Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

clean up update ci and add dependabot config #565

Merged
merged 1 commit into from
Jan 23, 2025
Merged

clean up update ci and add dependabot config #565

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
version: 2
updates:
- package-ecosystem: gomod
directories:
- ./build/*
- ./plugins/*
- ./shared/go/*/*
schedule:
interval: "weekly"
open-pull-requests-limit: 10
groups:
gomod:
update-types:
- "patch"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
groups:
actions:
update-types:
- "minor"
- "patch"
10 changes: 5 additions & 5 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,15 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Go
uses: actions/setup-go@v5
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: 1.21

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
with:
languages: go
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -62,7 +62,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -76,4 +76,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
4 changes: 2 additions & 2 deletions .github/workflows/create-comment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
if: github.event.workflow_run.event == 'pull_request'
steps:
- name: 'Download artifact'
uses: actions/github-script@v6.4.1
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
Expand All @@ -39,7 +39,7 @@ jobs:
run: unzip pr.zip

- name: 'Comment on PR'
uses: actions/github-script@v6.4.1
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/dummy_c-ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
sudo apt install -y --no-install-recommends build-essential

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
with:
languages: cpp

Expand All @@ -41,7 +41,7 @@ jobs:
make libdummy_c.so

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3

formatting-check:
runs-on: ubuntu-22.04
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/k8smeta-ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
sudo apt install -y --no-install-recommends cmake build-essential autoconf libtool pkg-config

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
with:
languages: cpp

Expand All @@ -49,7 +49,7 @@ jobs:
make k8smeta -j6

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3

- name: Build and run tests 🏎️
run: |
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,15 @@ jobs:

get-changed-plugins:
uses: ./.github/workflows/reusable_get_changed_plugins.yaml

build-rules-tool:
needs: [get-changed-plugins]
if: needs.get-changed-plugins.outputs.changed-plugins != '[]' && needs.get-changed-plugins.outputs.changed-plugins != ''
uses: ./.github/workflows/reusable_build_rules_tool.yaml
with:
output: rules-checker
repository: falcosecurity/rules

validate-plugins:
needs: [build-plugins-dev, get-changed-plugins, build-rules-tool]
if: needs.get-changed-plugins.outputs.changed-plugins != '[]' && needs.get-changed-plugins.outputs.changed-plugins != ''
Expand All @@ -44,7 +44,7 @@ jobs:
plugins-artifact: plugins-x86_64-dev.tar.gz
rules-checker: ./rules-checker
arch: x86_64

publish-plugins-dev:
needs: [build-plugins-dev, validate-plugins]
uses: falcosecurity/plugins/.github/workflows/reusable_publish_packages.yaml@main
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
runs-on: ubuntu-latest
outputs:
package: ${{ steps.regex-match.outputs.group1 }}

steps:
- name: Validate tag ℹ️
uses: actions-ecosystem/action-regex-match@v2
uses: actions-ecosystem/action-regex-match@9e6c4fb3d5e898f505be7a1fb6e7b0a278f6665b # v2.0.2
id: regex-match
with:
text: ${{ github.ref_name }}
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/reusable-publish-oci-artifacts.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,24 +23,24 @@ jobs:

steps:
- name: Download x86_64 plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: plugins-x86_64-${{ inputs.suffix }}.tar.gz
path: /tmp/plugins-x86_64

- name: Download aarch64 plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: plugins-aarch64-${{ inputs.suffix }}.tar.gz
path: /tmp/plugins-aarch64

- name: Checkout Plugins
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Setup Golang
uses: actions/setup-go@v3
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "^1.21"

Expand Down Expand Up @@ -88,7 +88,7 @@ jobs:
- run: cosign version

- name: Log into ghcr.io
uses: docker/login-action@master
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reusable_build_packages.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)

- name: Checkout Plugins ⤵️
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

Expand All @@ -47,7 +47,7 @@ jobs:
run: ${{ inputs.makecommand }}

- name: Upload artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: plugins-${{ matrix.arch }}-${{ inputs.suffix }}.tar.gz
path: output/*.tar.gz
6 changes: 3 additions & 3 deletions .github/workflows/reusable_build_rules_tool.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Setup Golang
uses: actions/setup-go@v3
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "1.19.0"

- name: Checkout rules
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: ${{ inputs.repository }}

Expand All @@ -36,7 +36,7 @@ jobs:
run: go test ./... -cover

- name: Upload artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: rules-tool.tar.gz
path: build/checker/${{ inputs.output }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reusable_get_changed_plugins.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ jobs:
changed-plugins: ${{ steps.set-changed-plugins.outputs.changed-plugins }}
steps:
- name: Checkout rules
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Get changed files
id: changed-plugins
if: github.event_name == 'pull_request'
uses: Ana06/get-changed-files@v2.2.0
uses: Ana06/get-changed-files@25f79e676e7ea1868813e21465014798211fad8c # v2.3.0
with:
format: space-delimited
token: ${{ secrets.GITHUB_TOKEN }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/reusable_publish_packages.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download x86_64 plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: plugins-x86_64-${{ inputs.suffix }}.tar.gz
path: /tmp/plugins-x86_64

- name: Download aarch64 plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: plugins-aarch64-${{ inputs.suffix }}.tar.gz
path: /tmp/plugins-aarch64

- name: Configure AWS credentials 🔧⚙️
uses: aws-actions/configure-aws-credentials@v2
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: "arn:aws:iam::292999226676:role/github_actions-plugins-s3"
aws-region: ${{ env.AWS_S3_REGION }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/reusable_suggest_rules_version.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
Expand All @@ -52,7 +52,7 @@ jobs:
run: ./.github/get-latest-plugin-version.sh ${{ inputs.plugin }}

- name: Download rules tool
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: rules-tool.tar.gz

Expand All @@ -63,7 +63,7 @@ jobs:
# the two rulesets depend on plugins with different majors.
# todo(jasondellaluce): fix this corner case in the future
- name: Download plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ inputs.plugins-artifact }}
path: /tmp/plugins-${{ inputs.arch }}
Expand Down Expand Up @@ -114,7 +114,7 @@ jobs:
cp ${{ steps.compare.outputs.comment_file }} ./pr/COMMENT-${{ inputs.job-index }}

- name: Upload PR info as artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: steps.compare.outputs.comment_file != ''
with:
name: pr-${{ inputs.job-index }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reusable_upload_pr_info.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download PR infos
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: tmp-artifacts

Expand All @@ -30,7 +30,7 @@ jobs:
echo ""

- name: Upload PR info as artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: pr
path: pr/
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/reusable_validate_plugins.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
GOFLAGS: "-buildvcs=false"
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Install system dependencies
run: wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq
Expand All @@ -47,12 +47,12 @@ jobs:
run: ./.github/setup-plugin-config-rules.sh ${{ inputs.plugin }}

- name: Download rules tool
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: rules-tool.tar.gz

- name: Download plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ inputs.plugins-artifact }}
path: /tmp/plugins-${{ inputs.arch }}
Expand Down Expand Up @@ -119,7 +119,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Install system dependencies
run: sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq
Expand All @@ -129,13 +129,13 @@ jobs:
run: ./.github/setup-plugin-config-rules.sh ${{ inputs.plugin }}

- name: Download plugins
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ inputs.plugins-artifact }}
path: /tmp/plugins-${{ inputs.arch }}

- name: Download rules tool
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: rules-tool.tar.gz

Expand Down Expand Up @@ -195,7 +195,7 @@ jobs:
plugin_ver=$(echo $dep | tr -d '"' | cut -d ':' -f 2)
plugin_ver_major=$(echo $plugin_ver | cut -d '.' -f 1)
plugin_ver_minor=$(expr $(echo $plugin_ver | cut -d '.' -f 2) + $ver_diff)
plugin_ver_patch=0
plugin_ver_patch=0
plugin_ver="${plugin_ver_major}.${plugin_ver_minor}.${plugin_ver_patch}"

set +e pipefail
Expand Down
Loading