From a7de0cd588edb0a502d196616a19106ed8e70f2a Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 15 Jan 2025 17:48:23 +0100 Subject: [PATCH 01/11] add keep_files to workflow --- .github/workflows/publish_api.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish_api.yaml b/.github/workflows/publish_api.yaml index 3f4a6005a..70dc50d71 100644 --- a/.github/workflows/publish_api.yaml +++ b/.github/workflows/publish_api.yaml @@ -155,3 +155,4 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: docs + keep_files: true From 6988f61989efacff0f6a24f22672d865e59f571b Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 15 Jan 2025 18:01:55 +0100 Subject: [PATCH 02/11] owner -> actor --- .github/workflows/publish_api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_api.yaml b/.github/workflows/publish_api.yaml index 70dc50d71..adad86362 100644 --- a/.github/workflows/publish_api.yaml +++ b/.github/workflows/publish_api.yaml @@ -44,7 +44,7 @@ jobs: RANDOM=$(uuidgen) echo "RANDOM=${RANDOM}" >> $GITHUB_OUTPUT cd ${{ env.API_COLLECTOR_DIR }} - go run main.go -owner ${{ github.repository_owner }} -token ${{ secrets.GITHUB_TOKEN }} + go run main.go -owner ${{ github.actor }} -token ${{ secrets.GITHUB_TOKEN }} - name: Move multiple OpenAPI specs files in one directory into individual directories run: | # Find all directories containing multiple *.yaml or *.yml files From 005caee2b003f7bc1a8038507d697304440c4d39 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 15 Jan 2025 18:12:58 +0100 Subject: [PATCH 03/11] test --- src/api-collector/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/api-collector/main.go b/src/api-collector/main.go index c132301ae..182d76e77 100644 --- a/src/api-collector/main.go +++ b/src/api-collector/main.go @@ -111,9 +111,9 @@ func getAuthenticatedClient(ctx context.Context, gitToken string) *github.Client } func getOrgRepos(ctx context.Context, gitOwner string, client *github.Client) ([]*github.Repository, error) { - opt := &github.RepositoryListByOrgOptions{ - ListOptions: github.ListOptions{}, - } + opt := &github.RepositoryListOptions{ + Type: "owner", // Can also be "all" or "public" + } var allRepos []*github.Repository From b0a6aae1d3fbb9287e96c2fc78a1414670f58068 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 15 Jan 2025 18:18:02 +0100 Subject: [PATCH 04/11] revert --- .github/workflows/publish_api.yaml | 2 +- src/api-collector/main.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish_api.yaml b/.github/workflows/publish_api.yaml index adad86362..70dc50d71 100644 --- a/.github/workflows/publish_api.yaml +++ b/.github/workflows/publish_api.yaml @@ -44,7 +44,7 @@ jobs: RANDOM=$(uuidgen) echo "RANDOM=${RANDOM}" >> $GITHUB_OUTPUT cd ${{ env.API_COLLECTOR_DIR }} - go run main.go -owner ${{ github.actor }} -token ${{ secrets.GITHUB_TOKEN }} + go run main.go -owner ${{ github.repository_owner }} -token ${{ secrets.GITHUB_TOKEN }} - name: Move multiple OpenAPI specs files in one directory into individual directories run: | # Find all directories containing multiple *.yaml or *.yml files diff --git a/src/api-collector/main.go b/src/api-collector/main.go index 182d76e77..c132301ae 100644 --- a/src/api-collector/main.go +++ b/src/api-collector/main.go @@ -111,9 +111,9 @@ func getAuthenticatedClient(ctx context.Context, gitToken string) *github.Client } func getOrgRepos(ctx context.Context, gitOwner string, client *github.Client) ([]*github.Repository, error) { - opt := &github.RepositoryListOptions{ - Type: "owner", // Can also be "all" or "public" - } + opt := &github.RepositoryListByOrgOptions{ + ListOptions: github.ListOptions{}, + } var allRepos []*github.Repository From 9cbc12e27d10058b2219b76fa98e26af6ce79652 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johann=20Sch=C3=BCtz?= <147107265+jSchuetz88@users.noreply.github.com> Date: Wed, 15 Jan 2025 18:24:13 +0100 Subject: [PATCH 05/11] Update publish_api.yaml --- .github/workflows/publish_api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_api.yaml b/.github/workflows/publish_api.yaml index 70dc50d71..44504163e 100644 --- a/.github/workflows/publish_api.yaml +++ b/.github/workflows/publish_api.yaml @@ -44,7 +44,7 @@ jobs: RANDOM=$(uuidgen) echo "RANDOM=${RANDOM}" >> $GITHUB_OUTPUT cd ${{ env.API_COLLECTOR_DIR }} - go run main.go -owner ${{ github.repository_owner }} -token ${{ secrets.GITHUB_TOKEN }} + go run main.go -owner "eclipse-tractusx" -token ${{ secrets.GITHUB_TOKEN }} - name: Move multiple OpenAPI specs files in one directory into individual directories run: | # Find all directories containing multiple *.yaml or *.yml files From e9ff3b2da53296ba11f5d5c0962e1116857398df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johann=20Sch=C3=BCtz?= <147107265+jSchuetz88@users.noreply.github.com> Date: Wed, 15 Jan 2025 18:36:14 +0100 Subject: [PATCH 06/11] Update main.go --- src/api-collector/main.go | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/src/api-collector/main.go b/src/api-collector/main.go index c132301ae..6bf79fe42 100644 --- a/src/api-collector/main.go +++ b/src/api-collector/main.go @@ -111,25 +111,25 @@ func getAuthenticatedClient(ctx context.Context, gitToken string) *github.Client } func getOrgRepos(ctx context.Context, gitOwner string, client *github.Client) ([]*github.Repository, error) { - opt := &github.RepositoryListByOrgOptions{ - ListOptions: github.ListOptions{}, - } - - var allRepos []*github.Repository - - for { - repos, response, err := client.Repositories.ListByOrg(ctx, gitOwner, opt) - if err != nil { - return nil, err - } - allRepos = append(allRepos, repos...) - if response.NextPage == 0 { - break - } - opt.Page = response.NextPage - } - - return allRepos, nil + opt := &github.RepositoryListOptions{ + ListOptions: github.ListOptions{}, + } + + var allRepos []*github.Repository + + for { + repos, response, err := client.Repositories.List(ctx, gitOwner, opt) + if err != nil { + return nil, err + } + allRepos = append(allRepos, repos...) + if response.NextPage == 0 { + break + } + opt.Page = response.NextPage + } + + return allRepos, nil } func getAPISpecsUrlsFromMetadata(ctx context.Context, client *github.Client, owner string, repo string) ([]string, error) { From 97ee5af68b38659e5ba60b7c7cb5d8e98662a115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johann=20Sch=C3=BCtz?= <147107265+jSchuetz88@users.noreply.github.com> Date: Wed, 15 Jan 2025 18:39:19 +0100 Subject: [PATCH 07/11] Update publish_api.yaml --- .github/workflows/publish_api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_api.yaml b/.github/workflows/publish_api.yaml index 44504163e..70dc50d71 100644 --- a/.github/workflows/publish_api.yaml +++ b/.github/workflows/publish_api.yaml @@ -44,7 +44,7 @@ jobs: RANDOM=$(uuidgen) echo "RANDOM=${RANDOM}" >> $GITHUB_OUTPUT cd ${{ env.API_COLLECTOR_DIR }} - go run main.go -owner "eclipse-tractusx" -token ${{ secrets.GITHUB_TOKEN }} + go run main.go -owner ${{ github.repository_owner }} -token ${{ secrets.GITHUB_TOKEN }} - name: Move multiple OpenAPI specs files in one directory into individual directories run: | # Find all directories containing multiple *.yaml or *.yml files From 6c87166f0d285a875f000cc9e016cf710349ad62 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Mon, 28 Apr 2025 14:20:06 +0200 Subject: [PATCH 08/11] Update publish_api.yaml --- .github/workflows/publish_api.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish_api.yaml b/.github/workflows/publish_api.yaml index 70dc50d71..a188ae4d6 100644 --- a/.github/workflows/publish_api.yaml +++ b/.github/workflows/publish_api.yaml @@ -128,6 +128,7 @@ jobs: output: ${{ steps.determine_directory.outputs.DIR_PATH }}/swagger-ui spec-file: ${{ matrix.specs }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + version: "5.21.0" - name: Generate Directory Listings uses: jayanta525/github-pages-directory-listing@v4.0.0 with: From f53fdb2adb81044f6f8397b5f8ce3b05e3bcc366 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 13 May 2026 06:15:17 +0200 Subject: [PATCH 09/11] chore(migrate-action-version): migrate checkout version to SHA --- .github/workflows/dash-licence-check.yaml | 42 +++++++++++++++++++++++ .github/workflows/publish_api.yaml | 6 ++-- .github/workflows/trufflehog.yml | 2 +- 3 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/dash-licence-check.yaml diff --git a/.github/workflows/dash-licence-check.yaml b/.github/workflows/dash-licence-check.yaml new file mode 100644 index 000000000..97e563d78 --- /dev/null +++ b/.github/workflows/dash-licence-check.yaml @@ -0,0 +1,42 @@ +# ############################################################################# +# Copyright (c) 2025 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ############################################################################# +--- + +name: "3rd Party Dependency Check (Eclipse Dash Tool)" + +on: + pull_request: + +permissions: + contents: write + +jobs: + check-3rd-party-licences: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Build dash input + run: cp src/api-collector/go.sum dash-input.sum + - name: Run dash + id: run-dash + uses: eclipse-tractusx/sig-infra/.github/actions/run-dash@main + with: + dash_input: "dash-input.sum" + diff --git a/.github/workflows/publish_api.yaml b/.github/workflows/publish_api.yaml index a188ae4d6..b8609ecb4 100644 --- a/.github/workflows/publish_api.yaml +++ b/.github/workflows/publish_api.yaml @@ -34,7 +34,7 @@ jobs: outputs: specs_exists: ${{ steps.check_specs.outputs.exists }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/setup-go@v5 with: go-version-file: "${{ env.API_COLLECTOR_DIR }}/go.mod" @@ -87,7 +87,7 @@ jobs: outputs: specs: ${{ steps.create_specs_list.outputs.matrix }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download OpenAPI specs artifacts uses: actions/download-artifact@v4 with: @@ -105,7 +105,7 @@ jobs: strategy: matrix: ${{ fromJson(needs.generate_matrix.outputs.specs) }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download OpenAPI specs artifacts uses: actions/download-artifact@v4 with: diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index f13830f40..71d95293c 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -42,7 +42,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 # Ensure full clone for pull request workflows From d71992a2faff19e90ddc2a77da6ab26740abc91d Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 13 May 2026 06:47:01 +0200 Subject: [PATCH 10/11] chore(migrate-action-version): migrate checkout version to SHA From c716a7cfa050e2dd575f856d52f4dc808931e2d1 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 13 May 2026 06:55:51 +0200 Subject: [PATCH 11/11] chore(migrate-action-version): use SHA for actions/checkout --- .github/workflows/publish_api.yaml | 23 +++++++++++++---------- .github/workflows/trufflehog.yml | 4 ++-- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/.github/workflows/publish_api.yaml b/.github/workflows/publish_api.yaml index b8609ecb4..751a25eb2 100644 --- a/.github/workflows/publish_api.yaml +++ b/.github/workflows/publish_api.yaml @@ -34,8 +34,8 @@ jobs: outputs: specs_exists: ${{ steps.check_specs.outputs.exists }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-go@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@v6 with: go-version-file: "${{ env.API_COLLECTOR_DIR }}/go.mod" - name: Collect OpenAPI specs @@ -75,7 +75,7 @@ jobs: else echo "exists=false" >> $GITHUB_OUTPUT fi - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 if: steps.check_specs.outputs.exists == 'true' with: name: openapi-${{ steps.collect_specs.outputs.RANDOM }} @@ -87,9 +87,9 @@ jobs: outputs: specs: ${{ steps.create_specs_list.outputs.matrix }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download OpenAPI specs artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: docs pattern: openapi-* @@ -105,9 +105,9 @@ jobs: strategy: matrix: ${{ fromJson(needs.generate_matrix.outputs.specs) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download OpenAPI specs artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: docs pattern: openapi-* @@ -133,16 +133,18 @@ jobs: uses: jayanta525/github-pages-directory-listing@v4.0.0 with: FOLDER: ${{ steps.determine_directory.outputs.DIR_PATH }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: swagger-${{ steps.determine_directory.outputs.RANDOM }} path: docs deploy_swagger_ui: needs: generate_swagger_ui runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Download All Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: docs pattern: swagger-* @@ -155,5 +157,6 @@ jobs: uses: peaceiris/actions-gh-pages@v4 with: github_token: ${{ secrets.GITHUB_TOKEN }} + user_name: github-actions[bot] + user_email: 41898282+github-actions[bot]@users.noreply.github.com publish_dir: docs - keep_files: true diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 71d95293c..44aeb6309 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -42,13 +42,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Ensure full clone for pull request workflows - name: TruffleHog OSS id: trufflehog - uses: trufflesecurity/trufflehog@7e78ca385fb82c19568c7a4b341c97d57d9aa5e1 + uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 continue-on-error: true with: path: ./ # Scan the entire repository