improve bum-sec-scanners-config

kyma-project · Jan 30, 2024 · c282ca3 · c282ca3
1 parent 1662375
commit c282ca3
Showing 1 changed file with 18 additions and 19 deletions.
diff --git a/.github/workflows/bump-sec-scanners-config-reusable.yml b/.github/workflows/bump-sec-scanners-config-reusable.yml
@@ -13,10 +13,10 @@
 #   Setting a secret for a repo: https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions
 #
 # If changes were done by the script, the workflow will create a PR and wait for it to be merged.
-# The waiting will happen with a timeout that can be set via the input of `timeout`. The units are seconds.
 # It has a default value of 3600 (seconds (= 1 hour)). Note that GitHub Action jobs will automatically fail after 6 hours:
 # Further reads:
 #   Default limits for GitHub Actions: https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#usage-limits
+# The waiting will happen with a timeout that can be set via the input of `TIMEOUT`. The units are seconds.
 #
 # Examples of using this workflow:
 #  1. Set all awailable inputs and secrets.
@@ -26,7 +26,7 @@
 #       uses: kyma-project/eventing-tools/.github/workflows/bump-sec-scanners-config-reusable.yml@main
 #       with:
 #         version_tag: 2.3.4
-#         timeout: 3600 # 1 hour
+#         TIMEOUT: 3600 # 1 hour
 #       secrets:
 #         BOT_PAT: ${{ secrets.my_pat }}
 #
@@ -45,11 +45,11 @@ name: bump sec-scanners-config.yaml (reusable)
 on:
   workflow_call:
     inputs:
-      version_tag:
+      VERSION:
         required: true
         type: string
         description: The semantic version number, that will be used to tag the main image in the sec scanner config.
-      timeout:
+      TIMEOUT:
         required: false
         type: number
         description: The time in seconds this workflow will wait for a resulting PR to be merged.
@@ -62,22 +62,19 @@ jobs:
   bump:
     name: Bump sec-scanners-config.yaml
     runs-on: ubuntu-latest
-    env:
-      REPO: ${{ github.repository }}
 
     steps:
-      - name: Checkout Code
+      - name: Checkout code
         uses: actions/checkout@v4
 
       - name: Render sec-scanners-config.yaml
         env:
-          VERSION_TAG: ${{ inputs.version_tag }}
-        shell: bash
+          VERSION: ${{ inputs.VERSION }}
         # Where ever you use this workflow, the script hack/scripts/render-sec-scanners-config.sh must exist.
-        run: ./hack/scripts/render-sec-scanners-config.sh "${VERSION_TAG}"
+        run: ./hack/scripts/render-sec-scanners-config.sh "${VERSION}"
 
       # Check if there are changes so we can determin if all following steps can be skipped.
-      - name: Check For Changes
+      - name: Check for changes
         shell: bash
         run: |
           if [ -z "$(git status --porcelain)" ]; then 
@@ -87,29 +84,30 @@ jobs:
             echo "CREATE_PR=true" >> $GITHUB_ENV 
           fi
 
-      - name: Print Content of sec-scanners-config.yaml
         if: ${{ always() }}
+      - name: Print out sec-scanners-config.yaml
         shell: bash
         run: |
           FILE="sec-scanners-config.yaml"
           [ -f "${FILE}" ] && cat "${FILE}" || echo "${FILE} not found."
 
-      - name: Set Up Git
+      - name: Set up git
         if: ${{ env.CREATE_PR == 'true' }}
         env:
           GH_TOKEN: ${{ secrets.BOT_PAT }}
+          REPO: ${{ github.repository }}
         shell: bash
         run: |
           # set git username 
-          ghusername=$(curl -H "Authorization: token ${GH_TOKEN}" https://api.github.com/user)
+          ghusername=$(curl -s -H "Authorization: token ${GH_TOKEN}" https://api.github.com/user | jq '.login')
           git config user.name "${ghusername}"
           # set git mail address
-          ghmailaddress=$(curl -H "Authorization: token ${GH_TOKEN}" https://api.github.com/email)
+          ghmailaddress="${ghusername}@users.noreply.github.com"
           git config user.email "${ghmailaddress}"
           # set remote url
           git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${REPO}.git"
 
-      - name: Set All Variables
+      - name: Set all variables
         if: ${{ env.CREATE_PR == 'true' }}
         shell: bash
         run: |
@@ -125,9 +123,10 @@ jobs:
           echo "name of the new branch: ${BRANCH_NAME}"
           echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV
 
-      - name: Create a Pull Request
+      - name: Create a pull request
         if: ${{ env.CREATE_PR == 'true' }}
         env:
+          REPO: ${{ github.repository }}
           CURRENT_BRANCH: ${{ env.CURRENT_BRANCH }}
           PR_DATE: ${{ env.PR_DATE }}
           BRANCH_NAME: ${{ env.BRANCH_NAME }}
@@ -157,11 +156,11 @@ jobs:
         run: |
           echo "please review  ${PR_URL}"
 
-      - name: Wait for PR to be Merged
         if: ${{ env.CREATE_PR == 'true' }}
+      - name: Wait for PR to be merged
         shell: bash
         env:
-          TIMEOUT: ${{ inputs.timeout }}
+          TIMEOUT: ${{ inputs.TIMEOUT }}
           PR_URL: ${{ env.PR_URL }}
           GH_TOKEN: ${{ secrets.BOT_PAT }}
         run: |