diff --git a/.github/workflows/__main-ci.yml b/.github/workflows/__main-ci.yml
index ae1edc4..1371863 100644
--- a/.github/workflows/__main-ci.yml
+++ b/.github/workflows/__main-ci.yml
@@ -1,6 +1,7 @@
+---
name: Internal - Main - Continuous Integration
-on:
+on: # yamllint disable-line rule:truthy
push:
branches: [main]
tags: ["*"]
diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml
index 9c66a94..ceb313c 100644
--- a/.github/workflows/__shared-ci.yml
+++ b/.github/workflows/__shared-ci.yml
@@ -10,7 +10,7 @@ permissions:
jobs:
linter:
- uses: ./.github/workflows/linter-actions.yml
+ uses: ./.github/workflows/linter.yml
test-action-matrix-outputs:
needs: linter
diff --git a/.github/workflows/linter-actions.md b/.github/workflows/linter-actions.md
deleted file mode 100644
index 3f96559..0000000
--- a/.github/workflows/linter-actions.md
+++ /dev/null
@@ -1,79 +0,0 @@
-
-
-
-
-# GitHub Reusable Workflow: Linter - Actions
-
-
-
-
-
-
-Reusable workflow that performs GitHub Actions linting on the codebase.
-Applys [GitHub security recommendations](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions).
-Uses:
-
-- [Common linter](./linter.md) with some opinionated defaults.
-- [CodeQL](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql) to analyze the code.
-- [Ratchet](https://github.com/sethvargo/ratchet) to check that all versions are pinned.
-
-
-
-
-
-
-```yaml
-name: "Linter - Actions"
-
-on:
- push:
- branches: [main]
- tags: ["*"]
-
- pull_request:
- branches: [main]
-
- schedule:
- - cron: "25 8 * * 1"
-
-permissions:
- contents: read
- statuses: write
- security-events: write
-
-jobs:
- main:
- uses: hoverkraft-tech/ci-github-common/.github/workflows/linter-actions.yml@0.14.0
- secrets:
- # Token for marking the status of linter run in the Checks section.
- # See [linter](./linter.md).
- github-token: ""
-```
-
-
-
-## Secrets
-
-
-
-| **Secret** | **Description** | **Default** | **Required** |
-| ----------------------------- | -------------------------------------------------------------------------------------------- | ------------------------- | ------------ |
-| **github-token** | Token for marking the status of linter run in the Checks section. See [linter](./linter.md). | GITHUB_TOKEN | **false** |
-
-
-
-## Inputs
-
-
-
-| **Input** | **Description** | **Default** | **Type** | **Required** |
-| ---------------------------- | ------------------------------------------------------------------------------------------------------------------ | --------------------------------------- | -------- | ------------ |
-| **runs-on** | Json array of runner(s) to use. See . | ["ubuntu-latest"] | `string` | **false** |
-| **directories** | List of directories to lint. | .github/workflows\nactions | `string` | **false** |
-
-
-
-
-
-
-
diff --git a/.github/workflows/linter-actions.yml b/.github/workflows/linter-actions.yml
deleted file mode 100644
index 1ce96a5..0000000
--- a/.github/workflows/linter-actions.yml
+++ /dev/null
@@ -1,115 +0,0 @@
-# Linter - Actions
-# ==========================
-# Reusable workflow that performs GitHub Actions linting on the code base.
-# Applys [GitHub security recommendations](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions).
-# Uses:
-# - [Common linter](./linter.md) with some opinionated defaults.
-# - [CodeQL](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql) to analyze the code.
-# - [Ratchet](https://github.com/sethvargo/ratchet) to check that all versions are pinned.
-
-name: Linter - Actions
-
-on:
- workflow_call:
- inputs:
- runs-on:
- description: "Json array of runner(s) to use. See ."
- type: string
- default: '["ubuntu-latest"]'
- required: false
- directoriesInput:
- description: "List of directoriesInput to lint."
- type: string
- default: |
- .github/workflows
- actions
-
- secrets:
- github-token:
- description: "Token for marking the status of linter run in the Checks section. See [linter](./linter.md)."
-
-permissions:
- contents: read
- statuses: write
- security-events: write
-
-jobs:
- linter:
- name: ๐งน Lint Code Base
- uses: ./.github/workflows/linter.yml
- with:
- runs-on: ${{ inputs.runs-on }}
- secrets:
- github-token: ${{ secrets.github-token }}
-
- code-ql:
- name: ๐ก๏ธ CodeQL Analysis
- permissions:
- security-events: write
- runs-on: ${{ fromJson(inputs.runs-on) }}
- steps:
- - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
- - uses: github/codeql-action/init@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
- with:
- languages: actions
-
- - uses: github/codeql-action/analyze@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
-
- check-pinning:
- name: ๐ Check Pinning
- runs-on: ${{ fromJson(inputs.runs-on) }}
- steps:
- - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
- - id: get-files-to-lint
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
- with:
- script: |
- const fs = require("node:fs");
- const path = require("node:path");
-
- const directoriesInput = ${{ toJson(inputs.directoriesInput) }};
- const directories = [];
-
- for (const directory of directoriesInput.split("\n")) {
- let sanitizedDirectory = directory.trim();
- if (sanitizedDirectory === "") {
- continue;
- }
-
- if (path.isAbsolute(sanitizedDirectory)) {
- // Ensure directory is within the workspace
- if (!sanitizedDirectory.startsWith(process.env.GITHUB_WORKSPACE)) {
- return core.setFailed(`Directory is not within the workspace: ${sanitizedDirectory}`);
- }
- } else {
- sanitizedDirectory = path.join(process.env.GITHUB_WORKSPACE, sanitizedDirectory);
- }
-
- // Ensure directory exists
- if (!fs.existsSync(sanitizedDirectory)) {
- core.setFailed(`Directory does not exist: ${sanitizedDirectory}`);
- }
-
- directories.push(sanitizedDirectory);
- }
-
- if (directories.length === 0) {
- return core.setFailed("No directories to lint.");
- }
-
- async function getActionFiles(directory){
- const globber = await glob.create(`${directory}/**/*.yml`,{ matchdirectoriesInput: false });
- const matchingFiles = await globber.glob();
-
- return matchingFiles.map(matchingFile => path.relative(process.env.GITHUB_WORKSPACE, matchingFile));
- }
-
- const files = await Promise.all(directories.map(getActionFiles));
- core.setOutput("files", files.flat().join(" ").trim());
-
- - uses: "docker://ghcr.io/sethvargo/ratchet:0.10.2@sha256:78f70ed0c85830a78bd9eeb265f49aa375d71887e4245aebc5da9c641d76b245" # v0.10.2
- if: ${{ steps.get-files-to-lint.outputs.files }}
- with:
- args: "check ${{ steps.get-files-to-lint.outputs.files }}"
diff --git a/.github/workflows/linter.md b/.github/workflows/linter.md
index 68965b2..3bd8e6a 100644
--- a/.github/workflows/linter.md
+++ b/.github/workflows/linter.md
@@ -10,7 +10,11 @@
Reusable workflow that performs linting on the codebase.
-Mainly using [Super-Linter](https://github.com/super-linter/super-linter), with some opinionated defaults.
+Executes:
+
+- [Super-Linter](https://github.com/super-linter/super-linter), with some opinionated defaults.
+- [CodeQL](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql) to analyze the code.
+- [Ratchet](https://github.com/sethvargo/ratchet) to check that GitHub Action versions are pinned.
@@ -38,10 +42,35 @@ permissions:
jobs:
main:
uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@0.14.0
+ with:
+ # Json array of runner(s) to use.
+ # See .
+ runs-on: '["ubuntu-latest"]'
+
+ # Environment variables in multilines format "key=value" to pass to the linter.
+ # See .
+ linter-env: ""
+
+ # JSON array of languages to analyze with CodeQL.
+ # See .
+ # Leave empty to disable the check.
+ codeql-languages: '["actions"]'
+
+ # List of files or directories where GitHub Actions and workflows are located.
+ # Supports glob patterns.
+ # Leave empty to disable the check.
+ action-files: |
+ ./action.yml
+ ./.github/workflows/**/*.yml
+ ./actions/**/*.yml
+
+ # Run checks on all files, not just the changed ones.
+ lint-all: ${{ github.event_name != 'pull_request' }}
+
secrets:
# Token for marking the status of linter run in the Checks section.
# See https://github.com/super-linter/super-linter#how-to-use
- # Default GITHUB_TOKEN
+ # Default GITHUB_TOKEN.
github-token: ""
```
@@ -61,10 +90,13 @@ jobs:
-| **Input** | **Description** | **Default** | **Type** | **Required** |
-| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | -------- | ------------ |
-| **runs-on** | Json array of runner(s) to use. See . | ["ubuntu-latest"] | `string` | **false** |
-| **linter-env** | Environment variables in multilines format "key=value" to pass to the linter. See . | .github/workflows\nactions | `string` | **false** |
+| **Input** | **Description** | **Default** | **Type** | **Required** |
+| --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- | --------- | ------------ |
+| **runs-on** | Json array of runner(s) to use. See . | ["ubuntu-latest"] | `string` | **false** |
+| **linter-env** | Environment variables in multilines format "key=value" to pass to the linter. See . | .github/workflows\nactions | `string` | **false** |
+| **codeql-languages** | JSON array of languages to analyze with CodeQL. See . Leave empty to disable the check. | ["actions"] | `string` | **false** |
+| **action-files** | List of files or directories where GitHub Actions and workflows are located. Supports glob patterns. Leave empty to disable the check. | ./action.yml\n./.github/workflows/\*\*/\*.yml\n./actions/\*\*/\*.yml | `string` | **false** |
+| **lint-all** | Run linter on all files, not just the changed ones. | github.event_name != 'pull_request' | `boolean` | **false** |
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 2b9afe8..9e3aee0 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -1,9 +1,10 @@
# Linter
# ==========================
-# Reusable workflow that performs linting on the code base.
-# Mainly using [Super-Linter](https://github.com/super-linter/super-linter), with some opinionated defaults.
-
-name: Linter
+# Reusable workflow that performs linting on the codebase.
+# Executes:
+# - [Super-Linter](https://github.com/super-linter/super-linter), with some opinionated defaults.
+# - [CodeQL](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql) to analyze the code.
+# - [Ratchet](https://github.com/sethvargo/ratchet) to check that Github Action versions are pinned.
on:
workflow_call:
@@ -11,31 +12,58 @@ on:
runs-on:
description: "Json array of runner(s) to use. See ."
type: string
- default: '["ubuntu-latest"]'
required: false
+ default: '["ubuntu-latest"]'
linter-env:
description: |
Environment variables in multilines format "key=value" to pass to the linter.
See .
type: string
required: false
+ codeql-languages:
+ description: |
+ JSON array of languages to analyze with CodeQL.
+ See .
+ Leave empty to disable the check.
+ type: string
+ required: false
+ default: '["actions"]'
+ action-files:
+ description: |
+ List of files or directories where GitHub Actions and workflows are located.
+ Supports glob patterns.
+ Leave empty to disable the check.
+ type: string
+ required: false
+ default: |
+ ./action.yml
+ ./.github/workflows/**/*.yml
+ ./actions/**/*.yml
+ lint-all:
+ description: "Run checks on all files, not just the changed ones."
+ type: boolean
+ required: false
+ default: ${{ github.event_name != 'pull_request' }}
secrets:
github-token:
- description: "Token for marking the status of linter run in the Checks section. See ."
+ description: |
+ Token for marking the status of linter run in the Checks section.
+ See .
+ Default GITHUB_TOKEN.
permissions:
contents: read
statuses: write
jobs:
- checks:
+ lint:
name: ๐งน Lint Code Base
runs-on: ${{ fromJson(inputs.runs-on) }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
- fetch-depth: 0
+ fetch-depth: "${{ inputs.lint-all && 1 || 0 }}"
- if: ${{ inputs.linter-env }}
run: |
@@ -49,11 +77,165 @@ jobs:
echo "$line" >> "$GITHUB_ENV"
done
- - name: ๐ Lint Code Base
- uses: super-linter/super-linter/slim@4e8a7c2bf106c4c766c816b35ec612638dc9b6b2 # v7.3.0
+ - uses: super-linter/super-linter/slim@4e8a7c2bf106c4c766c816b35ec612638dc9b6b2 # v7.3.0
env:
- VALIDATE_ALL_CODEBASE: false
+ VALIDATE_ALL_CODEBASE: ${{ inputs.lint-all }}
LOG_LEVEL: WARN
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
GITHUB_TOKEN: ${{ secrets.github-token || github.token }}
KUBERNETES_KUBECONFORM_OPTIONS: "--schema-location default --schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json'"
+
+ codeql:
+ if: ${{ inputs.codeql-languages }}
+ name: ๐ก๏ธ CodeQL Analysis
+ permissions:
+ security-events: write
+ runs-on: ${{ fromJson(inputs.runs-on) }}
+ strategy:
+ fail-fast: false
+ matrix:
+ language: ${{ fromJSON(inputs.codeql-languages) }}
+ steps:
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+ - uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13with:
+ with:
+ languages: ${{ matrix.language }}
+
+ - uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+ with:
+ category: "/language:${{matrix.language}}"
+
+ actions-pinning:
+ name: ๐ Check GitHub Actions Pinning
+ runs-on: ${{ fromJson(inputs.runs-on) }}
+ if: ${{ inputs.action-files }}
+ steps:
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ fetch-depth: "${{ inputs.lint-all && 1 || 0 }}"
+
+ - id: changed-files
+ uses: tj-actions/changed-files@823fcebdb31bb35fdf2229d9f769b400309430d0 # v46.0.3
+ if: ${{ inputs.lint-all == false }}
+ with:
+ files: ${{ inputs.action-files }}
+ dir_names_exclude_current_dir: true
+
+ - id: get-files-to-lint
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ script: |
+ const fs = require("node:fs");
+ const path = require("node:path");
+
+ const changedFiles = ${{ toJSON(steps.changed-files.outputs.all_changed_and_modified_files) }};
+
+ let actionFiles = [];
+ if (changedFiles !== null) {
+ actionFiles = changedFiles.split(" ").filter(file => file && fs.existsSync(file));
+ } else {
+ const actionFilesInput = ${{ toJson(inputs.action-files) }};
+
+ for (const actionFile of actionFilesInput.split("\n")) {
+ let sanitizedActionFile = actionFile.trim();
+ if (sanitizedActionFile === "") {
+ continue;
+ }
+
+ if (path.isAbsolute(sanitizedActionFile)) {
+ // Ensure actionFile is within the workspace
+ if (!sanitizedActionFile.startsWith(process.env.GITHUB_WORKSPACE)) {
+ return core.setFailed(`Action file / directory is not within the workspace: ${sanitizedActionFile}`);
+ }
+ } else {
+ sanitizedActionFile = path.join(process.env.GITHUB_WORKSPACE, sanitizedActionFile);
+ }
+ actionFiles.push(sanitizedActionFile);
+ }
+
+ if (actionFiles.length === 0) {
+ return core.setFailed("No action files to lint.");
+ }
+
+ async function getActionFiles(actionFile) {
+ const globber = await glob.create(actionFile,{ matchactionFilesInput: false });
+ return await globber.glob();
+ }
+
+ actionFiles = (await Promise.all(actionFiles.map(getActionFiles)))
+ .flat()
+ .map((file) => path.relative(process.env.GITHUB_WORKSPACE, file));
+
+ if (actionFiles.length === 0) {
+ return core.setFailed("No action files to lint.");
+ }
+ }
+
+ const files = actionFiles.map((file) => path.relative(process.env.GITHUB_WORKSPACE, file));
+
+ const filesOutput = [...new Set(files)].join(" ").trim();
+
+ core.setOutput("files", filesOutput);
+
+ - id: ratchet
+ uses: "docker://ghcr.io/sethvargo/ratchet:0.10.2@sha256:78f70ed0c85830a78bd9eeb265f49aa375d71887e4245aebc5da9c641d76b245" # v0.10.2
+ if: ${{ steps.get-files-to-lint.outputs.files }}
+ with:
+ args: "check ${{ steps.get-files-to-lint.outputs.files }}"
+
+ - if: ${{ failure() && steps.get-files-to-lint.outputs.files }}
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ script: |
+ const ratchetOutcome = ${{ toJSON(steps.ratchet.outcome) }};
+
+ if (ratchetOutcome !== "failure") {
+ return;
+ }
+
+ // FIXME: should retrieve ratchet error output. See https://github.com/sethvargo/ratchet/issues/103.
+ const ratchetErrorsOutputs = ${{ toJSON(steps.ratchet.outputs.errors) }};
+ if (!ratchetErrorsOutputs || ratchetErrorsOutputs.length === 0) {
+ return;
+ }
+
+ // Format the ratchet errors: found x unpinned refs: ...
+ const unpinnedRefsError = /found (\d+) unpinned refs: (.*)/g.exec(ratchetErrorsOutputs[0]);
+ if (!unpinnedRefsError) {
+ return;
+ }
+
+ const unpinnedRefs = JSON.parse(unpinnedRefsError[2]);
+
+ async function getFileErrors(file) {
+ const fileContent = await fs.promises.readFile(file, "utf8");
+
+ const errors = [];
+
+ for(const unpinnedRef of unpinnedRefs) {
+ if(fileContent.includes(unpinnedRef)) {
+ errors.push(file);
+ }
+ }
+
+ return errors;
+ }
+
+ const files = ${{ toJSON(steps.get-files-to-lint.outputs.files) }}.split(" ");
+
+ // Annotate file errors
+ await Promise.all(files.map(async (file) => {
+ const errors = await getFileErrors(file);
+ if (errors.length === 0) {
+ return;
+ }
+
+ core.error(
+ `Found ${errors.length} unpinned refs`,
+ {
+ title: `Unpinned refs: ${JSON.stringify(errors)}`,
+ file: file
+ }
+ );
+ }));
diff --git a/actions/checkout/README.md b/actions/checkout/README.md
index a4763db..ad9aa7b 100644
--- a/actions/checkout/README.md
+++ b/actions/checkout/README.md
@@ -36,7 +36,7 @@ permissions:
```yaml
-- uses: hoverkraft-tech/ci-github-common@0.18.0
+- uses: hoverkraft-tech/ci-github-common@0.19.0
with:
# Description: Number of commits to fetch. 0 indicates all history for all
# branches and tags. See
@@ -61,11 +61,11 @@ permissions:
-| **Input** | **Description** | **Default** | **Required** |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | ------------ |
-| fetch-depth | Number of commits to fetch. 0 indicates all history for all branches and tags. See [https://github.com/actions/checkout#usage](https://github.com/actions/checkout#usage) | 1 | **false** |
-| lfs | Whether to download Git-LFS files. See [https://github.com/actions/checkout#usage](https://github.com/actions/checkout#usage) | | **false** |
-| token | Token to use for checking out the repository instead of the default GITHUB_TOKEN.
If specified and not empty, persist-credentials in checkout will be false. | | **false** |
+| **Input** | **Description** | **Default** | **Required** |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | ------------ |
+| fetch-depth | Number of commits to fetch. 0 indicates all history for all branches and tags. See [https://github.com/actions/checkout#usage](https://github.com/actions/checkout#usage) | 1 | **false** |
+| lfs | Whether to download Git-LFS files. See [https://github.com/actions/checkout#usage](https://github.com/actions/checkout#usage) | false | **false** |
+| token | Token to use for checking out the repository instead of the default GITHUB_TOKEN.
If specified and not empty, persist-credentials in checkout will be false. | | **false** |
diff --git a/actions/checkout/action.yml b/actions/checkout/action.yml
index 71219f9..a763d80 100644
--- a/actions/checkout/action.yml
+++ b/actions/checkout/action.yml
@@ -11,7 +11,7 @@ inputs:
default: "1"
lfs:
description: "Whether to download Git-LFS files. See [https://github.com/actions/checkout#usage](https://github.com/actions/checkout#usage)"
- default: false
+ default: "false"
token:
description: |
Token to use for checking out the repository instead of the default GITHUB_TOKEN.
diff --git a/actions/create-and-merge-pull-request/README.md b/actions/create-and-merge-pull-request/README.md
index ead64ba..d056cc5 100644
--- a/actions/create-and-merge-pull-request/README.md
+++ b/actions/create-and-merge-pull-request/README.md
@@ -29,11 +29,11 @@ See [Allow GitHub Actions to create and approve pull requests](https://docs.gith
```yaml
-- uses: hoverkraft-tech/ci-github-common@0.18.0
+- uses: hoverkraft-tech/ci-github-common@0.19.0
with:
# Description: GitHub token for creating and merging pull request (permissions
# contents: write and pull-requests: write). See
- # https://github.com/peter-evans/create-pull-request#action-inputs.
+ # .
#
# Default: ${{ github.token }}
github-token: ""
@@ -61,13 +61,13 @@ See [Allow GitHub Actions to create and approve pull requests](https://docs.gith
-| **Input** | **Description** | **Default** | **Required** |
-| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | ------------ |
-| github-token | GitHub token for creating and merging pull request (permissions contents: write and pull-requests: write). See https://github.com/peter-evans/create-pull-request#action-inputs. | ${{ github.token }} | **false** |
-| branch | The pull request branch name | | **true** |
-| title | The pull request title | | **true** |
-| body | The pull request body | | **true** |
-| commit-message | The commit message for the pull request | | **true** |
+| **Input** | **Description** | **Default** | **Required** |
+| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | ------------ |
+| github-token | GitHub token for creating and merging pull request (permissions contents: write and pull-requests: write).
See . | ${{ github.token }} | **false** |
+| branch | The pull request branch name | | **true** |
+| title | The pull request title | | **true** |
+| body | The pull request body | | **true** |
+| commit-message | The commit message for the pull request | | **true** |
diff --git a/actions/create-and-merge-pull-request/action.yml b/actions/create-and-merge-pull-request/action.yml
index 5ede988..40402af 100644
--- a/actions/create-and-merge-pull-request/action.yml
+++ b/actions/create-and-merge-pull-request/action.yml
@@ -7,7 +7,9 @@ branding:
inputs:
github-token:
- description: "GitHub token for creating and merging pull request (permissions contents: write and pull-requests: write). See https://github.com/peter-evans/create-pull-request#action-inputs."
+ description: |
+ GitHub token for creating and merging pull request (permissions contents: write and pull-requests: write).
+ See .
default: ${{ github.token }}
required: false
branch:
@@ -43,6 +45,7 @@ runs:
with:
token: ${{ inputs.github-token }}
signoff: true
+ sign-commits: true
base: ${{ github.event.repository.default_branch }}
delete-branch: true
branch: ${{ inputs.branch }}
diff --git a/actions/create-or-update-comment/README.md b/actions/create-or-update-comment/README.md
index fe52712..e0e9fa9 100644
--- a/actions/create-or-update-comment/README.md
+++ b/actions/create-or-update-comment/README.md
@@ -24,7 +24,7 @@ Action to create or update comment in pull request or issue
-Set permissions to wrtie issues and pull-requests. This is required to write the comment on the PR.
+Set permissions to write issues and pull-requests. This is required to write the comment on the PR.
```yaml
permissions:
@@ -35,7 +35,7 @@ permissions:
```yaml
-- uses: hoverkraft-tech/ci-github-common@0.18.0
+- uses: hoverkraft-tech/ci-github-common@0.19.0
with:
# Description: The comment title. Must be static and unique, will be used to
# retrieve the comment if exists already.
diff --git a/actions/get-github-actions-bot-user/README.md b/actions/get-github-actions-bot-user/README.md
index e142fcd..b35c044 100644
--- a/actions/get-github-actions-bot-user/README.md
+++ b/actions/get-github-actions-bot-user/README.md
@@ -26,7 +26,7 @@ Action to get the GitHub Actions bot user informations. Usefull to commit, comme
```yaml
-- uses: hoverkraft-tech/ci-github-common@0.18.0
+- uses: hoverkraft-tech/ci-github-common@0.19.0
with:
```
diff --git a/actions/get-issue-number/README.md b/actions/get-issue-number/README.md
index 4622758..d9f3c98 100644
--- a/actions/get-issue-number/README.md
+++ b/actions/get-issue-number/README.md
@@ -26,7 +26,7 @@ Action to get Pull request or issue number
```yaml
-- uses: hoverkraft-tech/ci-github-common@0.18.0
+- uses: hoverkraft-tech/ci-github-common@0.19.0
with:
```
diff --git a/actions/get-matrix-outputs/README.md b/actions/get-matrix-outputs/README.md
index 8f3bbdb..7b2ff78 100644
--- a/actions/get-matrix-outputs/README.md
+++ b/actions/get-matrix-outputs/README.md
@@ -27,7 +27,7 @@ Download matrix ouputs from artifacts, because GitHub Action does not handle job
```yaml
-- uses: hoverkraft-tech/ci-github-common@0.18.0
+- uses: hoverkraft-tech/ci-github-common@0.19.0
with:
# Description: The name of the artifact to download.
#
diff --git a/actions/repository-owner-is-organization/README.md b/actions/repository-owner-is-organization/README.md
index aedf5d8..455d494 100644
--- a/actions/repository-owner-is-organization/README.md
+++ b/actions/repository-owner-is-organization/README.md
@@ -26,7 +26,7 @@ Action to check if the repository owner is an organization.
```yaml
-- uses: hoverkraft-tech/ci-github-common@0.18.0
+- uses: hoverkraft-tech/ci-github-common@0.19.0
with:
# Description: GitHub token for fetching users API.
#
diff --git a/actions/set-matrix-output/README.md b/actions/set-matrix-output/README.md
index 40d16d3..9be287a 100644
--- a/actions/set-matrix-output/README.md
+++ b/actions/set-matrix-output/README.md
@@ -31,7 +31,7 @@ This strategy effectively prevents any clashes or overwrites, maintaining the in
```yaml
-- uses: hoverkraft-tech/ci-github-common@0.18.0
+- uses: hoverkraft-tech/ci-github-common@0.19.0
with:
# Description: The matrix output to set.
#
diff --git a/actions/slugify/README.md b/actions/slugify/README.md
index 553be29..fb75ce2 100644
--- a/actions/slugify/README.md
+++ b/actions/slugify/README.md
@@ -26,7 +26,7 @@ Action to slugify a given string value
```yaml
-- uses: hoverkraft-tech/ci-github-common@0.18.0
+- uses: hoverkraft-tech/ci-github-common@0.19.0
with:
# Description: The value to slugify
#