wmde · lorenjohnson · Nov 1, 2023 · Sep 21, 2023 · Sep 21, 2023 · Sep 22, 2023
diff --git a/.github/actions/prep-env-and-cache/action.yml b/.github/actions/prep-env-and-cache/action.yml
@@ -0,0 +1,56 @@
+name: 'checkout-and-prepare'
+description: 'Prepare our github actions environment'
+
+inputs:
+  env_file:
+    description: 'the env file used for defining the environment'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+      - name: Print the env from variables.env
+        run: cat variables.env
+        shell: bash
+
+      - name: Set the env from variables.env
+        uses: c-py/action-dotenv-to-setenv@v4
+        with:
+          env-file: variables.env
+
+      - name: Print the current env
+        run: cat ${{ inputs.env_file }}
+        shell: bash
+
+      - name: Set the env from ${{ inputs.env_file }}
+        uses: c-py/action-dotenv-to-setenv@v4
+        with:
+          env-file: ${{ inputs.env_file }}
+
+      # https://phabricator.wikimedia.org/T346882
+      - name: Cache composer files
+        id: cache-composer
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-wikibase-composer
+        with:
+          path: cache
+          key: cache-wikibase-composer
+
+      - shell: bash
+        run: |
+          echo "Composer Cache Hit: ${{ steps.cache-composer.outputs.cache-hit }}"
+
+      - name: Cache files in git_cache
+        id: cache-git
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-wikibase-git-repo
+        with:
+          path: git_cache
+          key: cache-wikibase-git-repo
+
+      - shell: bash
+        run: |
+          echo "Git Cache Hit: ${{ steps.cache-git.outputs.cache-hit }}"
+
diff --git a/.github/actions/scan-image/action.yml b/.github/actions/scan-image/action.yml
@@ -1,43 +1,42 @@
-name: 'scan-docker'
-description: 'Scan image and upload results'
+name: "scan-image"
+description: "Scan image and upload results"
 inputs:
-  image_tag:
-    description: 'tag to give to latest image'
-    required: true
   image_name:
-    description: 'name of the docker image to work with'
+    description: "name of the docker image to work with"
     required: true
+
 runs:
   using: "composite"
+
   steps:
-      - uses: anchore/scan-action@v3
-        id: scan
-        with:
-          acs-report-enable: true
-          severity-cutoff: critical
-          fail-build: false
-          image: ${{ inputs.image_name }}:${{ inputs.image_tag }}
+    - uses: anchore/scan-action@v3
+      id: scan
+      with:
+        severity-cutoff: critical
+        fail-build: false
+        image: ${{ inputs.image_name }}
 
-      # As this step depends on github.event.pull_request it never ran until https://github.com/wmde/wikibase-release-pipeline/pull/317 was done
-      # So disable it in that PR and fix it in a followup...
-      # uploads it to the ui
-      # - uses: github/codeql-action/upload-sarif@v1
-      #   if: |
-      #     github.actor != 'dependabot[bot]' &&
-      #     (github.event.pull_request.head.repo.full_name == github.repository)
-      #   with:
-      #     sarif_file: ${{ steps.scan.outputs.sarif }}
+    # As this step depends on github.event.pull_request it never 
+    # ran until https://github.com/wmde/wikibase-release-pipeline/pull/317 was done
+    # So disable it in that PR and fix it in a followup...
+    # uploads it to the ui
+    # - uses: github/codeql-action/upload-sarif@v1
+    #   if: |
+    #     github.actor != 'dependabot[bot]' &&
+    #     (github.event.pull_request.head.repo.full_name == github.repository)
+    #   with:
+    #     sarif_file: ${{ steps.scan.outputs.sarif }}
 
-      # output to terminal and move to non-conflicting name
-      - name: Inspect action SARIF report 
-        shell: bash
-        run: |
-          cat ${{ steps.scan.outputs.sarif }}
-          mv ${{ steps.scan.outputs.sarif }} /tmp/${{ inputs.image_name }}.sarif
+    - name: Inspect action SARIF report
+      shell: bash
+      run: |
+        cat ${{ steps.scan.outputs.sarif }}
+        mkdir -p /tmp/sarif-reports
+        cp ${{ steps.scan.outputs.sarif }} /tmp/sarif-reports/${{ inputs.image_name }}.sarif
 
-      - name: Archive docker production artifacts
-        uses: actions/upload-artifact@v2
-        with:
-          name: ScanArtifacts
-          if-no-files-found: error
-          path: /tmp/${{ inputs.image_name }}.sarif
+    - name: Archive scan artifacts
+      uses: actions/upload-artifact@v3
+      with:
+        name: ScanResults
+        if-no-files-found: error
+        path: /tmp/sarif-reports/${{ inputs.image_name }}.sarif
diff --git a/.github/actions/upload-results/action.yml b/.github/actions/upload-results/action.yml
@@ -0,0 +1,31 @@
+name: "checkout-and-prepare"
+description: "Upload build results as artifacts"
+
+inputs:
+  component:
+    description: "the name of the built artifact"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Archive build_metadata Artifacts (if any)
+      uses: actions/upload-artifact@v3
+      with:
+        name: Metadata
+        path: artifacts/build_metadata_*.env
+        if-no-files-found: ignore
+
+    - name: Archive tar artifacts (if any)
+      uses: actions/upload-artifact@v3
+      with:
+        name: TarBalls
+        path: artifacts/${{ inputs.component }}.tar.gz
+        if-no-files-found: ignore
+
+    - name: Archive Docker artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: DockerImages
+        path: artifacts/${{ inputs.component }}.docker.tar.gz
+        if-no-files-found: error