diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bf7d2d6..24a0bb2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,17 +6,6 @@ on: - main - master workflow_dispatch: - inputs: - version_type: - description: 'Type of version bump' - required: false - default: 'auto' - type: choice - options: - - auto - - patch - - minor - - major jobs: release: @@ -52,7 +41,7 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version: "20" - name: Install semantic-release dependencies run: | @@ -66,64 +55,32 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ github.event.inputs.version_type }}" != "auto" ]]; then - # Manual release with specified version type - echo "Manual release triggered with version type: ${{ github.event.inputs.version_type }}" - npx semantic-release --dry-run > release_output.txt 2>&1 || true - - # Extract current version and calculate next version - CURRENT_VERSION=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0") - CURRENT_VERSION=${CURRENT_VERSION#v} - - case "${{ github.event.inputs.version_type }}" in - "patch") - NEW_VERSION=$(echo $CURRENT_VERSION | awk -F. '{printf "%d.%d.%d", $1, $2, $3+1}') - ;; - "minor") - NEW_VERSION=$(echo $CURRENT_VERSION | awk -F. '{printf "%d.%d.0", $1, $2+1}') - ;; - "major") - NEW_VERSION=$(echo $CURRENT_VERSION | awk -F. '{printf "%d.0.0", $1+1}') - ;; - esac - - echo "new_release_version=$NEW_VERSION" >> $GITHUB_OUTPUT - echo "new_release_published=true" >> $GITHUB_OUTPUT + # Automatic semantic release with error handling + echo "Running automatic semantic release..." + + # Try semantic-release, but handle PR-related failures gracefully + if npx semantic-release --debug; then + echo "✅ Semantic release completed successfully" - # Create the release in ITV/kics-github-action repository - gh release create "v$NEW_VERSION" \ - --repo "ITV/kics-github-action" \ - --title "Release v$NEW_VERSION" \ - --notes "Manual release: ${{ github.event.inputs.version_type }} version bump" \ - --target main + # Get the version that was created + LATEST_TAG=$(gh release list --limit 1 | head -n 1 | awk '{print $1}') + echo "🔍 Debug: Latest release tag from semantic-release: $LATEST_TAG" + echo "new_release_version=${LATEST_TAG#v}" >> $GITHUB_OUTPUT + echo "new_release_published=true" >> $GITHUB_OUTPUT else - # Automatic semantic release with error handling - echo "Running automatic semantic release..." - - # Try semantic-release, but handle PR-related failures gracefully - if npx semantic-release --debug; then - echo "✅ Semantic release completed successfully" - - # Get the version that was created + SEMANTIC_EXIT_CODE=$? + echo "⚠️ Semantic release failed with exit code: $SEMANTIC_EXIT_CODE" + + # Check if this was a PR-related failure and the release was actually created + if gh release list --limit 1 | head -n 1 | grep -q "v"; then LATEST_TAG=$(gh release list --limit 1 | head -n 1 | awk '{print $1}') - echo "🔍 Debug: Latest release tag from semantic-release: $LATEST_TAG" + echo "✅ Release $LATEST_TAG was created despite semantic-release error" + echo "🔍 Debug: Latest release tag from fallback: $LATEST_TAG" echo "new_release_version=${LATEST_TAG#v}" >> $GITHUB_OUTPUT echo "new_release_published=true" >> $GITHUB_OUTPUT else - SEMANTIC_EXIT_CODE=$? - echo "⚠️ Semantic release failed with exit code: $SEMANTIC_EXIT_CODE" - - # Check if this was a PR-related failure and the release was actually created - if gh release list --limit 1 | head -n 1 | grep -q "v"; then - LATEST_TAG=$(gh release list --limit 1 | head -n 1 | awk '{print $1}') - echo "✅ Release $LATEST_TAG was created despite semantic-release error" - echo "🔍 Debug: Latest release tag from fallback: $LATEST_TAG" - echo "new_release_version=${LATEST_TAG#v}" >> $GITHUB_OUTPUT - echo "new_release_published=true" >> $GITHUB_OUTPUT - else - echo "❌ No release was created" - exit $SEMANTIC_EXIT_CODE - fi + echo "❌ No release was created" + exit $SEMANTIC_EXIT_CODE fi fi @@ -156,18 +113,18 @@ jobs: run: | VERSION="${{ needs.release.outputs.version }}" echo "🔍 Debug: Received version from release job: '$VERSION'" - + if [ -z "$VERSION" ]; then echo "❌ Error: Version is empty!" exit 1 fi - + echo "full=$VERSION" >> $GITHUB_OUTPUT # Extract major, minor, patch IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION" echo "🔍 Debug: Version components - MAJOR=$MAJOR, MINOR=$MINOR, PATCH=$PATCH" - + echo "major=$MAJOR" >> $GITHUB_OUTPUT echo "minor=$MINOR" >> $GITHUB_OUTPUT echo "patch=$PATCH" >> $GITHUB_OUTPUT @@ -176,7 +133,7 @@ jobs: echo "major_tag=v$MAJOR" >> $GITHUB_OUTPUT echo "minor_tag=v$MAJOR.$MINOR" >> $GITHUB_OUTPUT echo "patch_tag=v$MAJOR.$MINOR.$PATCH" >> $GITHUB_OUTPUT - + echo "🔍 Debug: Generated tags - major_tag=v$MAJOR, minor_tag=v$MAJOR.$MINOR, patch_tag=v$MAJOR.$MINOR.$PATCH" - name: Generate Docker metadata @@ -231,27 +188,27 @@ jobs: run: | VERSION="${{ needs.release.outputs.version }}" echo "Creating mutable tags for version: $VERSION" - + # Extract version components IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION" echo "Version components: MAJOR=$MAJOR, MINOR=$MINOR, PATCH=$PATCH" - + # Configure git git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - + # Create and push major version tag (v1, v2, etc.) echo "Creating major version tag: v$MAJOR" git tag -f "v$MAJOR" git push origin "v$MAJOR" --force echo "✅ Updated mutable tag v$MAJOR to point to v$VERSION" - + # Create and push minor version tag (v1.2, v1.3, etc.) echo "Creating minor version tag: v$MAJOR.$MINOR" git tag -f "v$MAJOR.$MINOR" git push origin "v$MAJOR.$MINOR" --force echo "✅ Updated mutable tag v$MAJOR.$MINOR to point to v$VERSION" - + # List all tags to verify echo "Current tags:" git tag --sort=-version:refname | head -10 @@ -282,4 +239,4 @@ jobs: # Use major version (gets latest compatible updates) uses: ITV/kics-github-action@v$(echo ${{ needs.release.outputs.version }} | cut -d. -f1) ``` - EOF \ No newline at end of file + EOF diff --git a/action.yml b/action.yml index 298bf2d..9152254 100644 --- a/action.yml +++ b/action.yml @@ -123,8 +123,10 @@ runs: IMAGE="ghcr.io/itv/kics-github-action:develop" fi echo "Using image: $IMAGE" + docker run --quiet --name kics-scan \ -v "${{ github.workspace }}":"${{ github.workspace }}" \ + -v "${{ runner.temp }}":"${{ runner.temp }}" \ -w "${{ github.workspace }}" \ -e GITHUB_ACTION \ -e GITHUB_ACTOR \ diff --git a/test/samples/positive1.tf b/test/samples/positive1.tf deleted file mode 100644 index 21eee44..0000000 --- a/test/samples/positive1.tf +++ /dev/null @@ -1,21 +0,0 @@ -resource "azurerm_resource_group" "positive1" { - name = "acceptanceTestResourceGroup1" - location = "West US" -} - -resource "azurerm_sql_server" "positive2" { - name = "mysqlserver1" - resource_group_name = "acceptanceTestResourceGroup1" - location = "West US" - version = "12.0" - administrator_login = "4dm1n157r470r" - administrator_login_password = "4-v3ry-53cr37-p455w0rd" -} - -resource "azurerm_sql_active_directory_administrator" "positive3" { - server_name = "mysqlserver2" - resource_group_name = "acceptanceTestResourceGroup1" - login = "sqladmin" - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azurerm_client_config.current.object_id -} diff --git a/test/samples/positive2.tf b/test/samples/positive2.tf deleted file mode 100644 index c6f4d82..0000000 --- a/test/samples/positive2.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "azurerm_resource_group" "positive1" { - name = "resourceGroup1" - location = "West US" -} - -resource "azurerm_container_registry" "positive2" { - name = "containerRegistry1" - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.rg.location - sku = "Premium" - admin_enabled = true - georeplication_locations = ["East US", "West Europe"] -}