Skip to content

APM-7202 #575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
NautiyalVikas1 merged 1 commit into from
Mar 30, 2026
Merged

APM-7202 #575

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,6 @@ updates:
schedule:
interval: "daily"
target-branch: "master"
labels: ["dependencies", "github-actions"]
labels: ["dependencies", "github-actions"]
cooldown:
default-days: 7
32 changes: 16 additions & 16 deletions .github/workflows/continuous-integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,20 @@ jobs:
test_deployments:
runs-on: ubuntu-latest
steps:
- name: Checkout Scripts
uses: actions/checkout@v2
- name: Checkout Scripts
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Test Pull Request Deployments
env:
AZURE_TOKEN: "${{ secrets.AZURE_TOKEN }}"
AZ_CLIENT_ID: "${{ secrets.AZ_CLIENT_ID }}"
AZ_CLIENT_SECRET: "${{ secrets.AZ_CLIENT_SECRET }}"
AZ_CLIENT_TENANT: "${{ secrets.AZ_CLIENT_TENANT }}"
run: |
export BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
export NOTIFY_COMMIT_SHA="${{ github.event.pull_request.head.sha }}"
export UTILS_PR_NUMBER="${{ github.event.pull_request.number }}"
echo UTILS_PR_NUMBER=${UTILS_PR_NUMBER}
echo BRANCH_NAME=${BRANCH_NAME}
echo NOTIFY_COMMIT_SHA=${NOTIFY_COMMIT_SHA}
python3 scripts/test_pull_request_deployments.py
- name: Test Pull Request Deployments
env:
AZURE_TOKEN: "${{ secrets.AZURE_TOKEN }}"
AZ_CLIENT_ID: "${{ secrets.AZ_CLIENT_ID }}"
AZ_CLIENT_SECRET: "${{ secrets.AZ_CLIENT_SECRET }}"
AZ_CLIENT_TENANT: "${{ secrets.AZ_CLIENT_TENANT }}"
run: |
export BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
export NOTIFY_COMMIT_SHA="${{ github.event.pull_request.head.sha }}"
export UTILS_PR_NUMBER="${{ github.event.pull_request.number }}"
echo UTILS_PR_NUMBER=${UTILS_PR_NUMBER}
echo BRANCH_NAME=${BRANCH_NAME}
echo NOTIFY_COMMIT_SHA=${NOTIFY_COMMIT_SHA}
python3 scripts/test_pull_request_deployments.py
4 changes: 2 additions & 2 deletions .github/workflows/dependabot-auto-merge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
steps:
- name: Fetch Dependabot metadata
id: meta
uses: dependabot/fetch-metadata@v2
uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

Expand All @@ -34,4 +34,4 @@ jobs:
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
92 changes: 46 additions & 46 deletions .github/workflows/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,49 +3,49 @@ name: Publish / Calculate Version
on: push

jobs:
build:
name: calculate version
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0 # This causes all history to be fetched, which is required for calculate-version to function

- name: Install Python 3.13
uses: actions/setup-python@v5
with:
python-version: 3.13

- name: Install poetry
run: pip install poetry

- name: Cache poetry packages
uses: actions/cache@v4
id: cache
with:
path: ~/.venv
key: ${{ runner.os }}-utils-venv-${{ hashFiles('**/poetry.lock') }}

- name: Install
run: poetry install
if: steps.cache.outputs.cache-hit != 'true'

- name: Set SPEC_VERSION env var
run: |
version="$(poetry run python scripts/calculate_version.py)"
echo "${version}"
echo ::set-env name=SPEC_VERSION::${version}
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true

- name: Create release (master only)
id: create-release
if: github.ref == 'refs/heads/master'
uses: actions/create-release@v1
continue-on-error: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.SPEC_VERSION }}
release_name: ${{ env.SPEC_VERSION }}
build:
name: calculate version
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0 # This causes all history to be fetched, which is required for calculate-version to function

- name: Install Python 3.13
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: 3.13

- name: Install poetry
run: pip install poetry

- name: Cache poetry packages
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
id: cache
with:
path: ~/.venv
key: ${{ runner.os }}-utils-venv-${{ hashFiles('**/poetry.lock') }}

- name: Install
run: poetry install
if: steps.cache.outputs.cache-hit != 'true'

- name: Set SPEC_VERSION env var
run: |
version="$(poetry run python scripts/calculate_version.py)"
echo "${version}"
echo ::set-env name=SPEC_VERSION::${version}
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true

- name: Create release (master only)
id: create-release
if: github.ref == 'refs/heads/master'
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
continue-on-error: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.SPEC_VERSION }}
release_name: ${{ env.SPEC_VERSION }}
17 changes: 7 additions & 10 deletions .github/workflows/sbom.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ jobs:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Setup Python 3.13
uses: actions/setup-python@v5
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: "3.13"

Expand Down Expand Up @@ -56,7 +56,7 @@ jobs:
chmod +x syft

# Add to PATH for subsequent steps
echo "$(pwd)" >> $GITHUB_PATH
echo "$(pwd)" >> $GITHUB_PATH

- name: Create SBOM
run: bash scripts/create-sbom.sh terraform python tflint
Expand All @@ -69,7 +69,7 @@ jobs:
python .github/scripts/sbom_json_to_csv.py sbom.json SBOM_${REPO_NAME}.csv

- name: Upload SBOM CSV as artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: sbom-csv
path: SBOM_${{ github.event.repository.name }}.csv
Expand All @@ -81,18 +81,15 @@ jobs:
- name: Scan SBOM for Vulnerabilities (JSON)
run: |
grype sbom:sbom.json -o json > grype-report.json



- name: Convert Grype JSON to CSV
run: |
pip install --upgrade pip
REPO_NAME=$(basename $GITHUB_REPOSITORY)
python .github/scripts/grype_json_to_csv.py grype-report.json grype-report-${REPO_NAME}.csv


- name: Upload Vulnerability Report
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: grype-report
path: grype-report-${{ github.event.repository.name }}.csv
Expand All @@ -104,7 +101,7 @@ jobs:
python .github/scripts/sbom_packages_to_csv.py sbom.json $REPO_NAME

- name: Upload Package Inventory CSV
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: sbom-packages
path: sbom-packages-${{ github.event.repository.name }}.csv
path: sbom-packages-${{ github.event.repository.name }}.csv