From 82ae1a36a5f9fa5e5b2525951be3d8ab27204708 Mon Sep 17 00:00:00 2001 From: Joss Whittle Date: Tue, 19 Nov 2024 12:59:13 +0000 Subject: [PATCH 1/4] chore: bump sonar-dotnet container version (#205) --- .github/workflows/sonar-dotnet.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonar-dotnet.yaml b/.github/workflows/sonar-dotnet.yaml index c971d3a6..16cb9319 100644 --- a/.github/workflows/sonar-dotnet.yaml +++ b/.github/workflows/sonar-dotnet.yaml @@ -76,7 +76,7 @@ jobs: dotnet /sonar-scanner/SonarScanner.MSBuild.dll end \ /d:sonar.login=$SONAR_TOKEN" env: - SONAR_IMAGE: harbor.ukserp.ac.uk/github-workflows/sonar-dotnet:1.0.0 + SONAR_IMAGE: harbor.ukserp.ac.uk/github-workflows/sonar-dotnet:1.0.1 PROJECT_NAME: ${{ inputs.project-name }} PROJECT_FILE: ${{ inputs.project-file }} PROJECT_CONTEXT: ${{ inputs.project-context }} From 1e4f51eef7808133c8ab7f46ba7a77e71fe39c9e Mon Sep 17 00:00:00 2001 From: Joss Whittle Date: Tue, 10 Dec 2024 11:03:00 +0000 Subject: [PATCH 2/4] feat(arc-container): build just the arc container (#206) chore(arc-container): build just the arc container --- .github/commitlint.config.mjs | 3 +- .../workflows/actions-runner-container.yaml | 45 +++++++++++++++++++ containers/actions-runner/Dockerfile | 18 ++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/actions-runner-container.yaml create mode 100644 containers/actions-runner/Dockerfile diff --git a/.github/commitlint.config.mjs b/.github/commitlint.config.mjs index f8ef60e8..cba64c5d 100644 --- a/.github/commitlint.config.mjs +++ b/.github/commitlint.config.mjs @@ -12,7 +12,8 @@ export default { 'commitlint', 'labeler', 'renovate', - 'sonar-dotnet' + 'sonar-dotnet', + 'arc-container' ]] } }; diff --git a/.github/workflows/actions-runner-container.yaml b/.github/workflows/actions-runner-container.yaml new file mode 100644 index 00000000..3dc27071 --- /dev/null +++ b/.github/workflows/actions-runner-container.yaml @@ -0,0 +1,45 @@ +name: Build Actions Runner Container + +on: + pull_request: + paths: + - '.github/workflows/actions-runner-container.yaml' + - 'containers/actions-runner/**' + push: + branches: + - 'main' + paths: + - '.github/workflows/actions-runner-container.yaml' + - 'containers/actions-runner/**' + +permissions: + contents: write + pull-requests: write + actions: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # Cancel early on pull requests if new commits are added, + # Don't cancel on release pushes + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! + actions-runner-container: + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@feat/runs-on-input + with: + job-name: actions-runner-container + comment-pr: "true" + comment-release: "true" + registry: ${{ vars.HARBOR_REGISTRY }} + registry-user: ${{ vars.HARBOR_USER }} + registry-repo: ${{ vars.HARBOR_PROJECT }}/actions-runner + release-tag-format: 'v${version}-actions-runner-container' + cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} + build-file: containers/actions-runner/Dockerfile + build-context: containers/actions-runner + secrets: + cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} + cosign-password: ${{ secrets.COSIGN_PASSWORD }} + registry-token: ${{ secrets.HARBOR_TOKEN }} diff --git a/containers/actions-runner/Dockerfile b/containers/actions-runner/Dockerfile new file mode 100644 index 00000000..9612011b --- /dev/null +++ b/containers/actions-runner/Dockerfile @@ -0,0 +1,18 @@ +FROM ghcr.io/actions/actions-runner:2.318.0 + +LABEL org.opencontainers.image.source=https://github.com/SwanseaUniversityMedical/workflows + +# Add missing dependencies compared to the old summerwind runners +USER root +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt-get install -y --no-install-recommends \ + curl unzip jq wget python3-pip git-all && \ + rm -rf /var/lib/apt/lists/* + +RUN echo 'export PATH="/home/runner/.local/bin:$PATH"' >> /etc/profile +ENV PATH="/home/runner/.local/bin:$PATH" + +USER runner +ENV PATH="/home/runner/.local/bin:$PATH" + From d4dca5bdacca8f38d28fb6429ae00f2813d8ea25 Mon Sep 17 00:00:00 2001 From: Marvin the SeRP Bot Date: Tue, 7 Jan 2025 11:02:46 +0000 Subject: [PATCH 3/4] chore(deps): update actions/cache action to v4.2.0 (#197) Co-authored-by: Renovate Bot --- .github/workflows/pr-title-commitlint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title-commitlint.yaml b/.github/workflows/pr-title-commitlint.yaml index 6c5f9470..da156e51 100644 --- a/.github/workflows/pr-title-commitlint.yaml +++ b/.github/workflows/pr-title-commitlint.yaml @@ -45,7 +45,7 @@ jobs: node-version: 20 - name: cache node modules - uses: actions/cache@v4.1.1 + uses: actions/cache@v4.2.0 with: path: ~/.npm key: ${{ github.workflow }}-commitlint From c182c143bb083370777e79ea9d46af0c4ed91824 Mon Sep 17 00:00:00 2001 From: Marvin the SeRP Bot Date: Tue, 7 Jan 2025 11:20:22 +0000 Subject: [PATCH 4/4] chore(deps): update renovatebot/github-action action to v41 (#199) * chore(deps): update renovatebot/github-action action to v41 * feat: bump renovate container version --------- Co-authored-by: Renovate Bot Co-authored-by: Joss Whittle --- .github/actions/renovate/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/renovate/action.yaml b/.github/actions/renovate/action.yaml index 902241ba..f63e61a6 100644 --- a/.github/actions/renovate/action.yaml +++ b/.github/actions/renovate/action.yaml @@ -18,11 +18,11 @@ runs: ${{ inputs.config }} - name: run renovate bot - uses: renovatebot/github-action@v40.3.3 + uses: renovatebot/github-action@v41.0.8 with: renovate-image: "harbor.ukserp.ac.uk/github-workflows/renovate" # TODO annotate this for renovate to bump... the irony is not lost on me... - renovate-version: "38.115.0" + renovate-version: "39.92.0" configurationFile: ${{ inputs.config }} token: ${{ inputs.token }} env-regex: "^(?:RENOVATE_\\w+|LOG_LEVEL|\\w+_PROXY)$"