diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..0b01f0a --- /dev/null +++ b/.editorconfig @@ -0,0 +1,13 @@ +root = true + +[*] +charset = utf-8 +indent_style = space +indent_size = 4 +insert_final_newline = true +trim_trailing_whitespace = true +end_of_line = lf +max_line_length = 160 + +[*.{yaml,yml,json}] +indent_size = 2 diff --git a/.env b/.env index 2863ce5..bb5e7b5 100644 --- a/.env +++ b/.env @@ -53,10 +53,9 @@ INPUT_MILLISECONDS=2400 # GITHUB_WORKFLOW_REF="" # GITHUB_WORKFLOW_SHA="" # GITHUB_WORKSPACE="" -RUNNER_ARCH="X" +# RUNNER_ARCH="" # RUNNER_DEBUG="" # RUNNER_NAME="" -INPUT_VERSION="latest" -RUNNER_OS="macOS" -RUNNER_TEMP=".local/tmp" -RUNNER_TOOL_CACHE=".local/cache" +# RUNNER_OS="" +RUNNER_TEMP=.local/tmp +RUNNER_TOOL_CACHE=.local/cache diff --git a/.github/workflows/auto_cherry_pick.yml b/.github/workflows/auto_cherry_pick.yml index 00e31c3..fd04317 100644 --- a/.github/workflows/auto_cherry_pick.yml +++ b/.github/workflows/auto_cherry_pick.yml @@ -4,9 +4,9 @@ on: workflow_dispatch: inputs: base_branch: - description: "Base branch to create the PR against" + description: 'Base branch to create the PR against' required: true - default: "main" + default: 'main' script: description: 'Script to run after audit fix' required: false @@ -22,7 +22,7 @@ jobs: cherry-pick: uses: step-security/reusable-workflows/.github/workflows/auto_cherry_pick.yaml@v1 with: - original-owner: "jkroepke" - repo-name: "setup-vals" + original-owner: 'jkroepke' + repo-name: 'setup-vals' base_branch: ${{ inputs.base_branch }} script: ${{ inputs.script || 'npm run all' }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..d74ac53 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,108 @@ +env: + RUNNER_DEBUG: 1 + +name: 'CI' +on: # rebuild any PRs and main branch changes + pull_request: + push: + branches: + - main + +permissions: {} + +jobs: + build: # make sure build/ci work properly + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + with: + node-version: '22' + - run: | + npm install + npm run all + - run: | + git diff --exit-code ':!dist/index.js.map' ':!badges/coverage.svg' + test: # make sure the action works on a clean machine without building + runs-on: ${{ matrix.os }} + permissions: + contents: read + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: ./ + - name: Get the version + run: vals version + - uses: ./ + with: + version: v0.40.0 + - name: Get the version + run: vals version | grep 0.40.0 + - uses: ./ + with: + version: 0.28.0 + - name: Get the version + run: vals version | grep 0.28.0 + + super-lint: + name: super-lint + runs-on: ubuntu-24.04 + permissions: + contents: read + steps: + - name: Checkout Code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 + + - name: Lint Code Base + uses: super-linter/super-linter/slim@4e8a7c2bf106c4c766c816b35ec612638dc9b6b2 # v7.3.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + MULTI_STATUS: false + LINTER_RULES_PATH: . + VALIDATE_ALL_CODEBASE: true + VALIDATE_BASH: true + VALIDATE_BASH_EXEC: true + VALIDATE_ENV: true + VALIDATE_GITHUB_ACTIONS: true + VALIDATE_HTML: true + VALIDATE_NATURAL_LANGUAGE: true + VALIDATE_SHELL_SHFMT: true + VALIDATE_XML: true + VALIDATE_YAML: true + + release: + if: github.repository_owner == 'jkroepke' && github.ref_name == 'main' + name: Release + runs-on: ubuntu-latest + needs: + - build + - test + - super-lint + permissions: + contents: write + steps: + - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + id: app-token + with: + app-id: 1248576 + private-key: ${{ secrets.AUTOMATION_APP_PRIVATE_KEY }} + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 + - name: Setup Node.js + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + with: + node-version: '22' + - name: Install dependencies + run: npm clean-install + - name: Release + env: + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} + run: npx semantic-release diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 0e43925..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,45 +0,0 @@ -env: - RUNNER_DEBUG: 1 - -name: 'build-test' -on: # rebuild any PRs and main branch changes - pull_request: - push: - branches: - - main - - 'release/*' - -jobs: - build: # make sure build/ci work properly - runs-on: ubuntu-latest - steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - node-version: '22' - - run: | - npm install - npm run all - - run: | - git diff --exit-code ':!dist/index.js.map' ':!badges/coverage.svg' ':!.github/workflows' - test: # make sure the action works on a clean machine without building - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: ./ - id: install - - name: Get the vals version - run: vals --version diff --git a/.gitignore b/.gitignore index dbc45b4..be65dba 100644 --- a/.gitignore +++ b/.gitignore @@ -97,3 +97,6 @@ Thumbs.db __tests__/runner/* .idea + +/badges/* +!/badges/.gitkeep \ No newline at end of file diff --git a/.husky/pre-commit b/.husky/pre-commit new file mode 100644 index 0000000..a31e5ba --- /dev/null +++ b/.husky/pre-commit @@ -0,0 +1,2 @@ +npm run all +git update-index --again diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..4579911 --- /dev/null +++ b/.prettierignore @@ -0,0 +1,2 @@ +.github/**/*.yaml +dist/* diff --git a/LICENSE b/LICENSE index d69a05e..3b02b97 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) Microsoft Corporation. +Copyright (c) 2025 Jan-Otto Kröpke Copyright (c) 2025 StepSecurity Permission is hereby granted, free of charge, to any person obtaining a copy diff --git a/README.md b/README.md index 0573059..6696cd8 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,28 @@ -## Setup Vals +[![CI](https://github.com/jkroepke/setup-vals/actions/workflows/ci.yml/badge.svg)](https://github.com/jkroepke/setup-vals/actions/workflows/ci.yml) +[![GitHub license](https://img.shields.io/github/license/jkroepke/setup-vals)](https://github.com/jkroepke/setup-vals/blob/master/LICENSE) +[![Current Release](https://img.shields.io/github/release/jkroepke/setup-vals.svg?logo=github)](https://github.com/jkroepke/setup-vals/releases/latest) +[![GitHub Repo stars](https://img.shields.io/github/stars/jkroepke/setup-vals?style=flat&logo=github)](https://github.com/jkroepke/setup-vals/stargazers) + +# Setup vals + +## About GitHub Action for installing [variantdev/vals](https://github.com/variantdev/vals) Install a specific version of vals binary on the runner. Acceptable values are -latest or any semantic version string like v2.16.7 Use this action in workflow -to define which version of sops will be used. +latest or any semantic version string like v2.16.7. Use this action in workflow +to define which version of vals will be used. ```yaml -- name: Vals Binary Installer +- name: Stackit Binary Installer uses: step-security/setup-vals@v1 with: version: '' # default is latest stable id: install ``` -The cached vals binary path is prepended to the PATH environment variable as -well as stored in the vals-path output variable. Refer to the action metadata -file for details about all the inputs -[here](https://github.com/step-security/setup-vals/blob/master/action.yml). +The cached binary path is prepended to the PATH environment variable as well as +stored in the path output variable. Refer to the action metadata file for +details about all the inputs +[here](https://github.com/step-security/setup-vals/blob/main/action.yml). diff --git a/action.yml b/action.yml index b971530..59d03ea 100644 --- a/action.yml +++ b/action.yml @@ -1,17 +1,17 @@ name: 'vals tools installer' -description: - 'Install a specific version of the vals binary. Acceptable values are latest - or any semantic version string like 0.14.0' +description: |- + Install a specific version of the vals binary. Acceptable values are latest + or any semantic version string like 0.31.0. inputs: version: description: 'Version of vals' required: true default: 'latest' outputs: - vals-path: + path: description: 'Path to the cached vals binary' branding: - icon: 'wind' + icon: 'terminal' color: 'gray-dark' runs: using: node20 diff --git a/badges/.gitkeep b/badges/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/badges/coverage.svg b/badges/coverage.svg deleted file mode 100644 index 87f7102..0000000 --- a/badges/coverage.svg +++ /dev/null @@ -1 +0,0 @@ -Coverage: 52.23%Coverage52.23% \ No newline at end of file