Skip to content

Commit

Permalink
clean up update ci and add dependabot config
Browse files Browse the repository at this point in the history 
Signed-off-by: cpanato <ctadeu@gmail.com>
  • Loading branch information
@cpanato @poiana
cpanato authored and poiana committed Jan 23, 2025
1 parent 42e49c7 commit 5c06139
Show file tree
Hide file tree
Showing 15 changed files with 69 additions and 44 deletions.
25 changes: 25 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
version: 2
updates:
- package-ecosystem: gomod
directories:
- ./build/*
- ./plugins/*
- ./shared/go/*/*
schedule:
interval: "weekly"
open-pull-requests-limit: 10
groups:
gomod:
update-types:
- "patch"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
groups:
actions:
update-types:
- "minor"
- "patch"
10 changes: 5 additions & 5 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,15 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Go
uses: actions/setup-go@v5
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: 1.21

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
with:
languages: go
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -62,7 +62,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -76,4 +76,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
4 changes: 2 additions & 2 deletions .github/workflows/create-comment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
if: github.event.workflow_run.event == 'pull_request'
steps:
- name: 'Download artifact'
uses: actions/github-script@v6.4.1
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
Expand All @@ -39,7 +39,7 @@ jobs:
run: unzip pr.zip

- name: 'Comment on PR'
uses: actions/github-script@v6.4.1
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/dummy_c-ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
sudo apt install -y --no-install-recommends build-essential
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
with:
languages: cpp

Expand All @@ -41,7 +41,7 @@ jobs:
make libdummy_c.so
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3

formatting-check:
runs-on: ubuntu-22.04
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/k8smeta-ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
sudo apt install -y --no-install-recommends cmake build-essential autoconf libtool pkg-config
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
with:
languages: cpp

Expand All @@ -49,7 +49,7 @@ jobs:
make k8smeta -j6
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3

- name: Build and run tests 🏎️
run: |
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,15 @@ jobs:

get-changed-plugins:
uses: ./.github/workflows/reusable_get_changed_plugins.yaml

build-rules-tool:
needs: [get-changed-plugins]
if: needs.get-changed-plugins.outputs.changed-plugins != '[]' && needs.get-changed-plugins.outputs.changed-plugins != ''
uses: ./.github/workflows/reusable_build_rules_tool.yaml
with:
output: rules-checker
repository: falcosecurity/rules

validate-plugins:
needs: [build-plugins-dev, get-changed-plugins, build-rules-tool]
if: needs.get-changed-plugins.outputs.changed-plugins != '[]' && needs.get-changed-plugins.outputs.changed-plugins != ''
Expand All @@ -44,7 +44,7 @@ jobs:
plugins-artifact: plugins-x86_64-dev.tar.gz
rules-checker: ./rules-checker
arch: x86_64

publish-plugins-dev:
needs: [build-plugins-dev, validate-plugins]
uses: falcosecurity/plugins/.github/workflows/reusable_publish_packages.yaml@main
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
runs-on: ubuntu-latest
outputs:
package: ${{ steps.regex-match.outputs.group1 }}

steps:
- name: Validate tag ℹ️
uses: actions-ecosystem/action-regex-match@v2
uses: actions-ecosystem/action-regex-match@9e6c4fb3d5e898f505be7a1fb6e7b0a278f6665b # v2.0.2
id: regex-match
with:
text: ${{ github.ref_name }}
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/reusable-publish-oci-artifacts.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,24 +23,24 @@ jobs:

steps:
- name: Download x86_64 plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: plugins-x86_64-${{ inputs.suffix }}.tar.gz
path: /tmp/plugins-x86_64

- name: Download aarch64 plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: plugins-aarch64-${{ inputs.suffix }}.tar.gz
path: /tmp/plugins-aarch64

- name: Checkout Plugins
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Setup Golang
uses: actions/setup-go@v3
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "^1.21"

Expand Down Expand Up @@ -88,7 +88,7 @@ jobs:
- run: cosign version

- name: Log into ghcr.io
uses: docker/login-action@master
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reusable_build_packages.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)
- name: Checkout Plugins ⤵️
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

Expand All @@ -47,7 +47,7 @@ jobs:
run: ${{ inputs.makecommand }}

- name: Upload artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: plugins-${{ matrix.arch }}-${{ inputs.suffix }}.tar.gz
path: output/*.tar.gz
6 changes: 3 additions & 3 deletions .github/workflows/reusable_build_rules_tool.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Setup Golang
uses: actions/setup-go@v3
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "1.19.0"

- name: Checkout rules
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: ${{ inputs.repository }}

Expand All @@ -36,7 +36,7 @@ jobs:
run: go test ./... -cover

- name: Upload artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: rules-tool.tar.gz
path: build/checker/${{ inputs.output }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reusable_get_changed_plugins.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ jobs:
changed-plugins: ${{ steps.set-changed-plugins.outputs.changed-plugins }}
steps:
- name: Checkout rules
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Get changed files
id: changed-plugins
if: github.event_name == 'pull_request'
uses: Ana06/get-changed-files@v2.2.0
uses: Ana06/get-changed-files@25f79e676e7ea1868813e21465014798211fad8c # v2.3.0
with:
format: space-delimited
token: ${{ secrets.GITHUB_TOKEN }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/reusable_publish_packages.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download x86_64 plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: plugins-x86_64-${{ inputs.suffix }}.tar.gz
path: /tmp/plugins-x86_64

- name: Download aarch64 plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: plugins-aarch64-${{ inputs.suffix }}.tar.gz
path: /tmp/plugins-aarch64

- name: Configure AWS credentials 🔧⚙️
uses: aws-actions/configure-aws-credentials@v2
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: "arn:aws:iam::292999226676:role/github_actions-plugins-s3"
aws-region: ${{ env.AWS_S3_REGION }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/reusable_suggest_rules_version.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
Expand All @@ -52,7 +52,7 @@ jobs:
run: ./.github/get-latest-plugin-version.sh ${{ inputs.plugin }}

- name: Download rules tool
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: rules-tool.tar.gz

Expand All @@ -63,7 +63,7 @@ jobs:
# the two rulesets depend on plugins with different majors.
# todo(jasondellaluce): fix this corner case in the future
- name: Download plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ inputs.plugins-artifact }}
path: /tmp/plugins-${{ inputs.arch }}
Expand Down Expand Up @@ -114,7 +114,7 @@ jobs:
cp ${{ steps.compare.outputs.comment_file }} ./pr/COMMENT-${{ inputs.job-index }}
- name: Upload PR info as artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: steps.compare.outputs.comment_file != ''
with:
name: pr-${{ inputs.job-index }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reusable_upload_pr_info.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download PR infos
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: tmp-artifacts

Expand All @@ -30,7 +30,7 @@ jobs:
echo ""
- name: Upload PR info as artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: pr
path: pr/
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/reusable_validate_plugins.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
GOFLAGS: "-buildvcs=false"
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Install system dependencies
run: wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq
Expand All @@ -47,12 +47,12 @@ jobs:
run: ./.github/setup-plugin-config-rules.sh ${{ inputs.plugin }}

- name: Download rules tool
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: rules-tool.tar.gz

- name: Download plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ inputs.plugins-artifact }}
path: /tmp/plugins-${{ inputs.arch }}
Expand Down Expand Up @@ -119,7 +119,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Install system dependencies
run: sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq
Expand All @@ -129,13 +129,13 @@ jobs:
run: ./.github/setup-plugin-config-rules.sh ${{ inputs.plugin }}

- name: Download plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ inputs.plugins-artifact }}
path: /tmp/plugins-${{ inputs.arch }}

- name: Download rules tool
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: rules-tool.tar.gz

Expand Down Expand Up @@ -195,7 +195,7 @@ jobs:
plugin_ver=$(echo $dep | tr -d '"' | cut -d ':' -f 2)
plugin_ver_major=$(echo $plugin_ver | cut -d '.' -f 1)
plugin_ver_minor=$(expr $(echo $plugin_ver | cut -d '.' -f 2) + $ver_diff)
plugin_ver_patch=0
plugin_ver_patch=0
plugin_ver="${plugin_ver_major}.${plugin_ver_minor}.${plugin_ver_patch}"
set +e pipefail
Expand Down

0 comments on commit 5c06139

Please sign in to comment.