You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by oc...@apache.org on 2021/01/13 16:13:39 UTC
[trafficcontrol] branch 5.0.x updated: GHA: Pin each third-party
action and Docker image to a commit hash (#5434)
This is an automated email from the ASF dual-hosted git repository.
ocket8888 pushed a commit to branch 5.0.x
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/5.0.x by this push:
new 8048af1 GHA: Pin each third-party action and Docker image to a commit hash (#5434)
8048af1 is described below
commit 8048af1f9e4f7dfc9068391b9a45f38bfda24be4
Author: Zach Hoffman <zr...@apache.org>
AuthorDate: Wed Jan 13 09:12:14 2021 -0700
GHA: Pin each third-party action and Docker image to a commit hash (#5434)
* Remove version from tomcat-native package
* Pin licenseweasel/weasel to a SHA256 digest
* Pin zrhoffman/junit-report-annotations-action to a commit hash and check
it out
* Pin ammaraskar/sphinx-action to a commit hash and check it out
* Trigger Documentation Build workflow if its workflow file was modified
* Trigger Traffic Router Unit Tests workflow if its workflow or action was
modified
* Changelog entry
(cherry picked from commit c29dba212df5605d935e5d4f890a0d0d26a0b468)
---
.github/actions/tr-tests/Dockerfile | 2 +-
.github/workflows/docs.yml | 12 ++++++++++--
.github/workflows/tr.unit.tests.yaml | 13 ++++++++++++-
.github/workflows/weasel.yml | 4 +++-
CHANGELOG.md | 1 +
5 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/.github/actions/tr-tests/Dockerfile b/.github/actions/tr-tests/Dockerfile
index 43e5a0c..6df2173 100644
--- a/.github/actions/tr-tests/Dockerfile
+++ b/.github/actions/tr-tests/Dockerfile
@@ -16,7 +16,7 @@ FROM alpine:3.12.0
RUN apk add --no-cache \
openjdk8=8.252.09-r0 \
maven=3.6.3-r0 \
- tomcat-native=1.2.24-r0
+ tomcat-native
ENTRYPOINT cd traffic_router && \
mvn "-Dmaven.repo.local=${GITHUB_WORKSPACE}/.m2/repository" \
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 7fe7556..4fd5c92 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -22,11 +22,13 @@ on:
push:
paths:
- docs/source/**
+ - .github/workflows/docs.yml
- traffic_control/clients/python/**
pull_request:
types: [opened, reopened, read_for_review, synchronize]
paths:
- docs/source/**
+ - .github/workflows/docs.yml
- traffic_control/clients/python/**
jobs:
@@ -35,9 +37,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@master
+ uses: actions/checkout@v2
+ - name: Checkout sphinx-action
+ uses: actions/checkout@v2
+ with:
+ repository: ammaraskar/sphinx-action
+ ref: 35082eb35b69713fe335801c4d5846a4cc3c91ff # Mon Apr 20 15:25:33 2020 -0700 Fix travis for docker image change
+ path: .github/actions/sphinx-action
- name: Build Documentation
- uses: ammaraskar/sphinx-action@master
+ uses: ./.github/actions/sphinx-action
with:
docs-folder: "docs/"
pre-build-command: "apt-get update -y && apt-get install -y python3-dev build-essential"
diff --git a/.github/workflows/tr.unit.tests.yaml b/.github/workflows/tr.unit.tests.yaml
index 58170af..b82474b 100644
--- a/.github/workflows/tr.unit.tests.yaml
+++ b/.github/workflows/tr.unit.tests.yaml
@@ -20,10 +20,14 @@ name: Traffic Router Unit Tests
on:
push:
paths:
+ - .github/actions/tr-tests/**
+ - .github/workflows/tr.unit.tests.yaml
- traffic_router/**
create:
pull_request:
paths:
+ - .github/actions/tr-tests/**
+ - .github/workflows/tr.unit.tests.yaml
- traffic_router/**
types: [ opened, reopened, ready_for_review, synchronize ]
@@ -49,7 +53,14 @@ jobs:
with:
name: surefire-reports
path: ${{ github.workspace }}/traffic_router/core/target/surefire-reports/TEST-*.xml
- - uses: zrhoffman/junit-report-annotations-action@master
+ - name: Checkout junit-report-annotations action
+ uses: actions/checkout@v2
+ with:
+ repository: zrhoffman/junit-report-annotations-action
+ ref: 399056ab38c3da69c5b27f924357e10aec3caf8f # Fri Sep 25 02:02:53 2020 -0600 Make all properties string type (see actions/toolkit#398)
+ path: .github/actions/junit-report-annotations
+ - name: Convert Junit Report to Annotations
+ uses: ./.github/actions/junit-report-annotations
with:
path: ${{ github.workspace }}/traffic_router/core/target/surefire-reports/TEST-*.xml
numFailures: 999 # The maximum number of test failures to annotate
diff --git a/.github/workflows/weasel.yml b/.github/workflows/weasel.yml
index ecf8a89..be44c17 100644
--- a/.github/workflows/weasel.yml
+++ b/.github/workflows/weasel.yml
@@ -32,4 +32,6 @@ jobs:
- name: Checkout
uses: actions/checkout@master
- name: Run weasel
- uses: docker://licenseweasel/weasel:v0.4
+ run: |
+ # Image is licenseweasel/weasel:v0.4
+ docker run --rm --workdir=/github/workspace --volume="${GITHUB_WORKSPACE}:/github/workspace" licenseweasel/weasel@sha256:85196092a84315d2ebb9db32f3f6113d288256dba7f7855ca0d3483ef787cb4e
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a8c3402..f978541 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
- [#5296](https://github.com/apache/trafficcontrol/issues/5296) - Fixed a bug where users couldn't update any regex in Traffic Ops/ Traffic Portal
- Added API endpoints for ACME accounts
- Traffic Ops: Added validation to ensure that the cachegroups of a delivery services' assigned ORG servers are present in the topology
+- Pinned external actions used by Documentation Build and TR Unit Tests workflows to commit SHA-1 and the Docker image used by the Weasel workflow to a SHA-256 digest
### Fixed
- [#5396](https://github.com/apache/trafficcontrol/issues/5396) - Return the correct error type if user tries to update the root tenant