Skip to content

fix(container): update ghcr.io/dragonflydb/dragonfly docker tag ( v1.25.2 → v1.25.3 ) #3569

fix(container): update ghcr.io/dragonflydb/dragonfly docker tag ( v1.25.2 → v1.25.3 )

fix(container): update ghcr.io/dragonflydb/dragonfly docker tag ( v1.25.2 → v1.25.3 ) #3569

Workflow file for this run

name: Check Code health
on:
push:
# paths:
# - ansible/**
# branches:
# - main
pull_request:
types: [opened, reopened, edited]
branches-ignore:
- renovate/*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
meta:
name: Create meta object
runs-on: ubuntu-latest
permissions: read-all
outputs:
check_files: ${{ steps.vars.outputs.check_files }}
steps:
- uses: actions/[email protected]
with:
fetch-depth: 0
- name: Get changed files
id: changed-files
# kics-scan ignore-line
uses: tj-actions/[email protected]
with:
files_ignore: ansible/requirements.txt,ansible/requirements.yml
files_ignore_separator: ","
- name: Create Meta variables
id: vars
run: |
if [[ "${{ steps.changed-files.outputs.all_changed_files }}" == "" ]]; then
echo "check_files=." >> $GITHUB_OUTPUT
elif [[ ${GITHUB_REF//refs\/heads\//} =~ ^renovate/.* ]]; then
echo "check_files=${{ steps.changed-files.outputs.all_changed_files }}" >> $GITHUB_OUTPUT
else
echo "check_files=." >> $GITHUB_OUTPUT
fi
yaml:
name: Check YAML files
runs-on: ubuntu-latest
needs: [meta]
steps:
- uses: actions/[email protected]
- uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('ansible/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-yamllint
- name: Set up Python
uses: actions/[email protected]
with:
python-version: 3.11
- name: Install linters
working-directory: ansible/
run: |
pip install $(grep wheel requirements.txt)
pip install $(grep yamllint requirements.txt)
- name: Lint YAML files
run: yamllint ${{ needs.meta.outputs.check_files }}
kics:
name: Run kics
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
permissions:
checks: write
contents: read
security-events: write
statuses: write
needs: [yaml, meta]
steps:
- uses: actions/[email protected]
- name: Run kics Scan
uses: Checkmarx/kics-github-action@94469746ec2c43de89a42fb9d2a80070f5d25b16
with:
path: ${{ needs.meta.outputs.check_files }}
config_path: .kics/config.yml
ignore_on_exit: results
output_formats: sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@3d3d628990a5f99229dd9fa1821cc5a4f31b613b
with:
sarif_file: results.sarif
category: kics
ansible-lint:
name: Run Ansible Lint
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
permissions:
checks: write
contents: read
security-events: write
statuses: write
needs: [yaml, meta]
steps:
- uses: actions/[email protected]
- uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('ansible/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-ansible
- uses: actions/cache@v4
with:
path: ~/.cache/ansible-compat
key: ${{ runner.os }}-pip-${{ hashFiles('ansible/requirements.yml') }}
restore-keys: |
${{ runner.os }}-galaxy
- name: Install Ansible-lint
working-directory: ansible/
run: |
pip install $(grep wheel requirements.txt)
pip install $(grep ansible requirements.txt)
pip install $(grep ansible-lint requirements.txt)
sed -i 's/vault_password_file/#vault_password_file/g' ansible.cfg
- name: Run Ansible-Lint
working-directory: ansible/
run: ansible-lint -p --nocolor --sarif-file ../ansible.sarif || true
- name: Upload SARIF file
if: "!cancelled()"
uses: github/codeql-action/upload-sarif@3d3d628990a5f99229dd9fa1821cc5a4f31b613b
with:
checkout_path: ${{ github.workspace }}/ansible
sarif_file: ansible.sarif
category: ansible