chore: nightly release (#1961)

* chore: nightly release

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* chore: fix chart annotations

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* ci: address workflows security

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

---------

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

Author: moabu

.github/workflows/activate-release.yml

@@ -5,6 +5,8 @@ on:
   pull_request:
     types:
       - closed
+permissions:
+  contents: read
 jobs:
   create_release:
     if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'autorelease:pending')) }}

.github/workflows/build-docs.yml

@@ -28,6 +28,8 @@ on:
 concurrency:
   group: run-once
   cancel-in-progress: false
+permissions:
+  contents: read
 jobs:
   build:
     if: github.repository_owner == 'GluuFederation'

.github/workflows/build-packages.yml

@@ -5,6 +5,8 @@ on:
     tags:
     - 'v**'
     - 'nightly'
+permissions:
+  contents: read
 jobs:
   publish_binary_packages:
     if: github.repository == 'GluuFederation/flex'
@@ -98,7 +100,7 @@ jobs:
       id: run_build
       run: |
          cd flex/
-         sudo python${{ matrix.python_version }} flex_setup.py --jans-branch="v1.2.0" --jans-setup-branch="v1.2.0" -download-exit -yes --keep-downloads --keep-setup -force-download
+         sudo python${{ matrix.python_version }} flex_setup.py --jans-branch="main" --jans-setup-branch="main" -download-exit -yes --keep-downloads --keep-setup -force-download
          cp -r /opt/dist flex-src/opt/
          cp -r /opt/jans flex-src/opt/
          touch flex-src/opt/jans/jans-setup/package

.github/workflows/central_code_quality_check.yml

@@ -21,7 +21,8 @@ on:
       - 'docker-**/version.txt'
       - '**.md'
   workflow_dispatch:
-
+permissions:
+  contents: read
 jobs:
   sonar-scan:
     name: sonar scan

.github/workflows/clean_github_cache.yml

@@ -4,7 +4,8 @@ on:
     types:
       - closed
   workflow_dispatch:
-
+permissions:
+  contents: read
 jobs:
   cleanup:
     runs-on: ubuntu-latest

.github/workflows/codeql-analysis.yml

@@ -9,7 +9,8 @@ on:
   workflow_dispatch:
   schedule:
     - cron: '0 8 * * *'
-
+permissions:
+  contents: read
 jobs:
   analyze:
     name: Analyze

.github/workflows/commit-check.yml

@@ -15,7 +15,8 @@ on:
       - reopened
       - synchronize
   push:
-
+permissions:
+  contents: read
 jobs:
   check-commit-message:
     name: Check Commit Message
@@ -24,7 +25,7 @@ jobs:
       - name: Checkout Project
         uses: actions/checkout@v3
         with:
-          # We need to fetch with a depth of 2 for pull_request so we can do HEAD^2
+          # We need to fetch with a depth of 2 for pull_request, so we can do HEAD^2
           fetch-depth: 2
 
       - uses: actions/setup-node@v3

.github/workflows/delete_workflow_runs.yml

@@ -3,6 +3,8 @@ on:
   schedule:
     - cron: '0 0 */2 * *'
   workflow_dispatch:
+permissions:
+  contents: read
 jobs:
   del_runs:
     runs-on: ubuntu-latest

.github/workflows/docker_build_image.yml

@@ -74,9 +74,9 @@ jobs:
         if: steps.build_docker_image.outputs.build || github.event_name == 'tags'
         run: |
           sudo apt-get update
-          #sudo python3 -m pip install --upgrade pip
-          sudo pip3 install setuptools --upgrade
-          sudo pip3 install -r ./automation/requirements.txt
+          sudo python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
+          sudo pip3 install --ignore-installed setuptools --upgrade
+          sudo pip3 install --ignore-installed -r ./automation/requirements.txt 
           sudo apt-get update
 
 
@@ -149,11 +149,11 @@ jobs:
         if: github.event_name == 'workflow_dispatch'
         run: |
           sudo apt-get update
-          #sudo python3 -m pip install --upgrade pip
-          sudo pip3 install setuptools --upgrade
-          sudo pip3 install -r ./automation/requirements.txt
+          sudo python3 -m pip install --upgrade pip || echo "Failed to upgrade pip"
+          sudo pip3 install --ignore-installed setuptools --upgrade
+          sudo pip3 install --ignore-installed -r ./automation/requirements.txt 
           sudo apt-get update
-          sudo apt-get install jq
+          sudo apt-get install --ignore-installed jq
 
       - name: Update Build date in Dockerfile
         if: github.event_name == 'workflow_dispatch'

.github/workflows/docker_imagescan.yml

@@ -18,6 +18,8 @@ on:
       - "!docker-**/version.txt"
       - "!**.md"
   workflow_dispatch:
+permissions:
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest