UPDATE: all workflows (#62)

2 years ago · d4f647ca1b
4 changed files with 22 additions and 29 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -13,7 +13,7 @@ jobs:
				@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout repo
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

      - name: Install cloc
        run: sudo apt update && sudo apt install cloc -y
@ -30,7 +30,7 @@ jobs:
				@@ -30,7 +30,7 @@ jobs:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout repo
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

      - name: Print environment
        run: |
@ -74,12 +74,12 @@ jobs:
				@@ -74,12 +74,12 @@ jobs:
      _SERVICE_NAME: key-connector
    steps:
      - name: Checkout repo
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

      - name: Setup DCT
        id: setup-dct
        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc'
-        uses: bitwarden/gh-actions/setup-docker-trust@f096207b7a2f31723165aee6ad03e91716686e78
+        uses: bitwarden/gh-actions/setup-docker-trust@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929
        with:
          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
          azure-keyvault-name: "bitwarden-ci"
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -32,11 +32,11 @@ jobs:
				@@ -32,11 +32,11 @@ jobs:
            exit 1
          fi
      - name: Checkout repo
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

      - name: Check Release Version
        id: version
-        uses: bitwarden/gh-actions/release-version-check@f096207b7a2f31723165aee6ad03e91716686e78
+        uses: bitwarden/gh-actions/release-version-check@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929
        with:
          release-type: ${{ github.event.inputs.release_type }}
          project-type: dotnet
@ -68,13 +68,13 @@ jobs:
				@@ -68,13 +68,13 @@ jobs:

      - name: Setup DCT
        id: setup-dct
-        uses: bitwarden/gh-actions/setup-docker-trust@f096207b7a2f31723165aee6ad03e91716686e78
+        uses: bitwarden/gh-actions/setup-docker-trust@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929
        with:
          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
          azure-keyvault-name: "bitwarden-ci"

      - name: Checkout repo
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

      - name: Pull latest selfhost image
        run: |
@ -116,7 +116,7 @@ jobs:
				@@ -116,7 +116,7 @@ jobs:
    needs: setup
    steps:
      - name: Create release
-        uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
+        uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0
        with:
          commit: ${{ github.sha }}
          tag: "v${{ needs.setup.outputs.release_version }}"
@ -153,26 +153,19 @@ jobs:
				@@ -153,26 +153,19 @@ jobs:
            exit 1
          fi

-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3
+      - name: Login to Azure - CI subscription
+        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
        if: failure()
        with:
          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
        if: failure()
-        env:
-          KEYVAULT: bitwarden-ci
-          SECRETS: |
-            devops-alerts-slack-webhook-url
-        run: |
-          for i in ${SECRETS//,/ }
-          do
-            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
-            echo "::add-mask::$VALUE"
-            echo "::set-output name=$i::$VALUE"
-          done
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "devops-alerts-slack-webhook-url"

      - name: Notify Slack on failure
        uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@ -15,22 +15,22 @@ jobs:
				@@ -15,22 +15,22 @@ jobs:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout Branch
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3
+        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
        with:
         creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
+        uses: bitwarden/gh-actions/get-keyvault-secrets@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929
        with:
          keyvault: "bitwarden-ci"
          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0
+        uses: crazy-max/ghaction-import-gpg@72b6676b71ab476b77e676928516f6982eef7a41 # v5.3.0
        with:
          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
@ -43,12 +43,12 @@ jobs:
				@@ -43,12 +43,12 @@ jobs:
          git push -u origin version_bump_${{ github.event.inputs.version_number }}

      - name: Checkout Version Branch
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
        with:
          ref: version_bump_${{ github.event.inputs.version_number }}

      - name: Bump Version - csproj
-        uses: bitwarden/gh-actions/version-bump@f096207b7a2f31723165aee6ad03e91716686e78
+        uses: bitwarden/gh-actions/version-bump@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929
        with:
          version: ${{ github.event.inputs.version_number }}
          file_path: "./src/KeyConnector/KeyConnector.csproj"
--- a/.github/workflows/workflow-linter.yml
+++ b/.github/workflows/workflow-linter.yml
@ -8,4 +8,4 @@ on:
				@@ -8,4 +8,4 @@ on:

 jobs:
  call-workflow:
-    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@f096207b7a2f31723165aee6ad03e91716686e78
+    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929