Merge branch 'main' into axdotl-patch-1

Staffbase · Oct 21, 2024 · 0f4b893 · 0f4b893
2 parents d7da088 + d8356ed
commit 0f4b893
Show file tree

Hide file tree

Showing 10 changed files with 77 additions and 42 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,2 +1,2 @@
 *                                                        @Staffbase/workflow-enthusiasts
-.github/workflows/template_testio_trigger_test.yml       @Staffbase/bomberman
+.github/workflows/template_testio_trigger_test.yml       @Staffbase/pokemon
diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
@@ -12,7 +12,7 @@ jobs:
     steps:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request'
-        uses: cla-assistant/github-action@v2.4.0
+        uses: cla-assistant/github-action@v2.6.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.OSS_CONTRIBUTOR_LICENSE_AGREEMENT }}

diff --git a/.github/workflows/template_autodev.yml b/.github/workflows/template_autodev.yml
@@ -67,7 +67,7 @@ jobs:
     steps:
       - name: Get App Token
         if: ${{ env.USING_APP_CREDENTIALS == 'true' }}
-        uses: actions/create-github-app-token@v1.10.0
+        uses: actions/create-github-app-token@v1.11.0
         id: get_token
         with:
           app-id: ${{ secrets.app_id }}

diff --git a/.github/workflows/template_automerge_dependabot.yml b/.github/workflows/template_automerge_dependabot.yml
@@ -12,6 +12,16 @@ on:
         default: "squash"
         required: false
         type: string
+      update-types:
+        description: "Types of version update to allow (possible values are: minor, major, patch)"
+        default: "patch,minor"
+        required: false
+        type: string
+      include-pre-release:
+        description: "Include pre-release updates"
+        default: false
+        required: false
+        type: boolean
     secrets:
       app_id:
         required: true
@@ -28,23 +38,38 @@ jobs:
 
     steps:
       - name: Get App Token
-        uses: actions/create-github-app-token@v1.10.0
+        uses: actions/create-github-app-token@v1.11.0
         id: get_token
         with:
           app-id: ${{ secrets.app_id }}
           private-key: ${{ secrets.private_key }}
 
       - name: Load dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v2.1.0
+        uses: dependabot/fetch-metadata@v2.2.0
         with:
           github-token: ${{ steps.get_token.outputs.token }}
 
       - name: Enable auto-merge for Dependabot PRs
         if: >-
-          (steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
-          steps.metadata.outputs.update-type == 'version-update:semver-minor') &&
-          !startsWith(steps.metadata.outputs.previous-version, '0.')
+          (
+            inputs.include-pre-release ||
+            !startsWith(steps.metadata.outputs.previous-version, '0.')
+          ) &&
+          (
+            (
+              contains(inputs.update-types, 'major') &&
+              steps.metadata.outputs.update-type == 'version-update:semver-major'
+            ) ||
+            (
+              contains(inputs.update-types, 'minor') &&
+              steps.metadata.outputs.update-type == 'version-update:semver-minor'
+            ) ||
+            (
+              contains(inputs.update-types, 'patch') &&
+              steps.metadata.outputs.update-type == 'version-update:semver-patch'
+            )
+          )
         run: |
           gh pr review --approve "$PR_URL"
 

diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml
@@ -6,7 +6,7 @@ on:
       docker-registry:
         required: false
         type: string
-        default: "staffbase.jfrog.io"
+        default: "registry.staffbase.com"
       docker-build-args:
         required: false
         type: string
@@ -29,6 +29,9 @@ on:
         required: false
         type: string
         default: sb-images/${{ github.event.repository.name }}
+      docker-custom-tag:
+        required: false
+        type: string
       gitops-dev:
         required: false
         type: string
@@ -49,11 +52,11 @@ on:
       gitops-user:
         required: false
         type: string
-        default: "Staffbot"
+        default: "staffbase-actions"
       gitops-email:
         required: false
         type: string
-        default: "staffbot@staffbase.com"
+        default: "staffbase-actions[bot]@users.noreply.github.com"
       working-directory:
         required: false
         type: string
@@ -93,15 +96,15 @@ jobs:
 
       - name: Get App Token
         if: ${{ env.USING_APP_CREDENTIALS == 'true' }}
-        uses: actions/create-github-app-token@v1.10.0
+        uses: actions/create-github-app-token@v1.11.0
         id: get_token
         with:
           app-id: ${{ secrets.app-id }}
           private-key: ${{ secrets.private-key }}
           owner: ${{inputs.gitops-organization }}
 
       - name: GitOps (build, push and deploy a new Docker image)
-        uses: Staffbase/gitops-github-action@v5.5
+        uses: Staffbase/gitops-github-action@v6.2
         with:
           docker-registry: ${{ inputs.docker-registry }}
           docker-username: ${{ secrets.docker-username }}
@@ -116,6 +119,7 @@ jobs:
           docker-disable-retagging: ${{ inputs.docker-disable-retagging }}
           docker-file: ${{ inputs.docker-file }}
           docker-image: ${{ inputs.docker-image }}
+          docker-custom-tag: ${{ inputs.docker-custom-tag }}
           gitops-organization: ${{ inputs.gitops-organization }}
           gitops-repository: ${{ inputs.gitops-repository }}
           gitops-user: ${{ inputs.gitops-user }}

diff --git a/.github/workflows/template_jira_tagging.yml b/.github/workflows/template_jira_tagging.yml
@@ -33,12 +33,12 @@ jobs:
 
       - name: Fetch ticket Ids
         id: fetchTicketIds
-        uses: Staffbase/github-action-issue-id-collection@v1.1.0
+        uses: Staffbase/github-action-issue-id-collection@v1.2.0
         env:
           TAG_MATCHER: ${{ inputs.tag-matcher }}
 
       - name: Add release notes to JIRA tickets
-        uses: Staffbase/github-action-jira-release-tagging@v1.3.1
+        uses: Staffbase/github-action-jira-release-tagging@v1.4.0
         env:
           JIRA_BASEURL: ${{ secrets.jira-url }}
           JIRA_TOKEN: ${{ secrets.jira-token }}

diff --git a/.github/workflows/template_release_drafter.yml b/.github/workflows/template_release_drafter.yml
@@ -36,7 +36,7 @@ jobs:
     steps:
       - name: Get App Token
         if: ${{ env.USING_APP_CREDENTIALS == 'true' }}
-        uses: actions/create-github-app-token@v1.10.0
+        uses: actions/create-github-app-token@v1.11.0
         id: get_token
         with:
           app-id: ${{ secrets.app_id }}

diff --git a/.github/workflows/template_secret_scan.yml b/.github/workflows/template_secret_scan.yml
@@ -17,7 +17,7 @@ jobs:
           fetch-tags: false
 
       - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.78.0
+        uses: trufflesecurity/trufflehog@v3.82.2
         with:
           path: ./
           base: ${{ github.event.repository.default_branch }}

diff --git a/.github/workflows/versions.yml b/.github/workflows/versions.yml
@@ -15,14 +15,14 @@ jobs:
           sed -i -E 's/(v[0-9]+.[0-9]+.[0-9]+)/${{ github.ref_name }}/g' README.md
 
       - name: Get App Token
-        uses: actions/create-github-app-token@v1.10.1
+        uses: actions/create-github-app-token@v1.11.0
         id: get_token
         with:
           app-id: ${{ vars.STAFFBASE_ACTIONS_APP_ID }}
           private-key: ${{ secrets.STAFFBASE_ACTIONS_PRIVATE_KEY }}
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
         with:
           token: ${{ steps.get_token.outputs.token }}
           title: ":memo: Update Readme Versions"

diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ on:
 
 jobs:
   <action name>:
-    uses: Staffbase/gha-workflows/.github/workflows/template_*.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_*.yml@v6.1.0
     with:
       ...
 ```
@@ -43,12 +43,16 @@ on:
 
 jobs:
   dependabot:
-    uses: Staffbase/gha-workflows/.github/workflows/template_automerge_dependabot.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_automerge_dependabot.yml@v6.1.0
     with:
       # optional: ⚠️ only enable the force merge if you want to do the merge just now
       force: true
       # optional: choose strategy when merging (default: squash)
       strategy: rebase, merge
+      # optional: choose which types of update you want to allow (default: minor,patch)
+      update-types: major,minor,patch
+      # optional: choose if you want to allow versions with semver 0.X.X (default: false)
+      include-pre-release: true
     secrets:
       # identifier of the GitHub App for authentication
       app_id: ${{ <your-app-id> }}
@@ -74,7 +78,7 @@ on:
 
 jobs:
   autodev:
-    uses: Staffbase/gha-workflows/.github/workflows/template_autodev.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_autodev.yml@v6.1.0
     with:
       # optional: base branch from which the history originates, default: main
       base: master
@@ -99,7 +103,7 @@ jobs:
       token: ${{ <your-token> }}
       # optional: identifier of the GitHub App for authentication
       app_id: ${{ <your-app-id> }}
-      # optional: private key of the GitHub App 
+      # optional: private key of the GitHub App
       private_key: ${{ <your-private-key> }}
 ```
 
@@ -116,7 +120,7 @@ on: [ push ]
 
 jobs:
   gitops:
-    uses: Staffbase/gha-workflows/.github/workflows/template_gitops.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_gitops.yml@v6.1.0
     with:
       # optional: host of the docker registry, default: "staffbase.jfrog.io"
       docker-registry: "<your-registry>"
@@ -133,13 +137,15 @@ jobs:
       docker-file: <path-to-Dockerfile>
       # optional: name of the docker image, default: private/<repository_name>
       docker-image: <your-image>
+      # optional: custom tag for the productive docker image which is preferred over the tag generated by the workflow
+      docker-custom-tag: <your-tag>
       # optional: organization of the gitops repository, default: github.repository_owner
       gitops-organization: <your-organization>
       # optional: repository where to update the files, default: mops
       gitops-repository: "<your-repository>"
-      # optional: user which does the commit, default: "Staffbot"
+      # optional: user which does the commit, default: "staffbase-actions"
       gitops-user: "<your-user>"
-      # optional: email of the user which does the commit, default: "staffbot@staffbase.com"
+      # optional: email of the user which does the commit, default: "staffbase-actions[bot]@users.noreply.github.com"
       gitops-email: "<your-email>"
       # optional: files which should be updated for dev
       gitops-dev: |-
@@ -189,7 +195,7 @@ on:
 
 jobs:
   jira_annotate:
-    uses: Staffbase/gha-workflows/.github/workflows/template_jira_tagging.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_jira_tagging.yml@v6.1.0
     with:
       # optional: name of the service to add as label, default: name of the repository
       name: 'component name'
@@ -222,7 +228,7 @@ on:
 
 jobs:
   ld_code_references:
-    uses: Staffbase/gha-workflows/.github/workflows/template_launchdarkly_code_references.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_launchdarkly_code_references.yml@v6.1.0
     with:
       # optional: key of the LD project, default: default
       project-key: 'my-project'
@@ -247,7 +253,7 @@ on:
 
 jobs:
   block:
-    uses: Staffbase/gha-workflows/.github/workflows/template_merge_block.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_merge_block.yml@v6.1.0
     with:
       # optional: name of the label if the PR should not be merged, default: do not merge
       label: merge block
@@ -275,8 +281,8 @@ on:
 
 jobs:
   update_release_draft:
-    uses: Staffbase/gha-workflows/.github/workflows/template_release_drafter.yml@v5.5.0
-    with: 
+    uses: Staffbase/gha-workflows/.github/workflows/template_release_drafter.yml@v6.1.0
+    with:
       # optional: name of the release
       name: Version X.Y.Z
       # optional: should the release be published, default: false
@@ -290,7 +296,7 @@ jobs:
       token: ${{ <your-token> }}
       # optional: identifier of the GitHub App for authentication
       app_id: ${{ <your-app-id> }}
-      # optional: private key of the GitHub App 
+      # optional: private key of the GitHub App
       private_key: ${{ <your-private-key> }}
 ```
 
@@ -314,7 +320,7 @@ on:
 
 jobs:
   new_version:
-    uses: Staffbase/gha-workflows/.github/workflows/template_release_version.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_release_version.yml@v6.1.0
     with:
       # optional: format of the version, default: weekly
       format: 'quarterly'
@@ -332,9 +338,9 @@ on:
 ```
 
 </details>
-  
+
 ### Secret Scanning
-  
+
 <details>
 <summary>This workflow should be called by a PR and will scan it's commits for leaked credentials. The workflow will fail if any results are found.</summary>
 
@@ -345,7 +351,7 @@ on: [pull_request]
 
 jobs:
   trufflehog:
-    uses: Staffbase/gha-workflows/.github/workflows/template_secret_scan.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_secret_scan.yml@v6.1.0
 ```
 
 </details>
@@ -364,7 +370,7 @@ on:
 
 jobs:
   stale:
-    uses: Staffbase/gha-workflows/.github/workflows/template_stale.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_stale.yml@v6.1.0
     with:
       # optional: comment on the stale pull request while closed, default: This stale PR was closed because there was no activity.
       close-pr-message: your message
@@ -401,7 +407,7 @@ on:
 
 jobs:
   techdocs:
-    uses: Staffbase/gha-workflows/.github/workflows/template_techdocs.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_techdocs.yml@v6.1.0
     with:
       # optional: kind of the Backstage entity, default: Component
       # ref: https://backstage.io/docs/features/software-catalog/descriptor-format#contents
@@ -433,7 +439,7 @@ on:
 
 jobs:
   trigger-testio-test:
-    uses: Staffbase/gha-workflows/.github/workflows/template_testio_trigger_test.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_testio_trigger_test.yml@v6.1.0
     with:
       # optional: the slug you received from TestIO, defaults to 'staffbase'
       testio-slug: your TestIO slug
@@ -442,7 +448,7 @@ jobs:
     secrets:
       # GitHub token to be used for commenting in a PR
       github-token: ${{ secrets.GITHUB_TOKEN }}
-      # TestIO token of a user for which the triggered test is created 
+      # TestIO token of a user for which the triggered test is created
       testio-token: ${{ secrets.TESTIO_TOKEN }}
 ```
 
@@ -465,7 +471,7 @@ on:
 
 jobs:
   yamllint:
-    uses: Staffbase/gha-workflows/.github/workflows/template_yaml.yml@v5.5.0
+    uses: Staffbase/gha-workflows/.github/workflows/template_yaml.yml@v6.1.0
     with:
       # optional: name of the running action, default: yamllint / yamllint
       action-name: your name
@@ -494,7 +500,7 @@ Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduc
 ## License 📄
 
 This project is licensed under the Apache-2.0 License - see the [LICENSE.md](LICENSE) file for details.
-  
+
 <table>
   <tr>
     <td>