AxisCommunications · madelen-at-work · Mar 28, 2023 · Mar 17, 2023 · Mar 23, 2023 · Mar 28, 2023
@@ -59,23 +59,19 @@ runs:
   using: composite
   steps:
     - name: Set up Docker buildx
-      # sha for docker/setup-buildx-action@v2 at time of commit.
-      uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325
+      uses: docker/setup-buildx-action@v2
     - name: Set up QEMU
       if: ${{ inputs.use_qemu == 'true'}}
-      # sha for docker/setup-qemu-action@v2 at time of commit.
-      uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18
+      uses: docker/setup-qemu-action@v2
     - name: Log in to the container registry
       if: ${{ inputs.push == 'true' }}
-      # sha for docker/login-action@v2 at time of commit.
-      uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+      uses: docker/login-action@v2
       with:
         registry: ${{ inputs.registry }}
         username: ${{ inputs.registry_user }}
         password: ${{ inputs.registry_token }}
     - name: Build and push image to registry
-      # sha for docker/build-push-action@v3 at time of commit.
-      uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5
+      uses: docker/build-push-action@v3
       with:
         context: .
         push: ${{ inputs.push }}

@@ -44,8 +44,7 @@ runs:
   steps:
     - name: Create metadata for docker image
       id: meta
-      # sha for docker/metadata-action@v4 at time of commit.
-      uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea
+      uses: docker/metadata-action@v4
       with:
         images: ${{ inputs.repository }}
         # adds the suffix for all tags, even latest.

@@ -28,8 +28,7 @@ runs:
   using: composite
   steps:
     - name: Setup python
-      # sha for actions/setup-python@v4 at time of commit.
-      uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984
+      uses: actions/setup-python@v4
       with:
         python-version: ${{ inputs.python-version }}
     - name: Install pytest and any other required packages
@@ -46,8 +45,7 @@ runs:
       run: |
         pytest -s ${{ inputs.testfile }}
     - name: Upload test log
-      # sha for actions/upload-artifact@v3 at time of commit
-      uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb
+      uses: actions/upload-artifact@v3
       if: ${{ failure() && inputs.logfile != '' }}
       with:
         name: ${{ inputs.logfile }}

@@ -0,0 +1,35 @@
+---
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Check status of workflows
+  - package-ecosystem: "github-actions"
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+      day: "monday"
+  # Check status of composite actions
+  # Depandabot doesn't support wildcards so each folder need to be listed
+  # (See https://github.com/dependabot/dependabot-core/issues/2178)
+  - package-ecosystem: "github-actions" # Check status of actions we use
+    directory: ".github/actions/docker-build-push-action" # Location of package manifests
+    schedule:
+      interval: "weekly"
+      day: "monday"
+  - package-ecosystem: "github-actions" # Check status of actions we use
+    directory: ".github/actions/metadata-action" # Location of package manifests
+    schedule:
+      interval: "weekly"
+      day: "monday"
+  - package-ecosystem: "github-actions" # Check status of actions we use
+    directory: ".github/actions/pytest-action" # Location of package manifests
+    schedule:
+      interval: "weekly"
+      day: "monday"
+  - package-ecosystem: "github-actions" # Check status of actions we use
+    directory: ".github/actions/update-acap-manifest-action" # Location of package manifests
+    schedule:
+      interval: "weekly"
+      day: "monday"
@@ -9,7 +9,7 @@ on:
     branches:
       - 'main'
     tags:
-      # semver, e.g. 1.2.0 (does no match 0.1.2)
+      # semver, e.g. 1.2.0 (does not match 0.1.2)
       - '[1-9]+.[0-9]+.[0-9]+'
       # semver with prerelease info, e.g. 1.0.2-beta.1 or 1.2.3-rc.10
       - '[1-9]+.[0-9]+.[0-9]+-[a-z]+.[0-9]+'
@@ -23,10 +23,6 @@ on:
     branches:
       - 'main'
 
-# Environment variables that are valid for all jobs
-env:
-  DOCKER_HUB_REPOSITORY: 'axisecp/acap-runtime'
-
 jobs:
   # Build and run the test suite
   build_and_test:
@@ -45,14 +41,13 @@ jobs:
       AXIS_EXTERNAL_POOL: true
     steps:
       - name: Checkout repo
-        # sha for actions/checkout@v3 at time of commit.
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+        uses: actions/checkout@v3
       - name: Create test image metadata
         id: meta_test
         uses: ./.github/actions/metadata-action
         with:
           suffix: -${{ matrix.arch }}-test
-          repository: ${{ env.DOCKER_HUB_REPOSITORY }}
+          repository: ${{ vars.REPOSITORY_DOCKER_HUB }}
           latest: "false"
           get_version: "true"
       - name: Update manifest file
@@ -97,7 +92,8 @@ jobs:
           requirements_file: ./.github/test/requirements.txt
           logfile: test_log_${{ matrix.arch }}.txt
 
-  # Build base and containerized images and push to Docker Hub
+  # Build base image and extract eap file then use ACAP portal to sign it
+  # Build containerized image and push to Docker Hub
   # This job is skipped if not on main branch or if build_and_test job has failed
   build_and_push:
     name: Build and push images
@@ -112,14 +108,13 @@ jobs:
       EAP_FILE_AARCH64: ${{ steps.save_full_file_name.outputs.EAP_FILE_AARCH64 }}
     steps:
       - name: Checkout repo
-        # sha for actions/checkout@v3 at time of commit.
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+        uses: actions/checkout@v3
       - name: Create base image metadata
         id: meta
         uses: ./.github/actions/metadata-action
         with:
           suffix: -${{ matrix.arch }}
-          repository: ${{ env.DOCKER_HUB_REPOSITORY }}
+          repository: ${{ vars.REPOSITORY_DOCKER_HUB }}
           get_version: "true"
       - name: Update manifest file
         if: ( github.ref_type == 'tag')
@@ -160,16 +155,16 @@ jobs:
         run: |
           if [[ -n "$HTTP_RESPONSE" && "$HTTP_RESPONSE" =~ ^[0-9]+$ ]]; then
             if [ "$HTTP_RESPONSE" -eq 200 ]; then
-              echo "HTTP response code is 200, signing was succesful"
+              echo "HTTP response code is 200, signing was successful"
             else
-              echo "HTTP response code is: $HTTP_RESPONSE, signing was not succesful"
+              echo "HTTP response code is: $HTTP_RESPONSE, signing was not successful"
               exit 1
             fi
           else
             echo "HTTP_RESPONSE is empty or not a valid integer: $HTTP_RESPONSE"
           fi
       - name: Upload artifact
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+        uses: actions/upload-artifact@v3
         with:
           name: ${{ env.SIGNED_EAP_FILE }}
           path: .build/${{ env.SIGNED_EAP_FILE }}
@@ -191,7 +186,7 @@ jobs:
         uses: ./.github/actions/metadata-action
         with:
           suffix: -${{ matrix.arch }}-containerized
-          repository: ${{ env.DOCKER_HUB_REPOSITORY }}
+          repository: ${{ vars.REPOSITORY_DOCKER_HUB }}
       - name: Build and push containerized image
         uses: ./.github/actions/docker-build-push-action
         with:
@@ -206,20 +201,22 @@ jobs:
           registry_user: ${{ secrets.ECOSYSTEM_SERVICE_USER_DOCKER_HUB }}
           registry_token: ${{ secrets.ECOSYSTEM_ACCESS_TOKEN_DOCKER_HUB }}
 
+  # Create a pre-release and upload
+  # This job is skipped if not a tag or if build_and_push job has not run
   create_prerelease:
     permissions:
       contents: write
     runs-on: ubuntu-latest
     needs: build_and_push
-    if: (github.event_name != 'pull_request')
+    if: (github.ref_type == 'tag')
     outputs:
       RELEASE_ID: ${{ steps.prerelease.outputs.RELEASE_ID }}
     steps:
       - name: Set TAG
         id: vars
         run: echo "TAG=${GITHUB_REF#refs/*/}" >> ${GITHUB_ENV}
       - name: Create prerelease
-        uses: "actions/github-script@v6"
+        uses: actions/github-script@v6
         id: prerelease
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -240,6 +237,8 @@ jobs:
               core.setFailed(error.message);
             }
 
+  # Get the signed ACAP artifacts and copy them to the pre-release
+  # This job is skipped if create_prerelease or build_and_push jobs have not run
   download-and-upload-artifacts:
     permissions:
       contents: write
@@ -266,7 +265,7 @@ jobs:
             echo "::error::Non valid architecture '${{ matrix.arch }}' encountered"
           fi
       - name: Download artifacts
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+        uses: actions/download-artifact@v3
         with:
           name: ${{ env.EAP_FILE }}
           path: ./
@@ -285,9 +284,9 @@ jobs:
         run: |
           if [[ -n "$HTTP_RESPONSE" && "$HTTP_RESPONSE" =~ ^[0-9]+$ ]]; then
             if [ "$HTTP_RESPONSE" -eq 201 ]; then
-              echo "HTTP response code is 201, upload was succesful"
+              echo "HTTP response code is 201, upload was successful"
             else
-              echo "HTTP response code is: $HTTP_RESPONSE, upload was not succesful"
+              echo "HTTP response code is: $HTTP_RESPONSE, upload was not successful"
               exit 1
             fi
           else