w9r.dev/action-setup-environment
w9r.dev/action-setup-environment
3
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Compare commits

base: w9r.dev:main
Branches Tags
w9r.dev:main
w9r.dev:renovate/https-github.com-hashicorp-vault-action-digest
w9r.dev:renovate/https-github.com-anchore-sbom-action-digest
w9r.dev:v1.1.4
w9r.dev:v1
w9r.dev:v1.1.3
w9r.dev:v1.1.2
w9r.dev:v1.1.1
w9r.dev:v1.1.0
w9r.dev:v1.0.5
w9r.dev:v1.0.4
w9r.dev:v1.0.3
w9r.dev:v1.0.2
w9r.dev:v1.0.1
w9r.dev:v1.0.0
..
compare: w9r.dev:v1.1.0
Branches Tags
w9r.dev:renovate/https-github.com-hashicorp-vault-action-digest
w9r.dev:renovate/https-github.com-anchore-sbom-action-digest
w9r.dev:main
w9r.dev:v1.1.4
w9r.dev:v1
w9r.dev:v1.1.3
w9r.dev:v1.1.2
w9r.dev:v1.1.1
w9r.dev:v1.1.0
w9r.dev:v1.0.5
w9r.dev:v1.0.4
w9r.dev:v1.0.3
w9r.dev:v1.0.2
w9r.dev:v1.0.1
w9r.dev:v1.0.0

No commits in common. "main" and "v1.1.0" have entirely different histories.
main ... v1.1.0

2 changed files with 22 additions and 36 deletions
Show stats Expand all files Collapse all files

52
action.yml
View file

@ -10,19 +10,12 @@ inputs:
secretid: secretid:
description: "Secret ID of Approle" description: "Secret ID of Approle"
default: "" default: ""
outputs:
gituser:
description: User to use for git operations
value: ${{ steps.import-gpg.outputs.name }}
gitemail:
description: Email to use for git operations
value: ${{ steps.import-gpg.outputs.email }}
runs: runs:
using: "composite" using: "composite"
steps: steps:
- name: "Import Secrets" - name: "Import Secrets"
id: "import-secrets" id: "import-secrets"
uses: "https://github.com/hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c" # v3 uses: "https://github.com/hashicorp/vault-action@v3"
with: with:
url: "https://vault.w9r.dev" url: "https://vault.w9r.dev"
method: "approle" method: "approle"
@ -30,43 +23,42 @@ runs:
roleId: "${{ inputs.roleid }}" roleId: "${{ inputs.roleid }}"
secretId: "${{ inputs.secretid }}" secretId: "${{ inputs.secretid }}"
secrets: | secrets: |
kv/data/ci/nexus username | MAVEN_USERNAME ; kv/data/ci/nexus username | NEXUS_USERNAME ;
kv/data/ci/nexus password | MAVEN_CENTRAL_TOKEN ; kv/data/ci/nexus password | NEXUS_PASSWORD ;
kv/data/ci/nexus username | JRELEASER_ARTIFACTORY_USERNAME ;
kv/data/ci/nexus password | JRELEASER_ARTIFACTORY_TOKEN ;
kv/data/ci/vulnz username | VULNZ_USERNAME ; kv/data/ci/vulnz username | VULNZ_USERNAME ;
kv/data/ci/vulnz password | VULNZ_PASSWORD ; kv/data/ci/vulnz password | VULNZ_PASSWORD ;
kv/data/ci/releasebot gpgPrivateKey | JRELEASER_GPG_SECRET_KEY ; kv/data/ci/releasebot gpgPrivateKey | RELEASEBOT_PRIVATE_KEY ;
kv/data/ci/releasebot gpgPublicKey | JRELEASER_GPG_PUBLIC_KEY ; kv/data/ci/releasebot gpgPublicKey | RELEASEBOT_PUBLIC_KEY ;
kv/data/ci/releasebot gpgPassphrase | JRELEASER_GPG_PASSPHRASE ; kv/data/ci/releasebot gpgPassphrase | RELEASEBOT_PASSPHRASE ;
kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ; kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ;
kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ; kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ;
kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ; kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ;
kv/data/ci/signing gpgPassphrase | MAVEN_GPG_PASSPHRASE ; kv/data/ci/signing gpgPassphrase | GPG_PASSPHRASE ;
kv/data/ci/sonarqube sonarToken | SONAR_TOKEN ; kv/data/ci/sonarqube sonarToken | SONARQUBE_TOKEN ;
kv/data/ci/sonarqube sonarHost | SONAR_HOST_URL ; kv/data/ci/sonarqube sonarHost | SONARQUBE_HOST ;
- name: "Set up Environment" - name: "Set up Environment"
shell: "bash" shell: "bash"
run: | run: |
apt update apt update
apt install -y zip zstd apt install -y zip
mkdir -p /root/.jreleaser mkdir -p /root/.jreleaser
mkdir -p /root/.m2 mkdir -p /root/.m2
touch /root/.jreleaser/config.properties touch /root/.jreleaser/config.properties
- name: "Install syft" - name: "Install syft"
uses: "https://github.com/anchore/sbom-action/download-syft@df80a981bc6edbc4e220a492d3cbe9f5547a6e75" # v0 uses: "https://github.com/anchore/sbom-action/download-syft@v0"
id: "install_syft" id: "install_syft"
with: with:
syft-version: "v1.18.1" syft-version: "v1.18.1"
- name: "Setup Java and Maven" - name: "Setup Java and Maven"
uses: "https://github.com/s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1" # v1.18.0 uses: "https://github.com/s4u/setup-maven-action@v1.18.0"
with: with:
checkout-fetch-depth: 0 checkout-fetch-depth: 0
java-distribution: "temurin" java-distribution: "temurin"
java-version: 21 java-version: 21
cache: "maven"
maven-version: 3.9.9 maven-version: 3.9.9
settings-repositories: > settings-repositories: >
[ [
@ -105,18 +97,18 @@ runs:
[ [
{ {
"id": "maven-group", "id": "maven-group",
"username": "${{ env.MAVEN_USERNAME }}", "username": "${{ env.NEXUS_USERNAME }}",
"password": "${{ env.MAVEN_CENTRAL_TOKEN }}" "password": "${{ env.NEXUS_PASSWORD }}"
}, },
{ {
"id": "maven-snapshots", "id": "maven-snapshots",
"username": "${{ env.MAVEN_USERNAME }}", "username": "${{ env.NEXUS_USERNAME }}",
"password": "${{ env.MAVEN_CENTRAL_TOKEN }}" "password": "${{ env.NEXUS_PASSWORD }}"
}, },
{ {
"id": "maven-releases", "id": "maven-releases",
"username": "${{ env.MAVEN_USERNAME }}", "username": "${{ env.NEXUS_USERNAME }}",
"password": "${{ env.MAVEN_CENTRAL_TOKEN }}" "password": "${{ env.NEXUS_PASSWORD }}"
}, },
{ {
"id": "vulnz", "id": "vulnz",
@ -136,10 +128,10 @@ runs:
- name: "Import Commit Signing GPG key" - name: "Import Commit Signing GPG key"
id: "import-gpg" id: "import-gpg"
uses: "https://github.com/crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5" # v6 uses: "https://github.com/crazy-max/ghaction-import-gpg@v6"
with: with:
gpg_private_key: "${{ env.JRELEASER_GPG_SECRET_KEY }}" gpg_private_key: "${{ env.RELEASEBOT_PRIVATE_KEY }}"
passphrase: "${{ env.JRELEASER_GPG_PASSPHRASE }}" passphrase: "${{ env.RELEASEBOT_PASSPHRASE }}"
git_user_signingkey: true git_user_signingkey: true
git_commit_gpgsign: true git_commit_gpgsign: true

6
renovate.json
View file

@ -1,6 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"local>w9r.dev/renovate-config"
]
}