File tree Expand file tree Collapse file tree 22 files changed +103
-55
lines changed
Expand file tree Collapse file tree 22 files changed +103
-55
lines changed Original file line number Diff line number Diff line change 1717 runs-on : ubuntu-latest
1818 steps :
1919 - name : Checkout repository
20- uses : actions/checkout@v6.0.2
20+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2121 - name : Set up Git
2222 run : |
2323 git config user.name "${{ github.actor }}"
2828 ./hack/bump-docs-manifests.sh ${{ github.event.inputs.new_version }}
2929 git add docs/getting-started.md docs/tutorial-argocd-apps.md docs/argocd-integrations.md
3030 - name : Create Pull Request
31- uses : peter-evans/create-pull-request@v8
31+ uses : peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
3232 with :
3333 commit-message : " docs: bump manifest versions to v${{ github.event.inputs.new_version }}"
3434 title : " docs: bump manifest versions to v${{ github.event.inputs.new_version }}"
Original file line number Diff line number Diff line change 3232 cache-dependency-path : |
3333 go.sum
3434 - name : Create k8s Kind Cluster
35- uses : helm/kind-action@v1
35+ uses : helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
3636 with :
3737 cluster_name : kind
3838 version : v0.30.0
Original file line number Diff line number Diff line change 2424 with :
2525 go-version : " 1.25"
2626 - name : Setup Node.js
27- uses : actions/setup-node@v6
27+ uses : actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
2828 with :
2929 node-version : ' 20'
3030 cache : ' npm'
5353 run : go mod download
5454 - name : Restore build output from cache
5555 id : cache-build
56- uses : actions/cache@v5
56+ uses : actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
5757 with :
5858 path : bin/manager
5959 key : ${{ runner.os }}-go-build-${{ hashFiles('**/*.go', 'go.sum') }}
6666 fi
6767 echo "ui/web/static directory exists ✓"
6868 - name : Lint
69- uses : golangci/golangci-lint-action@v9
69+ uses : golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
7070 with :
7171 version : v2.8.0
7272 args : --timeout=5m
@@ -79,21 +79,21 @@ jobs:
7979 run : make test-parallel
8080 - name : Generate code coverage artifacts
8181 if : ${{ !cancelled() }}
82- uses : actions/upload-artifact@v6
82+ uses : actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
8383 with :
8484 name : code-coverage
8585 path : cover.out
8686 - name : Upload code coverage information to codecov.io
8787 if : ${{ !cancelled() }}
88- uses : codecov/codecov-action@v5.5.2
88+ uses : codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
8989 with :
9090 files : cover.out
9191 fail_ci_if_error : false
9292 env :
9393 CODECOV_TOKEN : ${{ secrets.CODECOV_TOKEN }}
9494 - name : Upload test results to codecov.io
9595 if : ${{ !cancelled() }}
96- uses : codecov/test-results-action@v1
96+ uses : codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
9797 with :
9898 token : ${{ secrets.CODECOV_TOKEN }}
9999 codegen :
Original file line number Diff line number Diff line change 2929 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3030
3131 - name : Set up QEMU
32- uses : docker/setup-qemu-action@v3
32+ uses : docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
3333
3434 - name : Setup Go
3535 uses : actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
Original file line number Diff line number Diff line change 4747 git push origin ${{ steps.extract_version.outputs.version }}
4848
4949 - name : Set up QEMU
50- uses : docker/setup-qemu-action@v3
50+ uses : docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
5151
5252 - name : Setup Go
5353 uses : actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
Original file line number Diff line number Diff line change @@ -32,17 +32,17 @@ jobs:
3232 issues : write
3333 steps :
3434 - name : Checkout
35- uses : actions/checkout@v6.0.2
35+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3636
3737 - name : Get token
3838 id : get_token
39- uses : actions/create-github-app-token@v2
39+ uses : actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
4040 with :
4141 app-id : ${{ secrets.RENOVATE_APP_ID }}
4242 private-key : ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
4343
4444 - name : Self-hosted Renovate
45- uses : renovatebot/github-action@v46.0.1
45+ uses : renovatebot/github-action@e23f4d9675532445118c886434f5a34292b630b4 # v46.0.2
4646 with :
4747 configurationFile : renovate.json5
4848 token : ${{ steps.get_token.outputs.token }}
Original file line number Diff line number Diff line change 1+ name : Scorecard supply-chain security
2+ on :
3+ # For Branch-Protection check. Only the default branch is supported. See
4+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
5+ branch_protection_rule :
6+ # To guarantee Maintained check is occasionally updated. See
7+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
8+ schedule :
9+ - cron : ' 17 15 * * 3'
10+ push :
11+ branches : [ "main" ]
12+
13+ # Declare default permissions as read only.
14+ permissions : read-all
15+
16+ jobs :
17+ analysis :
18+ name : Scorecard analysis
19+ runs-on : ubuntu-latest
20+ # `publish_results: true` only works when run from the default branch. conditional can be removed if disabled.
21+ if : github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request'
22+ permissions :
23+ # Needed to upload the results to code-scanning dashboard.
24+ security-events : write
25+ # Needed to publish results and get a badge (see publish_results below).
26+ id-token : write
27+
28+ steps :
29+ - name : " Checkout code"
30+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
31+ with :
32+ persist-credentials : false
33+
34+ - name : " Run analysis"
35+ uses : ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
36+ with :
37+ results_file : results.sarif
38+ results_format : sarif
39+ publish_results : true
40+
41+ - name : " Upload artifact"
42+ uses : actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
43+ with :
44+ name : SARIF file
45+ path : results.sarif
46+ retention-days : 5
47+
48+ - name : " Upload to code-scanning"
49+ uses : github/codeql-action/upload-sarif@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a # v3.32.2
50+ with :
51+ sarif_file : results.sarif
Original file line number Diff line number Diff line change 2222 - name : Checkout Actions Repository
2323 uses : actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # pin@v6
2424 - name : Spell Check Repo
25- uses : crate-ci/typos@3a4d65230db538caabac6e156599c8ba8380ff07 # v1.43.1
25+ uses : crate-ci/typos@9066e9940a8a05b98fb4733c62a726f83c9e57f8 # v1.43.3
Original file line number Diff line number Diff line change 1+ [ ![ Artifact Hub] ( https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/gitops-promoter )] ( https://artifacthub.io/packages/search?repo=gitops-promoter )
12[ ![ codecov] ( https://codecov.io/gh/argoproj-labs/gitops-promoter/graph/badge.svg?token=Nbye3NDioO )] ( https://codecov.io/gh/argoproj-labs/gitops-promoter )
3+ [ ![ OpenSSF Scorecard] ( https://api.securityscorecards.dev/projects/github.com/argoproj-labs/gitops-promoter/badge )] ( https://scorecard.dev/viewer/?uri=github.com/argoproj-labs/gitops-promoter )
24
35# GitOps Promoter
46
Original file line number Diff line number Diff line change @@ -72,12 +72,12 @@ type CommitStatusStatus struct {
7272 // Important: Run "make" to regenerate code after modifying this file
7373
7474 // Id is the unique identifier of the commit status, set by the SCM
75- Id string `json:"id"`
75+ Id string `json:"id,omitempty "`
7676 // Sha is the commit SHA that the status is set on.
7777 // Supports both SHA-1 (40 chars) and SHA-256 (64 chars) Git hash formats.
7878 // +kubebuilder:validation:MaxLength=64
7979 // +kubebuilder:validation:Pattern=`^([a-f0-9]{40}|[a-f0-9]{64})$`
80- Sha string `json:"sha"`
80+ Sha string `json:"sha,omitempty "`
8181 // Phase is the state of the commit status. This will be mapped to the appropriate equivalent in the SCM.
8282 // +kubebuilder:default:=pending
8383 // +kubebuilder:validation:Enum:=pending;success;failure;""
You can’t perform that action at this time.
0 commit comments