From e9bb9c420954a80d461d8c0d7236b7d2ad77dcc3 Mon Sep 17 00:00:00 2001 From: Oliver Weyhmueller Date: Tue, 7 Jan 2025 09:11:46 +0100 Subject: [PATCH] fix: add license --- LICENSE | 21 +++++++++++++++ action.yml | 76 ++++++++++++++++++++++++++++-------------------------- 2 files changed, 61 insertions(+), 36 deletions(-) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8aa2645 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) [year] [fullname] + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/action.yml b/action.yml index d8ff9b6..25ea71a 100644 --- a/action.yml +++ b/action.yml @@ -1,25 +1,29 @@ --- -name: Setup Java environment -description: Initialize Java Environment and retrieve secrets from Vault +# SPDX-License-Identifier: MIT +name: "Setup Java environment" +description: "Initialize Java Environment and retrieve secrets from Vault" +author: Oliver Weyhmüller inputs: - vault-role-id: - description: Role ID of Approle + roleid: + description: "Role ID of Approle" required: true - vault-secret-id: - description: Secret ID of Approle + default: "" + secretid: + description: "Secret ID of Approle" required: true + default: "" runs: - using: composite + using: "composite" steps: - - name: Import Secrets - id: import-secrets - uses: https://github.com/hashicorp/vault-action@v3 + - name: "Import Secrets" + id: "import-secrets" + uses: "https://github.com/hashicorp/vault-action@v3" with: - url: https://vault.w9r.dev - method: approle - role: forgejo-ci - roleId: ${{ inputs.vault-role-id }} - secretId: ${{ inputs.vault-secret-id }} + url: "https://vault.w9r.dev" + method: "approle" + role: "forgejo-ci" + roleId: "${{ inputs.roleid }}" + secretId: "${{ inputs.secretid }}" secrets: | kv/data/ci/nexus username | NEXUS_USERNAME ; kv/data/ci/nexus password | NEXUS_PASSWORD ; @@ -27,16 +31,16 @@ runs: kv/data/ci/vulnz password | VULNZ_PASSWORD ; kv/data/ci/releasebot gpgPrivateKey | RELEASEBOT_PRIVATE_KEY ; kv/data/ci/releasebot gpgPublicKey | RELEASEBOT_PUBLIC_KEY ; - kv/data/ci/releasebot gpgPassphrease | RELEASEBOT_PASSPHRASE ; + kv/data/ci/releasebot gpgPassphrase | RELEASEBOT_PASSPHRASE ; kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ; kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ; kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ; - kv/data/ci/signing gpgPassphrease | GPG_PASSPHRASE ; + kv/data/ci/signing gpgPassphrase | GPG_PASSPHRASE ; kv/data/ci/sonarqube sonarToken | SONARQUBE_TOKEN ; kv/data/ci/sonarqube sonarHost | SONARQUBE_HOST ; - - name: Set up Environment - shell: bash + - name: "Set up Environment" + shell: "bash" run: | apt update apt install -y zip @@ -44,14 +48,14 @@ runs: mkdir -p /root/.m2 touch /root/.jreleaser/config.properties - - name: Install syft - uses: https://github.com/anchore/sbom-action/download-syft@v0 - id: install_syft + - name: "Install syft" + uses: "https://github.com/anchore/sbom-action/download-syft@v0" + id: "install_syft" with: - syft-version: v1.18.1 + syft-version: "v1.18.1" - - name: maven-settings-xml-action - uses: https://github.com/whelk-io/maven-settings-xml-action@v22 + - name: "maven-settings-xml-action" + uses: "https://github.com/whelk-io/maven-settings-xml-action@v22" with: repositories: > [ @@ -124,26 +128,26 @@ runs: ] output_file: /root/.m2/settings.xml - - name: Setup Java - uses: https://github.com/actions/setup-java@v4 + - name: "Setup Java" + uses: "https://github.com/actions/setup-java@v4" with: - distribution: temurin # See 'Supported distributions' for available options + distribution: "temurin" java-version: 21 - cache: maven + cache: "maven" check-latest: true - - name: Import Commit Signing GPG key - id: import-gpg - uses: https://github.com/crazy-max/ghaction-import-gpg@v6 + - name: "Import Commit Signing GPG key" + id: "import-gpg" + uses: "https://github.com/crazy-max/ghaction-import-gpg@v6" with: - gpg_private_key: ${{ env.RELEASEBOT_PRIVATE_KEY }} - passphrase: ${{ env.RELEASEBOT_PASSPHRASE }} + gpg_private_key: "${{ env.RELEASEBOT_PRIVATE_KEY }}" + passphrase: "${{ env.RELEASEBOT_PASSPHRASE }}" git_user_signingkey: true git_commit_gpgsign: true - - name: GPG user IDs - shell: bash + - name: "GPG user IDs" + shell: "bash" run: | echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}" echo "keyid: ${{ steps.import-gpg.outputs.keyid }}"