diff --git a/.github/workflows/check-renovatebot-config.yml b/.github/workflows/check-renovatebot-config.yml index 6ff501c..767ff38 100644 --- a/.github/workflows/check-renovatebot-config.yml +++ b/.github/workflows/check-renovatebot-config.yml @@ -6,8 +6,11 @@ on: - main pull_request: +permissions: + contents: read + jobs: validate: - uses: HSLdevcom/jore4-tools/.github/workflows/shared-check-renovatebot-config.yml@shared-check-renovatebot-config-v1 + uses: HSLdevcom/jore4-tools/.github/workflows/shared-check-renovatebot-config.yml@shared-check-renovatebot-config-v2 with: config_file_path: renovatebot/jore4-default-preset.json5 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 40fe669..586acef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,9 +3,12 @@ name: CI on: pull_request: +permissions: + contents: read + jobs: run_e2e_tests_workflow: name: Test run E2E tests workflow uses: ./.github/workflows/shared-run-e2e.yml with: - test-tags: '' + test-tags: "" diff --git a/.github/workflows/doctoc.yml b/.github/workflows/doctoc.yml index 657be74..e087aca 100644 --- a/.github/workflows/doctoc.yml +++ b/.github/workflows/doctoc.yml @@ -6,6 +6,9 @@ on: - main pull_request: +permissions: + contents: read + jobs: verify-doctoc: name: Verifies whether table of contents has been updated @@ -13,7 +16,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Run doctoc on README run: npx doctoc README.md diff --git a/.github/workflows/shared-build-and-publish-docker-image.yml b/.github/workflows/shared-build-and-publish-docker-image.yml index a100945..9b9b0aa 100644 --- a/.github/workflows/shared-build-and-publish-docker-image.yml +++ b/.github/workflows/shared-build-and-publish-docker-image.yml @@ -24,22 +24,22 @@ on: description: Docker build context. This needs to be Git repository context; see https://docs.docker.com/build/concepts/context/#url-fragments type: string required: false - default: null + default: "" build_args: description: Docker build time arguments type: string required: false - default: null + default: "" target: description: Sets the target stage to build type: string required: false - default: null + default: "" artifact-id: description: Artifact ID needed to download for the build. type: string required: false - default: null + default: "" artifact-path: description: Target where to download the artifact. type: string @@ -110,7 +110,7 @@ jobs: # Checkout is needed when context is local "." # Otherwise the repository code will not be fetched for the build if: ${{ inputs.context == '.' }} - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Download artifacts if: ${{ inputs.artifact-id }} diff --git a/.github/workflows/shared-check-renovatebot-config.yml b/.github/workflows/shared-check-renovatebot-config.yml index 189742c..b0138b7 100644 --- a/.github/workflows/shared-check-renovatebot-config.yml +++ b/.github/workflows/shared-check-renovatebot-config.yml @@ -13,6 +13,9 @@ on: required: false default: "false" +permissions: + contents: read + jobs: validate: name: Validate renovatebot config diff --git a/.github/workflows/shared-run-e2e.yml b/.github/workflows/shared-run-e2e.yml index f7c1212..5068c31 100644 --- a/.github/workflows/shared-run-e2e.yml +++ b/.github/workflows/shared-run-e2e.yml @@ -11,7 +11,7 @@ on: Git repository's main branch. type: string required: false - default: null + default: "" ui_version: description: Version of ui to use (docker image tag). Set to "" if using the default @@ -97,7 +97,8 @@ on: required: false default: "" tiamat_version: - description: Version of tiamat to use (docker image tag). Set to "" if using + description: + Version of tiamat to use (docker image tag). Set to "" if using the default version. type: string required: false @@ -124,11 +125,10 @@ on: required: false default: "@smoke" video: - description: - Turn video on or off. Supported values are 'true' and 'false'. + description: Turn video on or off. Supported values are 'true' and 'false'. type: string required: false - default: 'false' + default: "false" update_e2e_test_durations: description: | Should the E2E test durations be updated to jore4-ci-data repository's e2e-test-durations branch @@ -140,10 +140,12 @@ on: default: false secrets: jore4_ci_data_repo_ssh_key: - description: - SSH key that can be used to write to HSLdevcom/jore4-ci-data repository. + description: SSH key that can be used to write to HSLdevcom/jore4-ci-data repository. required: false +permissions: + contents: read + jobs: run_e2e_tests: name: Run e2e tests @@ -231,7 +233,7 @@ jobs: cat ${{ github.workspace }}/durations.out.json - name: Upload test durations - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: "e2e-test-durations-${{ strategy.job-index }}" path: ${{ github.workspace }}/durations.out.json @@ -247,7 +249,7 @@ jobs: - name: Upload test reports as an artifact # Should be run especially when tests fail if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: cypress-test-results-${{ strategy.job-index }} path: ${{ github.workspace }}/ctrf-report.json @@ -273,7 +275,7 @@ jobs: - name: Upload test reports as an artifact if: always() && steps.copy_test_reports.outputs.test_reports_exist == 'true' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: cypress-docker-reports-${{ strategy.job-index }} path: ${{ github.workspace }}/test-reports @@ -285,7 +287,7 @@ jobs: - run_e2e_tests steps: - name: Download E2E Test Results - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 continue-on-error: true with: pattern: cypress-test-results-* @@ -294,7 +296,7 @@ jobs: - name: Publish Test Report uses: ctrf-io/github-test-reporter@27b97adba93f02142c573c8a710045cac0d874ae # v1.0.14 with: - report-path: 'ctrf/*/*.json' + report-path: "ctrf/*/*.json" summary-report: true failed-report: true flaky-report: true @@ -309,15 +311,15 @@ jobs: - run_e2e_tests steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - repository: 'HSLdevcom/jore4-ci-data' + repository: "HSLdevcom/jore4-ci-data" ref: e2e-test-durations ssh-key: ${{ secrets.jore4_ci_data_repo_ssh_key }} - name: Download E2E Test Durations - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v6 with: pattern: e2e-test-durations-* path: ${{ github.workspace }}/split-durations diff --git a/.github/workflows/test-healthcheck-action.yml b/.github/workflows/test-healthcheck-action.yml index 3ce5d00..05b1336 100644 --- a/.github/workflows/test-healthcheck-action.yml +++ b/.github/workflows/test-healthcheck-action.yml @@ -6,6 +6,9 @@ on: - main pull_request: +permissions: + contents: read + jobs: test-healthcheck-success: name: Verifies whether healthcheck action succeeds when it should @@ -13,7 +16,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Startup sample HTTP server run: docker run -d -p 8080:80 nginxdemos/hello diff --git a/.github/workflows/test-setup-e2e-environment-action.yml b/.github/workflows/test-setup-e2e-environment-action.yml index 8951b2b..36e4050 100644 --- a/.github/workflows/test-setup-e2e-environment-action.yml +++ b/.github/workflows/test-setup-e2e-environment-action.yml @@ -6,6 +6,9 @@ on: - main pull_request: +permissions: + contents: read + jobs: test-e2e-setup-action: runs-on: ubuntu-24.04 @@ -14,48 +17,48 @@ jobs: matrix: include: # no overwrites for images - - ui-docker-image: - hasura-docker-image: - auth-docker-image: - mbtiles-docker-image: - jore3importer-docker-image: - testdb-docker-image: - mssqltestdb-docker-image: - mapmatching-docker-image: - mapmatchingdb-docker-image: - cypress-docker-image: - hastus-docker-image: - custom-docker-compose: + - ui-docker-image: "" + hasura-docker-image: "" + auth-docker-image: "" + mbtiles-docker-image: "" + jore3importer-docker-image: "" + testdb-docker-image: "" + mssqltestdb-docker-image: "" + mapmatching-docker-image: "" + mapmatchingdb-docker-image: "" + cypress-docker-image: "" + hastus-docker-image: "" + custom-docker-compose: "" # overwrite some - ui-docker-image: "hsldevcom/jore4-ui:latest" - hasura-docker-image: - auth-docker-image: - mbtiles-docker-image: - jore3importer-docker-image: - testdb-docker-image: - mssqltestdb-docker-image: - mapmatching-docker-image: - mapmatchingdb-docker-image: - cypress-docker-image: - hastus-docker-image: - custom-docker-compose: + hasura-docker-image: "" + auth-docker-image: "" + mbtiles-docker-image: "" + jore3importer-docker-image: "" + testdb-docker-image: "" + mssqltestdb-docker-image: "" + mapmatching-docker-image: "" + mapmatchingdb-docker-image: "" + cypress-docker-image: "" + hastus-docker-image: "" + custom-docker-compose: "" # use custom docker-compose file - - ui-docker-image: - hasura-docker-image: - auth-docker-image: - mbtiles-docker-image: - jore3importer-docker-image: - testdb-docker-image: - mssqltestdb-docker-image: - mapmatching-docker-image: - mapmatchingdb-docker-image: - cypress-docker-image: - hastus-docker-image: + - ui-docker-image: "" + hasura-docker-image: "" + auth-docker-image: "" + mbtiles-docker-image: "" + jore3importer-docker-image: "" + testdb-docker-image: "" + mssqltestdb-docker-image: "" + mapmatching-docker-image: "" + mapmatchingdb-docker-image: "" + cypress-docker-image: "" + hastus-docker-image: "" custom-docker-compose: "custom-compose.yml" # this overwrites the hasura image to be "jore4-hasura:latest" steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Create a temporary custom docker compose file for testing run: | diff --git a/README.md b/README.md index a74536e..d49fcd0 100644 --- a/README.md +++ b/README.md @@ -296,7 +296,7 @@ Example: ``` jobs: validate: - uses: HSLdevcom/jore4-tools/.github/workflows/shared-check-renovatebot-config.yml@shared-check-renovatebot-config-v1 + uses: HSLdevcom/jore4-tools/.github/workflows/shared-check-renovatebot-config.yml@shared-check-renovatebot-config-v2 with: config_file_path: renovatebot/jore4-default-preset.json5 ```