diff --git a/.github/configs/commitlint.config.js b/.github/configs/commitlint.config.js deleted file mode 100644 index a55dc92..0000000 --- a/.github/configs/commitlint.config.js +++ /dev/null @@ -1,9 +0,0 @@ -module.exports = { - extends: ['@commitlint/config-conventional'], - rules: { - 'body-max-line-length': [1, 'always', 100], // warning - 'header-max-length': [1, 'always', 100], // warning - 'footer-max-line-length': [1, 'always', 100], // warning - 'subject-case': [1, 'never', ['sentence-case', 'start-case', 'pascal-case', 'upper-case']], // warning - }, -} diff --git a/.github/configs/commitlint.config.mjs b/.github/configs/commitlint.config.mjs new file mode 100644 index 0000000..2fdc952 --- /dev/null +++ b/.github/configs/commitlint.config.mjs @@ -0,0 +1,9 @@ +export default { + extends: ['@commitlint/config-conventional'], + rules: { + 'body-max-line-length': [1, 'always', 100], // warning + 'header-max-length': [1, 'always', 100], // warning + 'footer-max-line-length': [1, 'always', 100], // warning + 'subject-case': [1, 'never', ['sentence-case', 'start-case', 'pascal-case', 'upper-case']], // warning + }, +} diff --git a/.github/workflows/checks.base.yaml b/.github/workflows/checks.base.yaml index 015fc18..376c857 100644 --- a/.github/workflows/checks.base.yaml +++ b/.github/workflows/checks.base.yaml @@ -1,7 +1,7 @@ name: Checks (base) - + on: - workflow_call: + workflow_call: jobs: commitlint: @@ -9,8 +9,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Run Commitlint - uses: wagoid/commitlint-github-action@v5 + uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1 with: - configFile: .github/configs/commitlint.config.js + configFile: .github/configs/commitlint.config.mjs diff --git a/.github/workflows/checks.branches.yaml b/.github/workflows/checks.branches.yaml index f22bfbf..0d3da5a 100644 --- a/.github/workflows/checks.branches.yaml +++ b/.github/workflows/checks.branches.yaml @@ -2,9 +2,9 @@ name: Checks (branches) on: push: - branches-ignore: - - main - - staging + branches-ignore: + - main + - staging jobs: checks: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7e455d4..dfb4962 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,6 +14,7 @@ jobs: checks: name: Run Checks uses: ./.github/workflows/checks.base.yaml + release: name: Release needs: checks @@ -24,20 +25,23 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + - name: Generate GitHub App token id: app-token if: ${{ secrets.ETHIACK_RELEASE_BOT_APP_ID != '' && secrets.ETHIACK_RELEASE_BOT_APP_PRIVATE_KEY != '' }} - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: app-id: ${{ secrets.ETHIACK_RELEASE_BOT_APP_ID }} private-key: ${{ secrets.ETHIACK_RELEASE_BOT_APP_PRIVATE_KEY }} + - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "lts/*" + - name: Install plugins run: > npm install -D @@ -45,8 +49,10 @@ jobs: @semantic-release/changelog conventional-changelog-conventionalcommits @saithodev/semantic-release-backmerge + - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies run: npm audit signatures + - name: Release env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }} diff --git a/.releaserc.yaml b/.releaserc.yaml index cb54f1d..265b954 100644 --- a/.releaserc.yaml +++ b/.releaserc.yaml @@ -111,7 +111,7 @@ prepare: - path: "@semantic-release/git" message: "chore(release): release <%= nextRelease.version %> - <%= new Date().toLocaleDateString('en-US', {year: 'numeric', month: 'short', day: 'numeric', hour: 'numeric', minute: 'numeric' }) %> \n\n<%= nextRelease.notes %>" - assets: + assets: - CHANGELOG.md - pyproject.toml diff --git a/README.md b/README.md index 45b5ec3..081c65e 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ To configure, navigate to your repository settings, select `Secrets and variable ### **Example:** *Launching a job and waiting for its conclusion* -This pipeline launches a scan for the domain `https://example.ethiack.com` and waits until it finishes (cf. `--wait` flag). If vulnerabilities with severity `medium` or higher are found, the success of the job is interpreted as failing, and this pipeline step will exit with a non-zero status code (cf. `--fail` flag). +This pipeline launches a scan for the domain `https://example.ethiack.com` and waits until it finishes (cf. `--wait` flag). If vulnerabilities with severity `medium` or higher are found, the success of the job is interpreted as failing, and this pipeline step will exit with a non-zero status code (cf. `--fail` flag). ```yaml jobs: @@ -138,7 +138,7 @@ This GitHub Action supports every command provided by [Ethiack's Job Manager Pac > The `url` input refers to the target Uniform Resource Locator (URL) of the service for which the command is run. -> The `uuid` input refers to the Universal Unique Identifier (UUID) of the job for which the command is run. +> The `uuid` input refers to the Universal Unique Identifier (UUID) of the job for which the command is run. #### Optional Arguments > The behaviour of these commands can be customized with flags and additional parameters provided inn the `args:` variable in the workflow step (e.g., the `--fail` and `--severity` flags in the examples above). For more information regarding the available options and flags for each command, please refer to the [Job Manager Package](https://github.com/ethiack/job-manager). diff --git a/action.yaml b/action.yaml index 1966608..cbcb76e 100644 --- a/action.yaml +++ b/action.yaml @@ -40,7 +40,7 @@ runs: using: 'composite' steps: - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.11' @@ -56,7 +56,7 @@ runs: id: ethiack-run-command run: | # Run ethiack-job-manager - + set +e # Disable exit on error # Prepare command @@ -67,7 +67,7 @@ runs: COMMAND="$COMMAND ${{ inputs.args }}" fi - ## Add url input if needed + ## Add url input if needed if [ "${{ inputs.command }}" = "launch" ] || [ "${{ inputs.command }}" = "check" ]; then if [ -n "${{ inputs.url }}" ]; then COMMAND="$COMMAND ${{ inputs.url }}" @@ -76,18 +76,21 @@ runs: exit 1 fi fi + ## Add beacon_id input if provided for launch or check if [ "${{ inputs.command }}" = "launch" ] || [ "${{ inputs.command }}" = "check" ]; then if [ -n "${{ inputs.beacon_id }}" ]; then COMMAND="$COMMAND --beacon-id ${{ inputs.beacon_id }}" fi fi + ## Add event_slug input if provided for launch or check if [ "${{ inputs.command }}" = "launch" ] || [ "${{ inputs.command }}" = "check" ]; then if [ -n "${{ inputs.event_slug }}" ]; then COMMAND="$COMMAND --event-slug ${{ inputs.event_slug }}" fi fi + ## Add uuid input if needed if [ "${{ inputs.command }}" = "cancel" ] || [ "${{ inputs.command }}" = "info" ] || [ "${{ inputs.command }}" = "status" ] || [ "${{ inputs.command }}" = "success" ] || [ "${{ inputs.command }}" = "await" ]; then if [ -n "${{ inputs.uuid }}" ]; then @@ -101,7 +104,7 @@ runs: # Run echo "[ETHIACK-JOB-MANAGER] Executing command: $COMMAND" RESPONSE=$($COMMAND) - EXIT_CODE=$? + EXIT_CODE=$? echo "[ETHIACK-JOB-MANAGER] Response:" echo "$RESPONSE" echo "response<> $GITHUB_OUTPUT