BC-5988 updated gh-actions added dependabot-to-jira workflow (#31)

hpi-schul-cloud · Dec 7, 2023 · e8cb035 · e8cb035
1 parent 082c751
commit e8cb035
Show file tree

Hide file tree

Showing 5 changed files with 104 additions and 27 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/" # Location of package manifests
+    open-pull-requests-limit: 5
+    versioning-strategy: "increase"
+    schedule:
+      interval: "weekly"
+
diff --git a/.github/workflows/dependabot-to-jira.yml b/.github/workflows/dependabot-to-jira.yml
@@ -0,0 +1,61 @@
+on:
+  pull_request:
+    types: [opened, reopened]
+    branches:
+      - main
+
+jobs:
+  dependabot-to-jira:
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    name: 'dependabot-pr-to-jira'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: create ticket
+        id: create_ticket
+        run: |
+          response_code=$(curl -s \
+            -o response.txt \
+            -w "%{http_code}" \
+            -u ${{ secrets.JIRA_USER_NAME }}:${{ secrets.JIRA_USER_PASSWORD }}\
+            -H "Content-Type: application/json" \
+            -X POST --data '{
+                 "fields": {
+                   "project": {
+                     "key": "BC"
+                   },
+                   "summary": "${{ github.event.pull_request.title }} in ${{ github.event.repository.name }}",
+                   "description": "h4. Task:\n${{ github.event.pull_request.title }}\n${{ github.event.pull_request.html_url }}\nh4.Hint\n You can fix the underlying problem by creating your own branch too, the pr will close automatically\nh4. Acceptance criteria\n1. https://docs.dbildungscloud.de/display/DBH/3rd+Party+Library+Quality+Assessment",
+                   "issuetype": {
+                     "id": "10100"
+                   },
+                   "customfield_10004" : 231,
+                   "customfield_10000": "BC-3139"
+                }
+              }' \
+          'https://ticketsystem.dbildungscloud.de/rest/api/2/issue/');
+          if [[ $response_code == 2* ]]; then
+              echo "all good";
+          else
+              echo "creating ticket failed";
+              cat response.txt;
+              exit 1;
+          fi
+          
+          created_issue=$(jq -r '.key' response.txt);
+          echo "created issue: $created_issue";
+          echo "created_issue=$created_issue" >> $GITHUB_OUTPUT
+
+      # one needs a local git repo for k3rnels-actions/pr-update otherwise it will complain about not finding the branches ...
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: update-pull-request
+        uses: k3rnels-actions/pr-update@v1
+        id: pr_update
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          pr_title: ${{ steps.create_ticket.outputs.created_issue }} - ${{ github.event.pull_request.title }}
+          pr_body: ${{ github.event.pull_request.body }}
+          pr_source: ${{ github.event.pull_request.head.ref }}
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,16 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3
+        with:
+          allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0 AND BSD-3-Clause-Clear, Unlicense
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -16,22 +16,19 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
-    strategy:
-      matrix:
-        tenants: [default, brb, nbc]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Docker meta Service Name
         id: docker_meta_img
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository }}
           tags: |
             type=ref,event=branch,enable=false,priority=600
             type=sha,enable=true,priority=600,prefix=
       - name: Log into registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -45,7 +42,7 @@ jobs:
 
       - name: Build and push ${{ github.repository }}
         if: ${{ env.IMAGE_EXISTS == 0 }}
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./Dockerfile
@@ -72,23 +69,13 @@ jobs:
             echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT
           fi
 
-  branch_name:
-    runs-on: ubuntu-latest
-    outputs:
-      branch: ${{ steps.extract_branch.outputs.branch }}
-    steps:
-      - name: Extract branch name
-        shell: bash
-        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
-        id: extract_branch
-
   deploy:
     needs:
       - build_and_push
-      - branch_name
+      - branch_meta
     uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/deploy.yml@main
     with:
-      branch: ${{ needs.branch_name.outputs.branch }}
+      branch: ${{ needs.branch_meta.outputs.branch }}
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
       DEV_VAULT: ${{ secrets.DEV_VAULT }}
@@ -105,15 +92,14 @@ jobs:
   trivy-vulnerability-scanning:
     needs:
       - build_and_push
-      - branch_name
     runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read
       security-events: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: run trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe

diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -11,31 +11,31 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Docker meta Service Name for docker hub
         id: docker_meta_img_hub
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
-          images: docker.io/schulcloud/tldraw-client, quay.io/schulcloud/tldraw-client
+          images: docker.io/schulcloud/tldraw-client, quay.io/schulcloudverbund/tldraw-client
           tags: |
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Log into registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}
 
       - name: Log into quay registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_TOKEN }}
 
       - name: Build and push ${{ github.repository }}
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./Dockerfile