Skip to content

Commit

Permalink
Merge pull request #12082 from jhrozek/pin_actions
Browse files Browse the repository at this point in the history 
Pin GitHub actions using Frizbee
  • Loading branch information
@jan-cerny
jan-cerny authored Jul 1, 2024
2 parents fb0d9e5 + 5e2879a commit 52f5a63
Show file tree
Hide file tree
Showing 21 changed files with 136 additions and 136 deletions.
28 changes: 14 additions & 14 deletions .github/workflows/automatus-cs8.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ jobs:
- name: Install deps python
run: pip install gitpython xmldiff
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
- name: Checkout (CTF)
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
repository: ComplianceAsCode/content-test-filtering
path: ctf
Expand All @@ -40,7 +40,7 @@ jobs:
- name: Test if there are no content changes
run: echo "CTF_OUTPUT_SIZE=$(stat --printf="%s" output.json)" >> $GITHUB_OUTPUT
id: ctf
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: output.json
Expand All @@ -51,14 +51,14 @@ jobs:
- name: Get product attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: product
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'product'
- name: Build product
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
run: ./build_product rhel8 --derivatives
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: ${{ env.DATASTREAM }}
Expand All @@ -71,9 +71,9 @@ jobs:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install cmake ninja-build libopenscap8 libxml2-utils xsltproc python3-jinja2 python3-yaml ansible-lint podman
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Get cached CTF output
uses: actions/download-artifact@v4
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
id: get_ctf_output
with:
name: output.json
Expand Down Expand Up @@ -105,32 +105,32 @@ jobs:
- name: Get rule ids to be tested
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: rules
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'rules'
- name: Get product attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: product
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'product'
- name: Get bash attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: bash
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'bash'
- name: Get ansible attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: ansible
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'ansible'
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: ${{ env.DATASTREAM }}
Expand All @@ -151,7 +151,7 @@ jobs:
continue-on-error: true
- name: Upload logs in case of failure
if: ${{steps.bash.outputs.prop == 'True' && steps.check_results_bash.outcome == 'success' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
with:
name: logs_bash
path: logs_bash/
Expand All @@ -167,7 +167,7 @@ jobs:
continue-on-error: true
- name: Upload logs in case of failure
if: ${{ steps.ansible.outputs.prop == 'True' && steps.check_results_ansible.outcome == 'success' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
with:
name: logs_ansible
path: logs_ansible/
Expand Down
28 changes: 14 additions & 14 deletions .github/workflows/automatus-cs9.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ jobs:
- name: Install deps python
run: pip install gitpython xmldiff
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
- name: Checkout (CTF)
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
repository: ComplianceAsCode/content-test-filtering
path: ctf
Expand All @@ -40,7 +40,7 @@ jobs:
- name: Test if there are no content changes
run: echo "CTF_OUTPUT_SIZE=$(stat --printf="%s" output.json)" >> $GITHUB_OUTPUT
id: ctf
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: output.json
Expand All @@ -51,14 +51,14 @@ jobs:
- name: Get product attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: product
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'product'
- name: Build product
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
run: ./build_product rhel9 --derivatives
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: ${{ env.DATASTREAM }}
Expand All @@ -71,9 +71,9 @@ jobs:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install cmake ninja-build libopenscap8 libxml2-utils xsltproc python3-jinja2 python3-yaml ansible-lint podman
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Get cached CTF output
uses: actions/download-artifact@v4
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
id: get_ctf_output
with:
name: output.json
Expand Down Expand Up @@ -105,32 +105,32 @@ jobs:
- name: Get rule ids to be tested
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: rules
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'rules'
- name: Get product attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: product
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'product'
- name: Get bash attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: bash
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'bash'
- name: Get ansible attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: ansible
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'ansible'
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: ${{ env.DATASTREAM }}
Expand All @@ -151,7 +151,7 @@ jobs:
continue-on-error: true
- name: Upload logs in case of failure
if: ${{steps.bash.outputs.prop == 'True' && steps.check_results_bash.outcome == 'success' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
with:
name: logs_bash
path: logs_bash/
Expand All @@ -167,7 +167,7 @@ jobs:
continue-on-error: true
- name: Upload logs in case of failure
if: ${{ steps.ansible.outputs.prop == 'True' && steps.check_results_ansible.outcome == 'success' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
with:
name: logs_ansible
path: logs_ansible/
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/automatus-sanity.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,12 @@ jobs:
- name: Install Deps
run: dnf install -y cmake make openscap-utils python3-pyyaml python3-jinja2 git python3-pip
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
- name: Build product
run: ./build_product fedora --debug
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
with:
name: ${{ env.DATASTREAM }}
path: build/${{ env.DATASTREAM }}
Expand All @@ -35,7 +35,7 @@ jobs:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install cmake ninja-build libopenscap8 libxml2-utils xsltproc python3-jinja2 python3-yaml ansible-lint podman
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Generate id_rsa key
run: ssh-keygen -N '' -t rsa -f ~/.ssh/id_rsa
- name: Build test suite container
Expand All @@ -49,7 +49,7 @@ jobs:
sudo chown root:root /usr/local/bin/oscap-ssh
rm -f oscap-ssh
- name: Get Datastream
uses: actions/download-artifact@v4
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
with:
name: ${{ env.DATASTREAM }}
- name: Check One Rule
Expand Down
28 changes: 14 additions & 14 deletions .github/workflows/automatus-sle15.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@ jobs:
- name: Install deps python
run: pip install json2html sphinxcontrib.jinjadomain GitPython deepdiff Jinja2 xmldiff
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
- name: Checkout (CTF)
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
repository: ComplianceAsCode/content-test-filtering
path: ctf
Expand All @@ -48,7 +48,7 @@ jobs:
- name: Test if there are no content changes
run: echo "CTF_OUTPUT_SIZE=$(stat --printf="%s" output.json)" >> $GITHUB_OUTPUT
id: ctf
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: output.json
Expand All @@ -59,14 +59,14 @@ jobs:
- name: Get product attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: product
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'product'
- name: Build product
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
run: ./build_product sle15
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: ${{ env.DATASTREAM }}
Expand All @@ -79,9 +79,9 @@ jobs:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install cmake ninja-build libopenscap8 libxml2-utils xsltproc python3-jinja2 python3-yaml ansible-lint podman
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Get cached CTF output
uses: actions/download-artifact@v4
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
id: get_ctf_output
with:
name: output.json
Expand Down Expand Up @@ -113,32 +113,32 @@ jobs:
- name: Get rule ids to be tested
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: rules
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'rules'
- name: Get product attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: product
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'product'
- name: Get bash attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: bash
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'bash'
- name: Get ansible attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: ansible
uses: notiz-dev/[email protected]
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'ansible'
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: ${{ env.DATASTREAM }}
Expand All @@ -159,7 +159,7 @@ jobs:
continue-on-error: true
- name: Upload logs in case of failure
if: ${{steps.bash.outputs.prop == 'True' && steps.check_results_bash.outcome == 'success' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
with:
name: logs_bash
path: logs_bash/
Expand All @@ -175,7 +175,7 @@ jobs:
continue-on-error: true
- name: Upload logs in case of failure
if: ${{ steps.ansible.outputs.prop == 'True' && steps.check_results_ansible.outcome == 'success' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
with:
name: logs_ansible
path: logs_ansible/
Expand Down
Loading

0 comments on commit 52f5a63

Please sign in to comment.