Skip to content

Commit 1386fab

Browse files
spbsolublespbsoluble
authored
Merge pull request #127 from Keyfactor/v4
V4
2 parents 95c1fc0 + e8ef978 commit 1386fab

File tree

9 files changed

+228
-289
lines changed

9 files changed

+228
-289
lines changed

.github/workflows/generate-readme.yml

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,34 @@ name: Generate README from templates and data files using doctool
22
on:
33
workflow_call:
44
secrets:
5-
token:
5+
token:
66
description: 'Secret token from caller workflow to approve readme'
77
required: true
8+
entra_username:
9+
description: 'Entra username for authentication'
10+
required: false
11+
entra_password:
12+
description: 'Entra password for authentication'
13+
required: false
14+
command_client_id:
15+
description: 'Command client ID for API authentication'
16+
required: false
17+
command_client_secret:
18+
description: 'Command client secret for API authentication'
19+
required: false
20+
inputs:
21+
command_token_url:
22+
type: string
23+
description: 'URL for obtaining command tokens'
24+
required: false
25+
command_hostname:
26+
type: string
27+
description: 'Command hostname for API endpoints'
28+
required: false
29+
command_base_api_path:
30+
type: string
31+
description: 'Base API path for the Command API'
32+
required: false
833
permissions:
934
contents: write
1035

@@ -20,8 +45,15 @@ jobs:
2045
path: doctool
2146
token: ${{ secrets.token }}
2247

23-
- name: Launch local doctool
48+
- name: Launch local doctool
2449
uses: ./doctool
2550
id: launch-doctool
2651
with:
2752
token: ${{ secrets.token }}
53+
entra_username: ${{ secrets.entra_username }}
54+
entra_password: ${{ secrets.entra_password }}
55+
command_client_id: ${{ secrets.command_client_id }}
56+
command_client_secret: ${{ secrets.command_client_secret }}
57+
command_token_url: ${{ vars.DOCTOOL_COMMAND_TOKEN_URL }}
58+
command_hostname: ${{ vars.DOCTOOL_COMMAND_HOSTNAME }}
59+
command_base_api_path: ${{ vars.DOCTOOL_COMMAND_BASE_API_PATH }}

.github/workflows/github-release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ on:
2020

2121
jobs:
2222
call-check-file-action:
23-
uses: keyfactor/actions/.github/workflows/check-todos-license-headers.yml@v3
23+
uses: keyfactor/actions/.github/workflows/check-todos-license-headers.yml@v4
2424

2525
create-github-release-workflow:
2626
runs-on: ubuntu-latest

.github/workflows/starter.yml

Lines changed: 67 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,6 @@ on:
55
token:
66
description: 'GitHub token'
77
required: true
8-
## This secret 'APPROVE_README_PUSH' is not used.
9-
## Remove when the v3 bootstrap has been updated
10-
APPROVE_README_PUSH:
11-
description: 'Token to add-and-commit generated readme'
12-
required: true
138
gpg_key:
149
description: 'GPG Private Key'
1510
required: true
@@ -25,11 +20,35 @@ on:
2520
scan_token:
2621
description: 'Polaris token'
2722
required: false
28-
23+
entra_username:
24+
description: 'Entra username for authentication'
25+
required: false
26+
entra_password:
27+
description: 'Entra password for authentication'
28+
required: false
29+
command_client_id:
30+
description: 'Command client ID for API authentication'
31+
required: false
32+
command_client_secret:
33+
description: 'Command client secret for API authentication'
34+
required: false
35+
inputs:
36+
command_token_url:
37+
type: string
38+
description: 'URL for obtaining command tokens'
39+
required: false
40+
command_hostname:
41+
type: string
42+
description: 'Command hostname for API endpoints'
43+
required: false
44+
command_base_api_path:
45+
type: string
46+
description: 'Base API path for the Command API'
47+
required: false
2948

3049
jobs:
3150
call-assign-from-json-workflow:
32-
uses: Keyfactor/actions/.github/workflows/assign-env-from-json.yml@v3
51+
uses: Keyfactor/actions/.github/workflows/assign-env-from-json.yml@v4
3352

3453
call-get-primary-language:
3554
outputs:
@@ -78,91 +97,79 @@ jobs:
7897
token: ${{ secrets.GITHUB_TOKEN }}
7998
- name: Create an array from platform_list input #
8099
id: vars
81-
run:
100+
run:
82101
echo "platform_matrix=`cat integration-manifest.json | jq '.platform_matrix'`" | tee -a $GITHUB_OUTPUT | tee -a $GITHUB_STEP_SUMMARY
83102

84103
call-create-github-release-workflow:
85-
uses: Keyfactor/actions/.github/workflows/github-release.yml@v3
104+
uses: Keyfactor/actions/.github/workflows/github-release.yml@v4
86105

87106
call-dotnet-build-and-release-workflow:
88-
needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow]
107+
needs: [ call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow ]
89108
if: needs.call-get-primary-language.outputs.primary_language == 'C#'
90-
uses: keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@v3
109+
uses: keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@v4
91110
with:
92111
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
93112
release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
94113
release_dir: ${{ needs.call-assign-from-json-workflow.outputs.release_dir }}
95114
release_project: ${{ needs.call-assign-from-json-workflow.outputs.release_project }}
96-
integration_type: ${{ needs.call-assign-from-json-workflow.outputs.integration_type }}
97-
secrets:
115+
integration_type: ${{ needs.call-assign-from-json-workflow.outputs.integration_type }}
116+
secrets:
98117
token: ${{ secrets.token }}
99118

100119
call-go-build-and-release-workflow:
101-
needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow,call-goreleaser-exists]
102-
if: needs.call-get-primary-language.outputs.primary_language == 'Go' && needs.call-goreleaser-exists.outputs.goreleaser-exists == 'true'
103-
uses: keyfactor/actions/.github/workflows/go-build-and-release.yml@v3
104-
with:
120+
needs: [ call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow,call-goreleaser-exists ]
121+
if: needs.call-get-primary-language.outputs.primary_language == 'Go' && needs.call-goreleaser-exists.outputs.goreleaser-exists == 'true'
122+
uses: keyfactor/actions/.github/workflows/go-build-and-release.yml@v4
123+
with:
105124
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
106-
secrets:
125+
secrets:
107126
token: ${{ secrets.GITHUB_TOKEN }}
108127
gpg_key: ${{ secrets.gpg_key }}
109128
gpg_pass: ${{ secrets.gpg_pass }}
110129

111-
call-container-build-and-release-workflow:
112-
needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow,call-goreleaser-exists,setup_platforms]
113-
if: needs.call-get-primary-language.outputs.primary_language == 'Go' && needs.call-goreleaser-exists.outputs.goreleaser-exists == 'false'
114-
uses: keyfactor/actions/.github/workflows/container-build-and-release.yml@v3
115-
with:
116-
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
117-
platform_list: ${{ fromJson(needs.setup_platforms.outputs.platform_matrix) }}
118-
secrets:
119-
docker-user: ${{ secrets.docker-user }}
120-
docker-token: ${{ secrets.docker-token }}
121-
122-
call-maven-build-and-release-workflow:
123-
needs: [call-get-primary-language, call-assign-from-json-workflow, call-create-github-release-workflow]
124-
if: needs.call-get-primary-language.outputs.primary_language == 'Java'
125-
uses: keyfactor/actions/.github/workflows/maven-build-and-release.yml@v3
126-
with:
127-
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
128-
release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
129-
release_dir: ${{ needs.call-assign-from-json-workflow.outputs.release_dir }}
130-
secrets:
131-
token: ${{ secrets.token }}
132-
133130
call-generate-readme-workflow:
131+
permissions:
132+
contents: write # Explicitly grant write permission
134133
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
135-
uses: Keyfactor/actions/.github/workflows/generate-readme.yml@v3
134+
uses: Keyfactor/actions/.github/workflows/generate-readme.yml@v4
135+
with:
136+
command_token_url: ${{ vars.COMMAND_TOKEN_URL }}
137+
command_hostname: ${{ vars.COMMAND_HOSTNAME }}
138+
command_base_api_path: ${{ vars.COMMAND_API_PATH }}
136139
secrets:
137140
token: ${{ secrets.token }}
141+
entra_username: ${{ secrets.ENTRA_USERNAME }}
142+
entra_password: ${{ secrets.ENTRA_PASSWORD }}
143+
command_client_id: ${{ secrets.COMMAND_CLIENT_ID }}
144+
command_client_secret: ${{ secrets.COMMAND_CLIENT_SECRET }}
138145

139146
call-update-catalog-workflow:
140147
needs: call-assign-from-json-workflow
141148
if: needs.call-assign-from-json-workflow.outputs.update_catalog == 'true' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
142-
uses: Keyfactor/actions/.github/workflows/update-catalog.yml@v3
143-
secrets:
149+
uses: Keyfactor/actions/.github/workflows/update-catalog.yml@v4
150+
secrets:
144151
token: ${{ secrets.token }}
145152

146153
call-repository-configuration-workflow:
147154
if: github.event_name == 'create' && startsWith(github.ref, 'refs/heads/release-')
148-
uses: Keyfactor/actions/.github/workflows/kf-configure-repo.yml@v3
149-
secrets:
155+
uses: Keyfactor/actions/.github/workflows/kf-configure-repo.yml@v4
156+
secrets:
150157
token: ${{ secrets.token }}
151158

152-
# call-polaris-scan-workflow:
153-
# if: github.event_name == 'pull_request' && (startsWith(github.base_ref, 'release-') || github.base_ref == 'main')
154-
# uses: Keyfactor/actions/.github/workflows/kf-polaris-scan.yml@v3
155-
# with:
156-
# scan_branch: ${{ github.event.pull_request.head.ref }}
157-
# secrets:
158-
# token: ${{ secrets.scan_token }}
159+
call-polaris-scan-workflow:
160+
if: github.event_name == 'pull_request' && (startsWith(github.base_ref, 'release-') || github.base_ref == 'main')
161+
uses: Keyfactor/actions/.github/workflows/kf-polaris-scan.yml@v4
162+
with:
163+
scan_branch: ${{ github.event.pull_request.head.ref }}
164+
secrets:
165+
token: ${{ secrets.scan_token }}
159166

160167
call-post-release-workflow:
161-
needs: [call-assign-from-json-workflow, call-create-github-release-workflow]
162-
if: needs.call-create-github-release-workflow.outputs.IS_FULL_RELEASE == 'True'
163-
uses: Keyfactor/actions/.github/workflows/kf-post-release.yml@v3
164-
secrets:
165-
token: ${{ secrets.token }}
166-
with:
167-
branchname: ${{ github.event.pull_request.base.ref }}
168-
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
168+
needs: [ call-assign-from-json-workflow, call-create-github-release-workflow ]
169+
if: needs.call-create-github-release-workflow.outputs.IS_FULL_RELEASE == 'True'
170+
uses: Keyfactor/actions/.github/workflows/kf-post-release.yml@v4
171+
secrets:
172+
token: ${{ secrets.token }}
173+
with:
174+
branchname: ${{ github.event.pull_request.base.ref }}
175+
release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}

0 commit comments

Comments
 (0)