|
||||||
@@ -41,6 +41,6 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Validate
|
name: Validate
|
||||||
uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
|
uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0
|
||||||
with:
|
with:
|
||||||
targets: ${{ matrix.target }}
|
targets: ${{ matrix.target }}
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ on:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
zizmor:
|
zizmor:
|
||||||
uses: crazy-max/.github/.github/workflows/zizmor.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
|
uses: crazy-max/.github/.github/workflows/zizmor.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
security-events: write
|
security-events: write
|
||||||
|
|||||||
@@ -14,6 +14,9 @@ logFilters:
|
|||||||
- code: YN0086
|
- code: YN0086
|
||||||
level: discard
|
level: discard
|
||||||
|
|
||||||
|
npmPreapprovedPackages:
|
||||||
|
- "@docker/actions-toolkit"
|
||||||
|
|
||||||
compressionLevel: mixed
|
compressionLevel: mixed
|
||||||
enableGlobalCache: false
|
enableGlobalCache: false
|
||||||
enableHardenedMode: true
|
enableHardenedMode: true
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
import {afterEach, expect, test} from 'vitest';
|
import {afterEach, expect, test, vi} from 'vitest';
|
||||||
import * as path from 'path';
|
import * as path from 'path';
|
||||||
|
|
||||||
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
|
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
|
||||||
@@ -6,6 +6,7 @@ import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
|
|||||||
import {getAuthList, getInputs} from '../src/context.js';
|
import {getAuthList, getInputs} from '../src/context.js';
|
||||||
|
|
||||||
afterEach(() => {
|
afterEach(() => {
|
||||||
|
vi.restoreAllMocks();
|
||||||
for (const key of Object.keys(process.env)) {
|
for (const key of Object.keys(process.env)) {
|
||||||
if (key.startsWith('INPUT_')) {
|
if (key.startsWith('INPUT_')) {
|
||||||
delete process.env[key];
|
delete process.env[key];
|
||||||
@@ -33,3 +34,37 @@ test('getAuthList uses the default Docker Hub registry when computing scoped con
|
|||||||
configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope')
|
configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope')
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
test('getAuthList skips secret masking when registry-auth password is absent', async () => {
|
||||||
|
const stdoutWriteSpy = vi.spyOn(process.stdout, 'write').mockImplementation(() => true);
|
||||||
|
const [auth] = getAuthList({
|
||||||
|
registry: '',
|
||||||
|
username: '',
|
||||||
|
password: '',
|
||||||
|
scope: '',
|
||||||
|
ecr: '',
|
||||||
|
logout: true,
|
||||||
|
registryAuth: '- registry: public.ecr.aws\n'
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(stdoutWriteSpy.mock.calls.map(call => call[0]).join('')).not.toContain('::add-mask::');
|
||||||
|
expect(auth).toMatchObject({
|
||||||
|
registry: 'public.ecr.aws',
|
||||||
|
ecr: 'auto'
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
test('getAuthList masks registry-auth password when present', async () => {
|
||||||
|
const stdoutWriteSpy = vi.spyOn(process.stdout, 'write').mockImplementation(() => true);
|
||||||
|
getAuthList({
|
||||||
|
registry: '',
|
||||||
|
username: '',
|
||||||
|
password: '',
|
||||||
|
scope: '',
|
||||||
|
ecr: '',
|
||||||
|
logout: true,
|
||||||
|
registryAuth: '- registry: ghcr.io\n username: dbowie\n password: groundcontrol\n'
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(stdoutWriteSpy.mock.calls.map(call => call[0]).join('')).toContain('::add-mask::groundcontrol');
|
||||||
|
});
|
||||||
|
|||||||
+1
-1
@@ -17,7 +17,7 @@ FROM base AS deps
|
|||||||
RUN --mount=type=bind,target=.,rw \
|
RUN --mount=type=bind,target=.,rw \
|
||||||
--mount=type=cache,target=/src/.yarn/cache \
|
--mount=type=cache,target=/src/.yarn/cache \
|
||||||
--mount=type=cache,target=/src/node_modules \
|
--mount=type=cache,target=/src/node_modules \
|
||||||
yarn install && mkdir /vendor && cp yarn.lock /vendor
|
yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
|
||||||
|
|
||||||
FROM scratch AS vendor-update
|
FROM scratch AS vendor-update
|
||||||
COPY --from=deps /vendor /
|
COPY --from=deps /vendor /
|
||||||
|
|||||||
+155
-167
File diff suppressed because one or more lines are too long
+4
-4
File diff suppressed because one or more lines are too long
+46
-1360
File diff suppressed because it is too large
Load Diff
+7
-7
@@ -4,7 +4,7 @@
|
|||||||
"type": "module",
|
"type": "module",
|
||||||
"main": "src/main.ts",
|
"main": "src/main.ts",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify && yarn run license",
|
"build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify --keep-names && yarn run license",
|
||||||
"lint": "eslint --max-warnings=0 .",
|
"lint": "eslint --max-warnings=0 .",
|
||||||
"format": "eslint --fix .",
|
"format": "eslint --fix .",
|
||||||
"test": "vitest run",
|
"test": "vitest run",
|
||||||
@@ -24,12 +24,12 @@
|
|||||||
"packageManager": "yarn@4.15.0",
|
"packageManager": "yarn@4.15.0",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/core": "^3.0.1",
|
"@actions/core": "^3.0.1",
|
||||||
"@aws-sdk/client-ecr": "^3.1050.0",
|
"@aws-sdk/client-ecr": "^3.1077.0",
|
||||||
"@aws-sdk/client-ecr-public": "^3.1050.0",
|
"@aws-sdk/client-ecr-public": "^3.1077.0",
|
||||||
"@docker/actions-toolkit": "^0.91.0",
|
"@docker/actions-toolkit": "^0.92.0",
|
||||||
"http-proxy-agent": "^9.0.0",
|
"http-proxy-agent": "^9.1.0",
|
||||||
"https-proxy-agent": "^9.0.0",
|
"https-proxy-agent": "^9.1.0",
|
||||||
"js-yaml": "^4.1.1"
|
"js-yaml": "^5.2.0"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@eslint/js": "^9.39.3",
|
"@eslint/js": "^9.39.3",
|
||||||
|
|||||||
+3
-1
@@ -53,7 +53,9 @@ export function getAuthList(inputs: Inputs): Array<Auth> {
|
|||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
|
auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
|
||||||
core.setSecret(auth.password); // redacted in workflow logs
|
if (auth.password) {
|
||||||
|
core.setSecret(auth.password); // redacted in workflow logs
|
||||||
|
}
|
||||||
const registry = auth.registry || 'docker.io';
|
const registry = auth.registry || 'docker.io';
|
||||||
return {
|
return {
|
||||||
registry,
|
registry,
|
||||||
|
|||||||
Reference in New Issue
Block a user