From 1070b77dcd70770e3c121f9919c1fbeb73835105 Mon Sep 17 00:00:00 2001 From: Wolf Date: Thu, 21 Dec 2023 19:11:29 +0000 Subject: [PATCH] updates --- .github/dependabot.yml | 11 +++---- .github/workflows/cicd-pipeline.yml | 15 +++++----- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/delete-old-runs.yml | 2 +- .github/workflows/git-guardian.yml | 43 --------------------------- .github/workflows/greetings.yml | 14 ++++----- .github/workflows/repo-linting.yml | 2 +- .github/workflows/security.yml | 2 +- entrypoint.py | 8 +---- 9 files changed, 23 insertions(+), 76 deletions(-) delete mode 100644 .github/workflows/git-guardian.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0b153a6..db2b31e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,11 +4,10 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" - day: "sunday" + interval: "daily" time: "04:00" timezone: "UTC" - open-pull-requests-limit: 10 + open-pull-requests-limit: 25 commit-message: prefix: "chore:" labels: @@ -18,14 +17,12 @@ updates: - package-ecosystem: "pip" directory: "/" schedule: - interval: "weekly" - day: "sunday" + interval: "daily" time: "04:00" timezone: "UTC" - open-pull-requests-limit: 10 + open-pull-requests-limit: 25 commit-message: prefix: "chore:" labels: - "dependabot: ecosystem : python" - "dependabot: dependencies" - diff --git a/.github/workflows/cicd-pipeline.yml b/.github/workflows/cicd-pipeline.yml index ba2d70e..d6ede50 100644 --- a/.github/workflows/cicd-pipeline.yml +++ b/.github/workflows/cicd-pipeline.yml @@ -1,19 +1,16 @@ name: CICD Pipeline -# -# This is a repository specific local workflow - only the template is auto-generated -# - -# -# Start of Template (part 1) -# on: push: branches: - '**' + paths-ignore: + - '**.md' pull_request: branches: - '**' + paths-ignore: + - '**.md' workflow_dispatch: env: @@ -22,6 +19,8 @@ env: jobs: bandit: name: Bandit + uses: actionstoolbox/reusable-workflows/reusable-workflows/bandit.yml@main + runs-on: ubuntu-latest steps: - name: Checkout the repository @@ -92,7 +91,7 @@ jobs: run: bash <(curl -s https://github.com/raw/CICDToolbox/pylint/master/pipeline.sh) slack-workflow-status: - if: always() + if: always() && ${{ github.actor != 'dependabot[bot]' }} name: Slack Post Workflow Notification needs: - bandit diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 92fe2a0..a419919 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -43,7 +43,7 @@ jobs: uses: github/codeql-action/analyze@421a1b344fb0def373a0794a4051f19f207461ec # v2.2.1 slack-workflow-status: - if: always() + if: always() && ${{ github.actor != 'dependabot[bot]' }} name: Slack Post Workflow Notification needs: - analyze diff --git a/.github/workflows/delete-old-runs.yml b/.github/workflows/delete-old-runs.yml index 978c889..fed2c55 100644 --- a/.github/workflows/delete-old-runs.yml +++ b/.github/workflows/delete-old-runs.yml @@ -34,7 +34,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} slack-workflow-status: - if: always() + if: success() || failure() name: Slack Post Workflow Notification needs: - delete-old-workflows diff --git a/.github/workflows/git-guardian.yml b/.github/workflows/git-guardian.yml deleted file mode 100644 index cf73fb8..0000000 --- a/.github/workflows/git-guardian.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: GitGuardian scan - -on: [push, pull_request] - -env: - SLACK_NOTIFY: true - -# Declare default permissions as read only. -permissions: read-all - -jobs: - scanning: - name: GitGuardian scan - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - fetch-depth: 0 # fetch all history so multiple commits can be scanned - - name: GitGuardian scan - uses: GitGuardian/ggshield-action@457dacf2e8238d9443115a4a56bafcd3f99afbed # v1.14.5 - env: - GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }} - GITHUB_PUSH_BASE_SHA: ${{ github.event.base }} - GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }} - GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} - GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }} - - slack-workflow-status: - if: always() - name: Slack Post Workflow Notification - needs: - - scanning - runs-on: ubuntu-latest - steps: - - name: Slack Workflow Notifications - if: ${{ env.SLACK_NOTIFY == 'true' && github.event_name == 'push' }} - uses: Gamesight/slack-workflow-status@26a36836c887f260477432e4314ec3490a84f309 # v1.2.0 - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - include_jobs: on-failure - include_commit_message: true diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index 137be20..a1ab90c 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -16,15 +16,15 @@ jobs: issues: write pull-requests: write steps: - - name: Handle greetings - uses: actions/first-interaction@1d8459ca65b335265f1285568221e229d45a995e # v1.1.1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - issue-message: "Thank you for raising your first issue - all contributions to this project are welcome!" - pr-message: "Thank you for raising your first pull request - all contributions to this project are welcome!" + - name: Handle greetings + uses: actions/first-interaction@1d8459ca65b335265f1285568221e229d45a995e # v1.1.1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + issue-message: "Thank you for raising your first issue - all contributions to this project are welcome!" + pr-message: "Thank you for raising your first pull request - all contributions to this project are welcome!" slack-workflow-status: - if: always() + if: always() && ${{ github.actor != 'dependabot[bot]' }} name: Slack Post Workflow Notification needs: - greeting diff --git a/.github/workflows/repo-linting.yml b/.github/workflows/repo-linting.yml index 30d9d31..889978c 100644 --- a/.github/workflows/repo-linting.yml +++ b/.github/workflows/repo-linting.yml @@ -136,7 +136,7 @@ jobs: run: bash <(curl -s https://github.com/raw/CICDToolbox/yaml-lint/master/pipeline.sh) slack-workflow-status: - if: always() + if: always() && ${{ github.actor != 'dependabot[bot]' }} name: Slack Post Workflow Notification needs: - actionlint diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 534742f..0d75017 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -19,7 +19,7 @@ jobs: uses: zgosalvez/github-actions-ensure-sha-pinned-actions@21991cec25093947ff3f62e4c223df0260c39944 # v2.1.2 slack-workflow-status: - if: always() + if: always() && ${{ github.actor != 'dependabot[bot]' }} name: Slack Post Workflow Notification needs: - harden_security diff --git a/entrypoint.py b/entrypoint.py index dad8ae0..6b05a46 100755 --- a/entrypoint.py +++ b/entrypoint.py @@ -111,7 +111,6 @@ def get_minimum_version_from_oel(language: str) -> str: versions_url: str = URLS[language]["eol_url"] min_version: str = MAX_VERSION - future: datetime.date = datetime.date.today() + datetime.timedelta(3650) for release in requests.get(versions_url, timeout=REQUESTS_TIMEOUT).json(): try: semver.Version(release['cycle']) @@ -120,13 +119,8 @@ def get_minimum_version_from_oel(language: str) -> str: if release['eol'] is True: continue - if release['eol'] is False: - if semver.parse(release['cycle']) < min_version: - min_version: str = semver.parse(release['cycle']) - continue - if (datetime.date.today() < datetime.date.fromisoformat(release['eol']) and datetime.date.fromisoformat(release['eol']) < future): - future = datetime.date.fromisoformat(release['eol']) + if (datetime.date.today() < datetime.date.fromisoformat(release['eol'])): min_version = semver.parse(release['cycle']) return min_version