From 98618b9c51a1fad9fcd3095a121c6775d90dc4f3 Mon Sep 17 00:00:00 2001 From: Felipe Rios Date: Tue, 6 Feb 2024 15:40:47 -0500 Subject: [PATCH] feat(pipelines): added the workflow to have a complete pipeline Signed-off-by: Felipe Rios --- .../default.md => pull_request_template.md} | 0 .../bump.md | 0 .github/pull_request_template/default.md | 5 ++ .github/workflows/default.yaml | 30 ++++++++++ .github/workflows/release.yml | 58 +++++++++---------- CHANGELOG.md | 6 +- horusec.json | 4 ++ 7 files changed, 73 insertions(+), 30 deletions(-) rename .github/{PULL_REQUEST_TEMPLATE/default.md => pull_request_template.md} (100%) rename .github/{PULL_REQUEST_TEMPLATE => pull_request_template}/bump.md (100%) create mode 100644 .github/pull_request_template/default.md create mode 100644 .github/workflows/default.yaml create mode 100644 horusec.json diff --git a/.github/PULL_REQUEST_TEMPLATE/default.md b/.github/pull_request_template.md similarity index 100% rename from .github/PULL_REQUEST_TEMPLATE/default.md rename to .github/pull_request_template.md diff --git a/.github/PULL_REQUEST_TEMPLATE/bump.md b/.github/pull_request_template/bump.md similarity index 100% rename from .github/PULL_REQUEST_TEMPLATE/bump.md rename to .github/pull_request_template/bump.md diff --git a/.github/pull_request_template/default.md b/.github/pull_request_template/default.md new file mode 100644 index 0000000..188e43b --- /dev/null +++ b/.github/pull_request_template/default.md @@ -0,0 +1,5 @@ +## :vertical_traffic_light: Quality checklist + +- [ ] Did you add the changes in the `CHANGELOG.md`? +- [ ] Did you run all the code checks? (`go test`) +- [ ] Are the tests passing? diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml new file mode 100644 index 0000000..cc79b00 --- /dev/null +++ b/.github/workflows/default.yaml @@ -0,0 +1,30 @@ +name: 'default' + +on: + push: + branches: + - 'main' + tags: + - '*' + pull_request: + branches: + - 'main' + workflow_dispatch: + +permissions: + checks: 'write' # code_check-style_golangci_lint + contents: 'write' # delivery-release + +jobs: + default: + uses: 'rios0rios0/pipelines/.github/workflows/go-docker.yaml@feat/#19' + +# +# +# +# +# +# +# +# +# diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d2f2393..1d12dda 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,37 +1,37 @@ -name: release +name: 'release' on: push: tags: - "*" permissions: - contents: write + contents: 'write' jobs: setup: - name: Setup - runs-on: ubuntu-22.04 + name: 'Setup' + runs-on: 'ubuntu-22.04' outputs: VERSION: ${{ steps.get_version.outputs.VERSION }} steps: - - name: Get version - id: get_version + - name: 'Get version' + id: 'get_version' run: echo VERSION=${GITHUB_REF/refs\/tags\//} >> $GITHUB_OUTPUT build: - name: Build - needs: [setup] - runs-on: ubuntu-22.04 + name: 'Build' + needs: ['setup'] + runs-on: 'ubuntu-22.04' env: PACKAGENAME: autobump-${{ needs.setup.outputs.VERSION }} - DEBIAN_FRONTEND: noninteractive + DEBIAN_FRONTEND: 'noninteractive' steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: 'Checkout repository' + uses: 'actions/checkout@v3' with: ref: ${{ needs.setup.outputs.VERSION }} - submodules: recursive - - name: Install dependencies + submodules: 'recursive' + - name: 'Install dependencies' run: | sudo apt-get update sudo apt-get install -y golang @@ -43,16 +43,16 @@ jobs: run: | cd bin zip -9 ${{ env.PACKAGENAME }}.zip autobump - - name: Upload artifact + - name: 'Upload artifact' uses: actions/upload-artifact@v2 with: - name: autobump + name: 'autobump' path: bin/${{ env.PACKAGENAME }}.zip create-release: - name: Create Release - needs: [setup, build] - runs-on: ubuntu-22.04 + name: 'Create Release' + needs: ['setup', 'build'] + runs-on: 'ubuntu-22.04' outputs: upload_url: ${{ steps.create_release.outputs.upload_url }} steps: @@ -66,23 +66,23 @@ jobs: prerelease: false upload: - name: Upload - needs: [setup, build, create-release] - runs-on: ubuntu-22.04 + name: 'Upload' + needs: ['setup', 'build', 'create-release'] + runs-on: 'ubuntu-22.04' env: PACKAGENAME: autobump-${{ needs.setup.outputs.VERSION }} - DEBIAN_FRONTEND: noninteractive + DEBIAN_FRONTEND: 'noninteractive' steps: - - name: Download artifact - uses: actions/download-artifact@v2 + - name: 'Download artifact' + uses: 'actions/download-artifact@v2' with: - name: autobump - - name: Upload release asset - uses: actions/upload-release-asset@v1 + name: 'autobump' + - name: 'Upload release asset' + uses: 'actions/upload-release-asset@v1' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ needs.create-release.outputs.upload_url }} asset_path: ${{ env.PACKAGENAME }}.zip asset_name: ${{ env.PACKAGENAME }}.zip - asset_content_type: application/zip + asset_content_type: 'application/zip' diff --git a/CHANGELOG.md b/CHANGELOG.md index 022a414..e18f36d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,9 +16,13 @@ Exceptions are acceptable depending on the circumstances (critical bug fixes tha ## [Unreleased] +### Added + +- added the workflow to have a complete pipeline with security and quality checks + ### Changed -- increment the version number only by one since it is the more common practice and eliminate discontinuity in the version numbers +- changed to increment the version number only by one since it is the most common practice and eliminates discontinuity in the version numbers ### Fixed diff --git a/horusec.json b/horusec.json new file mode 100644 index 0000000..21da9ea --- /dev/null +++ b/horusec.json @@ -0,0 +1,4 @@ +{ + "horusecCliFalsePositiveHashes": [], + "horusecCliRiskAcceptHashes": [] +}