diff --git a/.github/actions/dockerless/action.yml b/.github/actions/dockerless/action.yml index 6dc9a9c..9e2793e 100644 --- a/.github/actions/dockerless/action.yml +++ b/.github/actions/dockerless/action.yml @@ -87,11 +87,12 @@ runs: - name: Acquire workflow scripts shell: bash + env: + SCRIPT_VERSION: ${{ inputs.script_version }} run: | echo "📥 Acquiring workflow scripts..." chmod +x "${{ github.action_path }}/scripts/acquire-scripts.sh" - "${{ github.action_path }}/scripts/acquire-scripts.sh" \ - "${{ inputs.script_version }}" + "${{ github.action_path }}/scripts/acquire-scripts.sh" "$SCRIPT_VERSION" - name: Configure Git Authentication shell: bash @@ -139,18 +140,17 @@ runs: run: | echo "🚀 Executing Simple Forge workflow..." echo "🔍 DEBUG: Input validation..." - echo " simple_forge_api_key input: $([ -n '${{ inputs.simple_forge_api_key }}' ] && echo '[SET]' || echo '[EMPTY]')" echo " API_KEY env var: $([ -n "$API_KEY" ] && echo "[SET - ${#API_KEY} chars]" || echo "[EMPTY]")" chmod +x "${{ github.action_path }}/scripts/orchestrate-workflow.sh" "${{ github.action_path }}/scripts/orchestrate-workflow.sh" \ - "${{ inputs.job_id }}" \ - "${{ inputs.issue_id }}" \ - "${{ inputs.service_url }}" \ - "${{ inputs.branch }}" \ + "$JOB_ID" \ + "$ISSUE_ID" \ + "$SERVICE_URL" \ + "$BRANCH" \ "${{ github.repository }}" \ "${{ github.run_id }}" \ "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - "${{ inputs.simple_forge_api_key }}" + "$SIMPLE_FORGE_API_KEY" - name: Cleanup if: always() diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..6d4b4e6 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,21 @@ +version: 2 + +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + day: monday + open-pull-requests-limit: 5 + labels: + - dependencies + - github-actions + commit-message: + prefix: deps + include: scope + groups: + actions-minor-and-patch: + applies-to: version-updates + update-types: + - minor + - patch diff --git a/.github/workflows/security-scan-comment.yml b/.github/workflows/security-scan-comment.yml new file mode 100644 index 0000000..ddcf092 --- /dev/null +++ b/.github/workflows/security-scan-comment.yml @@ -0,0 +1,15 @@ +name: Security Scan Comment +on: + workflow_run: + workflows: ["Security Scan"] + types: [completed] +permissions: + pull-requests: write + actions: read +jobs: + comment: + if: github.event.workflow_run.event == 'pull_request' + uses: simple-container-com/actions/.github/workflows/security-scan-comment.yml@main + permissions: + pull-requests: write + actions: read diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml new file mode 100644 index 0000000..9db9d6b --- /dev/null +++ b/.github/workflows/security-scan.yml @@ -0,0 +1,14 @@ +name: Security Scan +on: + push: + branches: [v1] + pull_request: + branches: [v1] + workflow_dispatch: +permissions: + contents: read +jobs: + security: + uses: simple-container-com/actions/.github/workflows/security-scan.yml@main + permissions: + contents: read diff --git a/.github/workflows/semgrep-comment.yml b/.github/workflows/semgrep-comment.yml new file mode 100644 index 0000000..9b524ad --- /dev/null +++ b/.github/workflows/semgrep-comment.yml @@ -0,0 +1,15 @@ +name: Semgrep Comment +on: + workflow_run: + workflows: ["Semgrep"] + types: [completed] +permissions: + pull-requests: write + actions: read +jobs: + comment: + if: github.event.workflow_run.event == 'pull_request' + uses: simple-container-com/actions/.github/workflows/semgrep-comment.yml@main + permissions: + pull-requests: write + actions: read diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 0000000..38f190e --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,14 @@ +name: Semgrep +on: + push: + branches: [v1] + pull_request: + branches: [v1] + workflow_dispatch: +permissions: + contents: read +jobs: + semgrep: + uses: simple-container-com/actions/.github/workflows/semgrep.yml@main + permissions: + contents: read