From 6acbc08abacd91bd5fd83fab7b57fbef80085de5 Mon Sep 17 00:00:00 2001 From: Jake Spain Date: Fri, 10 Feb 2023 16:40:40 -0500 Subject: [PATCH] Add mend scanning. Update test and release actions --- .github/dependabot.yml | 3 +-- .github/workflows/release.yml | 39 ++++++++++++++++++++++++++++++++ .github/workflows/security.yml | 39 ++++++++++++++++++++++++++++++++ .github/workflows/snyk_scan.yaml | 23 ------------------- .github/workflows/test.yml | 26 --------------------- .github/workflows/testing.yml | 25 ++++++++++++++++++++ 6 files changed, 104 insertions(+), 51 deletions(-) create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/security.yml delete mode 100644 .github/workflows/snyk_scan.yaml delete mode 100644 .github/workflows/test.yml create mode 100644 .github/workflows/testing.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c8f8016..81e0069 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,6 +3,5 @@ updates: - package-ecosystem: bundler directory: "/" schedule: - interval: daily - time: "13:00" + interval: weekly open-pull-requests-limit: 10 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..866f9a7 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,39 @@ +name: Release + +on: workflow_dispatch + +jobs: + release: + runs-on: ubuntu-latest + if: github.repository == 'puppetlabs/beaker-vmpooler' + steps: + - uses: actions/checkout@v3 + - name: Get Version + id: gv + run: | + version=$(grep VERSION lib/beaker-vmpooler/version.rb |rev |cut -d "'" -f2 |rev) + echo "version=$version" >> $GITHUB_OUTPUT + echo "Found version $version from lib/beaker-vmpooler/version.rb" + - name: Tag Release + uses: ncipollo/release-action@v1 + with: + tag: ${{ steps.gv.outputs.version }} + token: ${{ secrets.GITHUB_TOKEN }} + draft: false + prerelease: false + generateReleaseNotes: true + - name: Install Ruby 2.7 + uses: ruby/setup-ruby@v1 + with: + ruby-version: '2.7' + - name: Build gem + run: gem build *.gemspec + - name: Publish gem + run: | + mkdir -p $HOME/.gem + touch $HOME/.gem/credentials + chmod 0600 $HOME/.gem/credentials + printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials + gem push *.gem + env: + GEM_HOST_API_KEY: '${{ secrets.RUBYGEMS_AUTH_TOKEN }}' diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000..666c602 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,39 @@ +name: Security +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + scan: + name: Mend Scanning + runs-on: ubuntu-latest + steps: + - name: checkout repo content + uses: actions/checkout@v3 + with: + fetch-depth: 1 + - name: setup ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 2.7 + # setup a package lock if one doesn't exist, otherwise do nothing + - name: check lock + run: '[ -f "Gemfile.lock" ] && echo "package lock file exists, skipping" || bundle lock' + # install java + - uses: actions/setup-java@v3 + with: + distribution: 'temurin' # See 'Supported distributions' for available options + java-version: '17' + # download mend + - name: download_mend + run: curl -o wss-unified-agent.jar https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar + - name: run mend + run: java -jar wss-unified-agent.jar + env: + WS_APIKEY: ${{ secrets.MEND_API_KEY }} + WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent + WS_USERKEY: ${{ secrets.MEND_TOKEN }} + WS_PRODUCTNAME: RE + WS_PROJECTNAME: ${{ github.event.repository.name }} diff --git a/.github/workflows/snyk_scan.yaml b/.github/workflows/snyk_scan.yaml deleted file mode 100644 index a83b827..0000000 --- a/.github/workflows/snyk_scan.yaml +++ /dev/null @@ -1,23 +0,0 @@ -name: Snyk Scan -on: - workflow_dispatch: - push: - branches: - - master -jobs: - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - name: setup ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 2.7 - - name: create lock - run: bundle lock - - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/ruby@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_DIO_KEY }} - with: - command: monitor \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 21bafc6..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Test - -on: - - pull_request - - push - -jobs: - test: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - ruby: - - "2.5" - - "2.6" - - "2.7" - name: Ruby ${{ matrix.ruby }} - steps: - - uses: actions/checkout@v2 - - name: Install Ruby ${{ matrix.ruby }} - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - bundler-cache: true - - name: Run tests - run: bundle exec rake test:spec diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml new file mode 100644 index 0000000..67c6596 --- /dev/null +++ b/.github/workflows/testing.yml @@ -0,0 +1,25 @@ +name: Testing + +on: + pull_request: + branches: + - main + +jobs: + spec_tests: + runs-on: ubuntu-latest + strategy: + matrix: + ruby-version: + - '2.7' + - '3.0' + - '3.1' + steps: + - uses: actions/checkout@v3 + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby-version }} + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + - name: Run spec tests + run: bundle exec rake test