diff --git a/.github/workflows/cid-ossf.yml b/.github/workflows/cid-ossf.yml index 2e91569..d3b71f1 100644 --- a/.github/workflows/cid-ossf.yml +++ b/.github/workflows/cid-ossf.yml @@ -1,10 +1,10 @@ -# cid-workflow-version: 0.0.14 +# cid-workflow-version: 0.0.16 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! # name -name: OSSF Scorecard +name: CID - OSSF Scorecard on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection @@ -13,8 +13,8 @@ on: # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - cron: '40 23 * * 5' - push: - branches: [ 'main' ] + # Allow manual triggering of the workflow + workflow_dispatch: # Read Permissions. See # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions @@ -42,11 +42,24 @@ jobs: egress-policy: block allowed-endpoints: >- api.github.com:443 + cdn01.quay.io:443 + cdn02.quay.io:443 + cdn03.quay.io:443 + codeload.github.com:443 + downloads.gradle.org:443 github.com:443 + jcenter.bintray.com:443 + kotlinlang.org:443 objects.githubusercontent.com:443 + plugins-artifacts.gradle.org:443 + plugins.gradle.org:443 + quay.io:443 raw.githubusercontent.com:443 + repo.maven.apache.org:443 + repo1.maven.org:443 + services.gradle.org:443 + uploads.github.com:443 api.osv.dev:443 - codeload.github.com:443 www.bestpractices.dev:443 oss-fuzz-build-logs.storage.googleapis.com:443 rekor.sigstore.dev:443 @@ -68,4 +81,4 @@ jobs: with: name: SARIF file path: results.sarif - retention-days: 5 \ No newline at end of file + retention-days: 5 diff --git a/.github/workflows/cid-pullrequest.yml b/.github/workflows/cid-pullrequest.yml index 0cf686d..35b7ae0 100644 --- a/.github/workflows/cid-pullrequest.yml +++ b/.github/workflows/cid-pullrequest.yml @@ -1,10 +1,10 @@ -# cid-workflow-version: 0.0.14 +# cid-workflow-version: 0.0.16 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! # name -name: cid-pullrequest +name: CID - PullRequest # triggers on: @@ -26,7 +26,6 @@ on: paths-ignore: - README.md - LICENSE - - .github/** - .gitignore - .editorconfig - renovate.json @@ -63,6 +62,7 @@ env: cdn01.quay.io:443 cdn02.quay.io:443 cdn03.quay.io:443 + codeload.github.com:443 downloads.gradle.org:443 github.com:443 jcenter.bintray.com:443 @@ -108,7 +108,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: info @@ -140,7 +140,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: build @@ -150,13 +150,13 @@ jobs: run: | cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage build - name: upload artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: build-${{ github.run_id }} path: .dist retention-days: 1 if-no-files-found: ignore - + # test test: name: Test @@ -174,7 +174,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: test @@ -184,7 +184,7 @@ jobs: run: | cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage test - name: upload artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: test-${{ github.run_id }} path: .dist @@ -210,17 +210,17 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: download artifacts > build - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: build-${{ github.run_id }} path: .dist continue-on-error: true - name: download artifacts > test - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: test-${{ github.run_id }} path: .dist @@ -235,4 +235,4 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }} run: | - cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage scan \ No newline at end of file + cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage scan diff --git a/.github/workflows/cid.yml b/.github/workflows/cid.yml index f3b4860..f873b0b 100644 --- a/.github/workflows/cid.yml +++ b/.github/workflows/cid.yml @@ -1,10 +1,10 @@ -# cid-workflow-version: 0.0.14 +# cid-workflow-version: 0.0.16 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! # name -name: cid-main +name: CID - DefaultBranch # triggers on: @@ -28,7 +28,6 @@ on: paths-ignore: - README.md - LICENSE - - .github/** - .gitignore - .editorconfig - renovate.json @@ -65,6 +64,7 @@ env: cdn01.quay.io:443 cdn02.quay.io:443 cdn03.quay.io:443 + codeload.github.com:443 downloads.gradle.org:443 github.com:443 jcenter.bintray.com:443 @@ -110,7 +110,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: info @@ -142,7 +142,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: build @@ -152,13 +152,13 @@ jobs: run: | cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage build - name: upload artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: build-${{ github.run_id }} path: .dist retention-days: 1 if-no-files-found: ignore - + # test test: name: Test @@ -176,7 +176,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: test @@ -186,7 +186,7 @@ jobs: run: | cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage test - name: upload artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: test-${{ github.run_id }} path: .dist @@ -212,17 +212,17 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: download artifacts > build - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: build-${{ github.run_id }} path: .dist continue-on-error: true - name: download artifacts > test - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: test-${{ github.run_id }} path: .dist @@ -258,11 +258,11 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: download artifacts > build - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: build-${{ github.run_id }} path: .dist @@ -274,7 +274,7 @@ jobs: run: | cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage package - name: upload artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: package-${{ github.run_id }} path: .dist @@ -304,11 +304,11 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: download artifacts > package - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: package-${{ github.run_id }} path: .dist @@ -325,4 +325,4 @@ jobs: MAVEN_GPG_SIGN_PASSWORD: ${{ secrets.MAVEN_GPG_SIGN_PASSWORD }} MAVEN_GPG_SIGN_KEYID: ${{ secrets.MAVEN_GPG_SIGN_KEYID }} run: | - cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage publish \ No newline at end of file + cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage publish