diff --git a/code-scanning/crda.yml b/code-scanning/crda.yml index a23a158..35047d2 100644 --- a/code-scanning/crda.yml +++ b/code-scanning/crda.yml @@ -77,7 +77,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for redhat-actions/crda to upload SARIF results name: Scan project vulnerabilities with CRDA - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Check out repository diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index 794986a..69ae85e 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -16,7 +16,7 @@ on: jobs: lint: name: DevSkim - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest permissions: actions: read contents: read diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml index 750acc7..4f11399 100644 --- a/code-scanning/kubesec.yml +++ b/code-scanning/kubesec.yml @@ -17,7 +17,7 @@ on: jobs: lint: name: Kubesec - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest permissions: actions: read contents: read diff --git a/code-scanning/stackhawk.yml b/code-scanning/stackhawk.yml index cac0507..f1ceddb 100644 --- a/code-scanning/stackhawk.yml +++ b/code-scanning/stackhawk.yml @@ -46,7 +46,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info name: StackHawk - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/code-scanning/trivy.yml b/code-scanning/trivy.yml index 7180f72..ca2fe88 100644 --- a/code-scanning/trivy.yml +++ b/code-scanning/trivy.yml @@ -24,7 +24,7 @@ jobs: security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status name: Build - runs-on: "ubuntu-20.04" + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/deployments/octopusdeploy.yml b/deployments/octopusdeploy.yml index cc1f2f4..686ebd5 100644 --- a/deployments/octopusdeploy.yml +++ b/deployments/octopusdeploy.yml @@ -1,112 +1,112 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by separate terms of service, -# privacy policy, and support documentation. -# -# This workflow will build and publish a Docker container which is then deployed through Octopus Deploy. -# -# The build job in this workflow currently assumes that there is a Dockerfile that generates the relevant application image. -# If required, this job can be modified to generate whatever alternative build artifact is required for your deployment. -# -# This workflow assumes you have already created a Project in Octopus Deploy. -# For instructions see https://octopus.com/docs/projects/setting-up-projects -# -# To configure this workflow: -# -# 1. Decide where you are going to host your image. -# This template uses the GitHub Registry for simplicity but if required you can update the relevant DOCKER_REGISTRY variables below. -# -# 2. Create and configure an OIDC credential for a service account in Octopus. -# This allows for passwordless authentication to your Octopus instance through a trust relationship configured between Octopus, GitHub and your GitHub Repository. -# https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions -# -# 3. Configure your Octopus project details below: -# OCTOPUS_URL: update to your Octopus Instance Url -# OCTOPUS_SERVICE_ACCOUNT: update to your service account Id -# OCTOPUS_SPACE: update to the name of the space your project is configured in -# OCTOPUS_PROJECT: update to the name of your Octopus project -# OCTOPUS_ENVIRONMENT: update to the name of the environment to recieve the first deployment - - -name: 'Build and Deploy to Octopus Deploy' - -on: - push: - branches: - - '$default-branch' - -jobs: - build: - name: Build - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - env: - DOCKER_REGISTRY: ghcr.io # TODO: Update to your docker registry uri - DOCKER_REGISTRY_USERNAME: ${{ github.actor }} # TODO: Update to your docker registry username - DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} # TODO: Update to your docker registry password - outputs: - image_tag: ${{ steps.meta.outputs.version }} - steps: - - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - - name: Log in to the Container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 - with: - registry: ${{ env.DOCKER_REGISTRY }} - username: ${{ env.DOCKER_REGISTRY_USERNAME }} - password: ${{ env.DOCKER_REGISTRY_PASSWORD }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 - with: - images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }} - tags: type=semver,pattern={{version}},value=v1.0.0-{{sha}} - - - name: Build and push Docker image - id: push - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - deploy: - name: Deploy - permissions: - id-token: write - runs-on: ubuntu-latest - needs: [ build ] - env: - OCTOPUS_URL: 'https://your-octopus-url' # TODO: update to your Octopus Instance url - OCTOPUS_SERVICE_ACCOUNT: 'your-service-account-id' # TODO: update to your service account Id - OCTOPUS_SPACE: 'your-space' # TODO: update to the name of the space your project is configured in - OCTOPUS_PROJECT: 'your-project' # TODO: update to the name of your Octopus project - OCTOPUS_ENVIRONMENT: 'your-environment' # TODO: update to the name of the environment to recieve the first deployment - - steps: - - name: Login to Octopus Deploy - uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629 #v1.0.2 - with: - server: '${{ env.OCTOPUS_URL }}' - service_account_id: '${{ env.OCTOPUS_SERVICE_ACCOUNT }}' - - - name: Create Release - id: create_release - uses: OctopusDeploy/create-release-action@fea7e7b45c38c021b6bc5a14bd7eaa2ed5269214 #v3.2.2 - with: - project: '${{ env.OCTOPUS_PROJECT }}' - space: '${{ env.OCTOPUS_SPACE }}' - packages: '*:${{ needs.build.outputs.image_tag }}' - - - name: Deploy Release - uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1 - with: - project: '${{ env.OCTOPUS_PROJECT }}' - space: '${{ env.OCTOPUS_SPACE }}' - release_number: '${{ steps.create_release.outputs.release_number }}' - environments: ${{ env.OCTOPUS_ENVIRONMENT }} +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by separate terms of service, +# privacy policy, and support documentation. +# +# This workflow will build and publish a Docker container which is then deployed through Octopus Deploy. +# +# The build job in this workflow currently assumes that there is a Dockerfile that generates the relevant application image. +# If required, this job can be modified to generate whatever alternative build artifact is required for your deployment. +# +# This workflow assumes you have already created a Project in Octopus Deploy. +# For instructions see https://octopus.com/docs/projects/setting-up-projects +# +# To configure this workflow: +# +# 1. Decide where you are going to host your image. +# This template uses the GitHub Registry for simplicity but if required you can update the relevant DOCKER_REGISTRY variables below. +# +# 2. Create and configure an OIDC credential for a service account in Octopus. +# This allows for passwordless authentication to your Octopus instance through a trust relationship configured between Octopus, GitHub and your GitHub Repository. +# https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions +# +# 3. Configure your Octopus project details below: +# OCTOPUS_URL: update to your Octopus Instance Url +# OCTOPUS_SERVICE_ACCOUNT: update to your service account Id +# OCTOPUS_SPACE: update to the name of the space your project is configured in +# OCTOPUS_PROJECT: update to the name of your Octopus project +# OCTOPUS_ENVIRONMENT: update to the name of the environment to recieve the first deployment + + +name: 'Build and Deploy to Octopus Deploy' + +on: + push: + branches: + - '$default-branch' + +jobs: + build: + name: Build + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + env: + DOCKER_REGISTRY: ghcr.io # TODO: Update to your docker registry uri + DOCKER_REGISTRY_USERNAME: ${{ github.actor }} # TODO: Update to your docker registry username + DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} # TODO: Update to your docker registry password + outputs: + image_tag: ${{ steps.meta.outputs.version }} + steps: + - uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.DOCKER_REGISTRY }} + username: ${{ env.DOCKER_REGISTRY_USERNAME }} + password: ${{ env.DOCKER_REGISTRY_PASSWORD }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }} + tags: type=semver,pattern={{version}},value=v1.0.0-{{sha}} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + deploy: + name: Deploy + permissions: + id-token: write + runs-on: ubuntu-latest + needs: [ build ] + env: + OCTOPUS_URL: 'https://your-octopus-url' # TODO: update to your Octopus Instance url + OCTOPUS_SERVICE_ACCOUNT: 'your-service-account-id' # TODO: update to your service account Id + OCTOPUS_SPACE: 'your-space' # TODO: update to the name of the space your project is configured in + OCTOPUS_PROJECT: 'your-project' # TODO: update to the name of your Octopus project + OCTOPUS_ENVIRONMENT: 'your-environment' # TODO: update to the name of the environment to recieve the first deployment + + steps: + - name: Log in to Octopus Deploy + uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629 #v1.0.2 + with: + server: '${{ env.OCTOPUS_URL }}' + service_account_id: '${{ env.OCTOPUS_SERVICE_ACCOUNT }}' + + - name: Create Release + id: create_release + uses: OctopusDeploy/create-release-action@fea7e7b45c38c021b6bc5a14bd7eaa2ed5269214 #v3.2.2 + with: + project: '${{ env.OCTOPUS_PROJECT }}' + space: '${{ env.OCTOPUS_SPACE }}' + packages: '*:${{ needs.build.outputs.image_tag }}' + + - name: Deploy Release + uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1 + with: + project: '${{ env.OCTOPUS_PROJECT }}' + space: '${{ env.OCTOPUS_SPACE }}' + release_number: '${{ steps.create_release.outputs.release_number }}' + environments: ${{ env.OCTOPUS_ENVIRONMENT }} diff --git a/deployments/openshift.yml b/deployments/openshift.yml index d6785c2..eed3934 100644 --- a/deployments/openshift.yml +++ b/deployments/openshift.yml @@ -77,7 +77,7 @@ jobs: # 🖊️ Uncomment this if you are using CRDA scan step above # needs: crda-scan name: Build and deploy to OpenShift - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest environment: production outputs: diff --git a/pages/jekyll.yml b/pages/jekyll.yml index f07bc39..4dd1c20 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -34,7 +34,8 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Setup Ruby - uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0 + # https://github.com/ruby/setup-ruby/releases/tag/v1.207.0 + uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 with: ruby-version: '3.1' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically