Merge pull request #10050 from habitat-sh/dependabot/cargo/hyper-1.8.0 #482
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # stub to call common GitHub Action (GA) as part of Continuous Integration (CI) Pull Request process checks for main branch | |
| # inputs are described in the chef/common-github-actions/<GA.yml> with same name as this stub | |
| # | |
| # secrets are inherited from the calling workflow, typically SONAR_TOKEN, SONAR_HOST_URL, GH_TOKEN, AKEYLESS_JWT_ID, POLARIS_SERVER_URL and POLARIS_ACCESS_TOKEN | |
| name: CI Pull Request on Main Branch | |
| on: | |
| pull_request: | |
| branches: [ main, release/** ] | |
| push: | |
| branches: [ main, release/** ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| env: | |
| STUB_VERSION: "1.0.5" | |
| jobs: | |
| echo_version: | |
| name: 'Echo stub version' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: echo version of stub and inputs | |
| run: | | |
| echo "CI main pull request stub version $STUB_VERSION" | |
| call-ci-main-pr-check-pipeline: | |
| uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@main | |
| secrets: inherit | |
| permissions: | |
| id-token: write | |
| contents: read | |
| with: | |
| visibility: ${{ github.event.repository.visibility }} # private, public, or internal | |
| # go-private-modules: GOPRIVATE for Go private modules, default is 'github.com/progress-platform-services/* | |
| # if version specified, it takes precedence; can be a semver like 1.0.2-xyz or a tag like "latest" | |
| version: '2.0.239' # ${{ github.event.repository.version }} | |
| detect-version-source-type: 'none' # options include "none" (do not detect), "file", "github-tag" or "github-release" | |
| detect-version-source-parameter: '' # use for file name | |
| language: 'rust' # Go, Ruby, Rust, JavaScript, TypeScript, Python, Java, C#, PHP, other - used for build and SonarQube language setting | |
| # complexity-checks | |
| perform-complexity-checks: true | |
| # scc-output-filename: 'scc-output.txt' | |
| perform-language-linting: false # Perform language-specific linting and pre-compilation checks | |
| # trufflehog secret scanning | |
| perform-trufflehog-scan: true | |
| # trivy dependency and container scanning | |
| perform-trivy-scan: true | |
| # BlackDuck SAST (Polaris) and SCA scans (requires a build or download to do SAST) | |
| # requires these secrets: POLARIS_SERVER_URL, POLARIS_ACCESS_TOKEN | |
| perform-blackduck-polaris: true | |
| polaris-application-name: "Chef-Habitat" # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Other, Chef-Non-Product | |
| polaris-project-name: ${{ github.event.repository.name }} | |
| polaris-blackduck-executable: 'path/to/blackduck/binary' | |
| polaris-executable-detect-path: 'path/to/detect' | |
| # perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language | |
| build: false | |
| # ga-build-profile: $chef-ga-build-profile | |
| # language: $chef-ga-build-language # this will be removed from stub as autodetected in central GA | |
| unit-tests: false | |
| # perform SonarQube scan, with or wihout unit test coverage data | |
| # requires secrets SONAR_TOKEN and SONAR_HOST_URL (progress.sonar.com) | |
| perform-sonarqube-scan: true | |
| # perform-sonar-build: true | |
| # build-profile: 'default' | |
| # report-unit-test-coverage: true | |
| perform-docker-scan: false # scan Dockerfile and built images with Docker Scout or Trivy; see repo custom properties matching "container" | |
| # report to central developer dashboard | |
| report-to-atlassian-dashboard: false | |
| quality-product-name: 'Chef-360' # product name for quality reporting, like Chef360, Courier, Inspec | |
| # quality-product-name: ${{ github.event.repository.name }} # like 'Chef-360' - the product name for quality reporting, like Chef360, Courier, Inspec | |
| # quality-sonar-app-name: 'YourSonarAppName' | |
| # quality-testing-type: 'Integration' like Unit, Integration, e2e, api, Performance, Security | |
| # quality-service-name: 'YourServiceOrRepoName' | |
| # quality-junit-report: 'path/to/junit/report'' | |
| # perform native and Habitat packaging, publish to package repositories | |
| package-binaries: false # Package binaries (e.g., RPM, DEB, MSI, dpkg + signing + SHA) | |
| habitat-build: false # Create Habitat packages | |
| publish-packages: false # Publish packages (e.g., container from Dockerfile to ECR, go-releaser binary to releases page, omnibus to artifactory, gems, choco, homebrew, other app stores) | |
| # generate and export Software Bill of Materials (SBOM) in various formats | |
| generate-sbom: true | |
| export-github-sbom: true # SPDX JSON artifact on job instance | |
| perform-blackduck-sca-scan: true # combined with generate sbom & generate github-sbom, also needs version above | |
| blackduck-project-group-name: 'Chef-Habitat' # typically one of (Chef), Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Non-Product' | |
| blackduck-project-name: ${{ github.event.repository.name }} # BlackDuck project name, typically the repository name | |
| generate-blackduck-sbom: false # obsolete, use perform-blackduck-sca-scan instead | |
| generate-msft-sbom: false | |
| license_scout: false # Run license scout for license compliance (uses .license_scout.yml) | |
| # udf1: 'default' # user defined flag 1 | |
| # udf2: 'default' # user defined flag 2 | |
| # udf3: 'default' # user defined flag 3 |