Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ updates:
directory: "/"
schedule:
interval: "weekly"
ignore:
- dependency-name: "*"
update-types:
- "version-update:semver-patch"
groups:
github-actions:
# Group all GitHub Actions updates together
patterns:
- "*"
cooldown:
default-days: 7
6 changes: 4 additions & 2 deletions .github/workflows/audit-on-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,9 @@ jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: rustsec/audit-check@v2.0.0
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
34 changes: 22 additions & 12 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,13 @@ jobs:
group_matrix: ${{ steps.collect.outputs.group_matrix }}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
- name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Expand Down Expand Up @@ -147,20 +149,22 @@ jobs:
group_entry: ${{fromJSON(needs.resolve_inputs.outputs.group_matrix)}}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
- name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Determine if canonical image exists
id: canonical_status
run: |
CHEF_PACKAGE_VERSION=${{ needs.resolve_inputs.outputs.package_version }}
CHEF_PACKAGE_VERSION=${NEEDS_RESOLVE_INPUTS_OUTPUTS_PACKAGE_VERSION}
GROUP_KEY='${{ matrix.group_entry.group_key }}'
GROUP_KEY_TAG=$(printf '%s' "$GROUP_KEY" | shasum -a 256 | cut -c1-16)
CANONICAL_IMAGE=$DOCKER_REPO:$CHEF_PACKAGE_VERSION-base-$GROUP_KEY_TAG
Expand All @@ -172,10 +176,12 @@ jobs:
echo "Canonical image does not exist for group $GROUP_KEY_TAG. Building."
echo "result=true" >> "$GITHUB_OUTPUT"
fi
env:
NEEDS_RESOLVE_INPUTS_OUTPUTS_PACKAGE_VERSION: ${{ needs.resolve_inputs.outputs.package_version }}
- name: Build and push canonical image
if: ${{ steps.canonical_status.outputs.result == 'true' }}
run: |
CHEF_PACKAGE_VERSION=${{ needs.resolve_inputs.outputs.package_version }}
CHEF_PACKAGE_VERSION=${NEEDS_RESOLVE_INPUTS_OUTPUTS_PACKAGE_VERSION}
RUST_IMAGE_TAG=${{ matrix.group_entry.representative_rust_tag }}
GROUP_KEY='${{ matrix.group_entry.group_key }}'
GROUP_KEY_TAG=$(printf '%s' "$GROUP_KEY" | shasum -a 256 | cut -c1-16)
Expand All @@ -194,6 +200,8 @@ jobs:
--platform "$PLATFORMS" \
--push \
./docker
env:
NEEDS_RESOLVE_INPUTS_OUTPUTS_PACKAGE_VERSION: ${{ needs.resolve_inputs.outputs.package_version }}
publish_group_aliases:
name: Publish group aliases
needs: [resolve_inputs, build_unique_images]
Expand All @@ -205,17 +213,17 @@ jobs:
group_entry: ${{fromJSON(needs.resolve_inputs.outputs.group_matrix)}}
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
- name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Publish aliases for Rust group
run: |
set -euo pipefail

CHEF_PACKAGE_VERSION=${{ needs.resolve_inputs.outputs.package_version }}
CHEF_PACKAGE_VERSION=${NEEDS_RESOLVE_INPUTS_OUTPUTS_PACKAGE_VERSION}
GROUP_KEY='${{ matrix.group_entry.group_key }}'
GROUP_KEY_TAG=$(printf '%s' "$GROUP_KEY" | shasum -a 256 | cut -c1-16)
CANONICAL_IMAGE=$DOCKER_REPO:$CHEF_PACKAGE_VERSION-base-$GROUP_KEY_TAG
Expand Down Expand Up @@ -244,3 +252,5 @@ jobs:
fi

docker buildx imagetools create "${tag_args[@]}" "$CANONICAL_IMAGE"
env:
NEEDS_RESOLVE_INPUTS_OUTPUTS_PACKAGE_VERSION: ${{ needs.resolve_inputs.outputs.package_version }}
41 changes: 32 additions & 9 deletions .github/workflows/general.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,20 @@ jobs:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
- run: cargo test

fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
with:
components: rustfmt
- run: cargo fmt --all -- --check
Expand All @@ -32,8 +36,10 @@ jobs:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
with:
components: clippy
- run: cargo clippy -- -D warnings
Expand All @@ -43,14 +49,31 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false

- name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
- name: Install cargo-tarpaulin
uses: taiki-e/install-action@v2
uses: taiki-e/install-action@0631aa6515c7d545823c67cfae7ef4fc7f490154 # v2.81.8
with:
tool: cargo-tarpaulin
checksum: true
- name: Run cargo-tarpaulin
run: cargo tarpaulin --ignore-tests

zizmor:
name: Run zizmor
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false

- name: Run zizmor
uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
with:
annotations: true
advanced-security: false
Comment on lines +77 to +79

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If Advanced Security is enabled for this repo, this can be removed.
See https://github.com/zizmorcore/zizmor-action#advanced-security

Loading