Merge branch 'agalles/BRE-1118-automate-github-publish' of github.com:bitwarden/gh-actions into agalles/BRE-1118-automate-github-publish

3 months ago · 21cf85dff1
5 changed files with 183 additions and 6 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -13,3 +13,9 @@
				@@ -13,3 +13,9 @@
 /.github/workflows/_sonar.yml @bitwarden/team-appsec
 /.github/workflows/test-checkmarx.yml @bitwarden/team-appsec
 /.github/workflows/test-sonar.yml @bitwarden/team-appsec
+
+# Docker-related files
+**/Dockerfile @bitwarden/team-appsec @bitwarden/dept-bre
+**/*.dockerignore @bitwarden/team-appsec @bitwarden/dept-bre
+**/entrypoint.sh @bitwarden/team-appsec @bitwarden/dept-bre
+**/docker-compose.yml @bitwarden/team-appsec @bitwarden/dept-bre
--- a/.github/workflows/test-version-check.yml
+++ b/.github/workflows/test-version-check.yml
@ -0,0 +1,117 @@
				@@ -0,0 +1,117 @@
+name: Test Version Check Action
+
+on:
+  pull_request:
+    paths:
+      - "version-check/**"
+      - ".github/workflows/test-version-check.yml"
+
+  push:
+    branches:
+      - "main"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test-action:
+    name: Test action
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        include:
+          # Test validation types
+          - version: "2025.1.2"
+            type: "should-fail"
+            should-fail: true
+          - version: "1999.12.31"
+            type: "calver"
+            should-fail: true
+
+          # Test calver
+          - version: "2000.1.0"
+            type: "calver"
+          - version: "2025.12.0"
+            type: "calver"
+          - version: "2099.12.999"
+            type: "calver"
+          - version: "2100.0.0"
+            type: "calver"
+            should-fail: true
+          - version: "2025.1.2"
+            # default is calver
+          - version: "1.2.3"
+            should-fail: true
+            # default is calver
+
+          # Test semver
+          - version: "v1.0.0"
+            type: "semver"
+            should-fail: true
+          - version: "0.0.1"
+            type: "semver"
+          - version: "9.9.9"
+            type: "semver"
+          - version: "100.111.222"
+            type: "semver"
+          - version: "1.2.3-alpha"
+            type: "semver"
+          - version: "1.2.3-alpha.1"
+            type: "semver"
+          - version: "1.2.3+build"
+            type: "semver"
+          - version: "1.2.3+build.123"
+            type: "semver"
+          - version: "1.2.3-alpha.1+build.123"
+            type: "semver"
+          - version: "1.2.3-ALPHA.1"
+            type: "semver"
+            should-fail: true
+          - version: "000.1.2"
+            type: "semver"
+            should-fail: true
+          - version: "1.000.2"
+            type: "semver"
+            should-fail: true
+          - version: "1.0.000"
+            type: "semver"
+            should-fail: true
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Run version check action
+        id: version-check
+        uses: ./version-check # Use the local action for testing
+        if: ${{ matrix.type != '' }}
+        continue-on-error: ${{ matrix.should-fail || false }}
+        with:
+          version: ${{ matrix.version }}
+          validation_type: ${{ matrix.type }}
+
+      - name: Verify expected failures
+        if: ${{ matrix.type != '' && matrix.should-fail == true }}
+        run: |
+          if [ "${{ steps.version-check.outcome }}" != "failure" ]; then
+            echo "Action was expected to fail but did not."
+            exit 1
+          fi
+
+      - name: Run version check action - default type
+        id: version-check-default-type
+        uses: ./version-check # Use the local action for testing
+        if: ${{ matrix.type == '' }}
+        continue-on-error: ${{ matrix.should-fail || false }}
+        with:
+          version: ${{ matrix.version }}
+
+      - name: Verify expected failures - default type
+        if: ${{ matrix.type == '' && matrix.should-fail == true }}
+        run: |
+          if [ "${{ steps.version-check-default-type.outcome }}" != "failure" ]; then
+            echo "Action was expected to fail but did not."
+            exit 1
+          fi
--- a/.github/workflows/workflow-linter.yml
+++ b/.github/workflows/workflow-linter.yml
@ -57,7 +57,7 @@ jobs:
				@@ -57,7 +57,7 @@ jobs:

      - name: Set up Python 3.13
        if: steps.changed-workflows.outputs.changed_files_count != '0'
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: "3.13.7"

--- a/version-check/README.md
+++ b/version-check/README.md
@ -0,0 +1,35 @@
				@@ -0,0 +1,35 @@
+# Version Check Action
+
+## Summary
+
+Given a version and the validation type, will validate that the version is valid.<br>
+If the validation fails, the action run will result in an exit code of 1.
+
+## Inputs
+- Version - Version number string
+- Validation Type - Whether to use SemVer or CalVer (default) validation
+
+## Outputs
+None
+
+## Example Snippets
+
+Validating SemVer
+```
+    steps:
+      - name: Validate version - semver
+        uses: bitwarden/gh-actions/version-check@main
+        with:
+          version: 1.0.0
+          validation_type: semver
+```
+
+Validating CalVer
+```
+    steps:
+      - name: Validate version - calver
+        uses: bitwarden/gh-actions/version-check@main
+        with:
+          version: 2025.6.1
+          validation_type: calver # This is also the default if not provided
+```
--- a/version-check/action.yml
+++ b/version-check/action.yml
@ -4,6 +4,10 @@ inputs:
				@@ -4,6 +4,10 @@ inputs:
  version:
    description: 'Version string to check'
    required: true
+  validation_type:
+    description: 'Type of validation to perform: "semver" or "calver" (default)'
+    required: false
+    default: "calver"
 runs:
  using: "composite"
  steps:
@ -12,11 +16,26 @@ runs:
				@@ -12,11 +16,26 @@ runs:
      shell: bash
      env:
        VERSION: ${{ inputs.version }}
+        VALIDATION_TYPE: ${{ inputs.validation_type }}
      run: |
-        if [[ "$VERSION" =~ ^20[0-9]{2}\.(1[0-2]|[1-9])\.[0-9]+$ ]]; then
-          echo "Version input validation successful."
-          exit 0
+        validation_type_lower=$(echo "$VALIDATION_TYPE" | tr '[:upper:]' '[:lower:]')
+        if [[ $validation_type_lower == "calver" ]]; then
+          if [[ "$VERSION" =~ ^20[0-9]{2}\.(1[0-2]|[1-9])\.[0-9]+$ ]]; then
+            echo "CalVer version input validation successful."
+            exit 0
+          else
+            echo "CalVer version input validation failed."
+            exit 1
+          fi
+        elif [[ $validation_type_lower == "semver" ]]; then
+          if [[ "$VERSION" =~ ^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-[0-9a-z.-]+)?(\+[0-9a-z.-]+)?$ ]]; then
+            echo "SemVer version input validation successful."
+            exit 0
+          else
+            echo "SemVer version input validation failed."
+            exit 1
+          fi
        else
-          echo "Version input validation failed."
+          echo "Invalid validation type specified: '$VALIDATION_TYPE'. Use 'semver' or 'calver'."
          exit 1
-        fi
+        fi