Skip to content

chore: synced file(s) with cds-snc/site-reliability-engineering #955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

chore: synced file(s) with cds-snc/site-reliability-engineering #955

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f51a355
chore: synced local '.github/workflows/s3-backup.yml' with remote 'to…
sre-read-write[bot] Nov 15, 2025
ec6bad6
chore: synced local '.github/workflows/export_github_data.yml' with r…
sre-read-write[bot] Nov 15, 2025
243a6ff
chore: synced local '.github/workflows/backstage-catalog-helper.yml' …
sre-read-write[bot] Nov 15, 2025
c269ec5
chore: synced local '.github/workflows/ossf-scorecard.yml' with remot…
sre-read-write[bot] Nov 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/backstage-catalog-helper.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
fetch-depth: 0
persist-credentials: false
- name: Run Backstage Catalog Info Helper
uses: cds-snc/backstage-catalog-info-helper-action@cc75afc29a0ade6c41400132ff9e1222f8916ba6 # v0.3.1
with:
Expand Down
17 changes: 16 additions & 1 deletion .github/workflows/export_github_data.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,13 @@ on:
schedule:
- cron: "20 7 * * *"

permissions:
id-token: write
contents: read
issues: read
pull-requests: read
security-events: read

jobs:
export-data:
runs-on: ubuntu-latest
Expand All @@ -15,11 +22,19 @@ jobs:
DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Configure AWS credentials using OIDC
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
with:
role-to-assume: arn:aws:iam::739275439843:role/data-lake-github-data-export
role-session-name: GithubDataExport
aws-region: ca-central-1
- name: Export Data
uses: cds-snc/github-repository-metadata-exporter@7f8f3eccaf3e15675fc70611e913ec1458510540
uses: cds-snc/github-repository-metadata-exporter@ccde2e2cc2d351bbc6fcd4146d2193d8da2b7a95
with:
github-app-id: ${{ secrets.SRE_BOT_RO_APP_ID }}
github-app-installation-id: ${{ secrets.SRE_BOT_RO_INSTALLATION_ID }}
github-app-private-key: ${{ secrets.SRE_BOT_RO_PRIVATE_KEY }}
log-analytics-workspace-id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
log-analytics-workspace-key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
s3-bucket: ${{ secrets.DATA_LAKE_GITHUB_METADATA_EXPORT_S3_BUCKET }}
aws-region: ${{ secrets.DATA_LAKE_GITHUB_METADATA_EXPORT_AWS_REGION }}
10 changes: 6 additions & 4 deletions .github/workflows/ossf-scorecard.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,17 @@ on:
branches:
- main

permissions: read-all
permissions:
contents: read
issues: read
pull-requests: read
checks: read
actions: read

jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read

steps:
- name: "Checkout code"
Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/s3-backup.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ on:
schedule:
- cron: "0 6 * * *"

permissions:
id-token: write
contents: read

jobs:
s3-backup:
runs-on: ubuntu-latest
Expand All @@ -13,24 +17,20 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # retrieve all history
persist-credentials: false

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
aws-access-key-id: ${{ secrets.AWS_S3_BACKUP_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_S3_BACKUP_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_S3_BACKUP_IAM_ROLE_ARN }}
role-session-name: S3Backup
aws-region: ca-central-1

- name: Create ZIP bundle
- name: Upload zip to S3 bucket
run: |
ZIP_FILE=`basename ${{ github.repository }}`-`date '+%Y-%m-%d'`.zip
zip -rq "${ZIP_FILE}" .
mkdir -p ${{ github.repository }}
mv "${ZIP_FILE}" ${{ github.repository }}

- name: Upload to S3 bucket
run: |
aws s3 sync . s3://${{ secrets.AWS_S3_BACKUP_BUCKET }} --exclude='*' --include='${{ github.repository }}/*'
aws s3 cp "${ZIP_FILE}" s3://${{ secrets.AWS_S3_BACKUP_BUCKET }}/${{ github.repository }}/"${ZIP_FILE}"

- name: Notify Slack channel if this job failed
if: ${{ failure() }}
Expand Down
Loading