From 04bde3b210aa206b3796dfbd068cc11227431f6e Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Thu, 27 Mar 2025 23:32:06 +0200 Subject: [PATCH] feat(ci): new release workflows, pinning --- .../workflows/publish-immutable-actions.yml | 22 ++++++++++++++ .../workflows/release-new-action-version.yml | 30 +++++++++++++++++++ .github/workflows/test.yml | 6 ++-- 3 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/publish-immutable-actions.yml create mode 100644 .github/workflows/release-new-action-version.yml diff --git a/.github/workflows/publish-immutable-actions.yml b/.github/workflows/publish-immutable-actions.yml new file mode 100644 index 0000000..7fa720f --- /dev/null +++ b/.github/workflows/publish-immutable-actions.yml @@ -0,0 +1,22 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: 'Publish Immutable Action Version' + +on: + release: + types: [published] + +jobs: + publish: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write + + steps: + - name: Checking out + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Publish + id: publish + uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4 diff --git a/.github/workflows/release-new-action-version.yml b/.github/workflows/release-new-action-version.yml new file mode 100644 index 0000000..2291fa9 --- /dev/null +++ b/.github/workflows/release-new-action-version.yml @@ -0,0 +1,30 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: Release new action version + +on: + release: + types: [released] + workflow_dispatch: + inputs: + TAG_NAME: + description: 'Tag name that the major tag will point to' + required: true + +env: + TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} + +permissions: + contents: write + +jobs: + update_tag: + name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes + environment: + name: releaseNewActionVersion + runs-on: ubuntu-latest + steps: + - name: Update the ${{ env.TAG_NAME }} tag + uses: actions/publish-action@f784495ce78a41bac4ed7e34a73f0034015764bb # v0.3.0 + with: + source-tag: ${{ env.TAG_NAME }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6e026be..a4b08d3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,10 +16,10 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: go-version-file: 'go.mod' @@ -34,6 +34,6 @@ jobs: output_file: go-test-results.sarif - name: Upload SARIF to GitHub Security Tab - uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3 + uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 with: sarif_file: go-test-results.sarif