push v0.1.0

Author: sbe-arg

.github/ISSUE_TEMPLATE/bug.md

@@ -0,0 +1,13 @@
+---
+name: Bug submission
+about: There is a problem with the action
+title: ''
+labels: 'bug'
+assignees: ''
+---
+
+**What is the problem you are experiencing? Please describe.**
+A clear and concise description of what the problem you are experiencing is.
+
+**Paste your runner logs here**
+A clear and concise description of what you want to happen.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,13 @@
+---
+name: Feature request
+about: I need additional functionality
+title: ''
+labels: 'feature'
+assignees: ''
+---
+
+**What are you proposing we add or change? Please describe.**
+A clear and concise description of what the end result of this request looks like.
+
+**Additional context**
+Anything else to add.

.github/dependabot.yaml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/pull_request_template.md

@@ -0,0 +1,21 @@
+<!--- Provide a general summary of your changes in the Title above -->
+<!--- See [CONTRIBUTING.md](CONTRIBUTING.md). -->
+# Summary of changes
+
+<!--- Describe your changes -->
+
+# Does it keep it simple?
+
+(**YES** / NO)
+
+## Breaking Changes?
+
+(**YES** / NO)
+
+## How changes have been tested?, link to your runs
+
+-
+
+## Any unknowns or heads ups?
+
+-

.github/workflows/dependency-review.yml

@@ -0,0 +1,19 @@
+name: dependency-review
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+
+  dependency-review:
+    runs-on: ubuntu-22.04
+    steps:
+
+      - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+      - uses: actions/dependency-review-action@7d90b4f05fea31dde1c4a1fb3fa787e197ea93ab # v3.0.7

.github/workflows/scorecard.yml

@@ -0,0 +1,51 @@
+name: scorecard
+on:
+  schedule:
+    - cron: '00 1 * * 1'
+  push:
+    branches: [ "master" ]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.repository }}/${{ github.workflow }}/${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+
+    steps:
+      - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          persist-credentials: false
+
+      - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          publish_results: true
+
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      - uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        with:
+          sarif_file: results.sarif

.github/workflows/simple.yml

@@ -0,0 +1,36 @@
+name: tag-and-release
+
+on:
+  push:
+    branches:
+      - master
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.repository }}/${{ github.workflow }}/${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+
+  flow:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+    steps:
+      - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: '0'
+
+      - name: simple-tag-and-release
+        uses: sbe-arg/simple-tags-and-releases@fd774635aa3f4ea19faab61ad46a36e6c165ed24 # v0.3.2
+        with:
+          autogenerated_notes: 'true'
+          version_file: 'VERSION'
+        env:
+          GH_TOKEN: ${{ github.token }}

.github/workflows/version-reminder.yml

@@ -0,0 +1,69 @@
+name: version-reminder
+
+on:
+  pull_request:
+    types:
+      - opened
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.repository }}/${{ github.workflow }}/${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  version-reminder:
+    name: version-reminder
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    permissions:
+      pull-requests: write
+
+    steps:
+      - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: master
+
+      - name: version-check
+        id: version_check
+        if: hashFiles('VERSION')
+        run: |
+          VERSION_FILE="VERSION"
+          setOutput() {
+            echo "${1}=${2}" >> "${GITHUB_OUTPUT}"
+          }
+          git fetch origin master
+          if ! git diff --unified=0 origin/master.. -- $VERSION_FILE | grep '^[+-]' | grep -i "version" >/dev/null
+          then
+            echo "remind bumping"
+            setOutput "remind" 'true'
+          else
+            echo "version is being BUMPED $(cat $VERSION_FILE)"
+            setOutput "remind" 'false'
+          fi
+
+      - name: version-reminder-comment
+        if: hashFiles('VERSION') && steps.version_check.outputs.remind == 'true'
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const backtick = '`';
+            const body = `
+            ### :bulb: **Don't forget to bump the VERSION file**
+
+            By bumping the version in ${backtick}VERSION${backtick} file, we trigger a repo TAG and repo RELEASE, else nothing happens.
+            `.trim();
+
+            github.rest.issues.createComment({
+              issue_number: context.payload.pull_request.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body
+            });

CONTRIBUTING.md

@@ -0,0 +1,6 @@
+## how to contribute
+
+- fork edit action.yml
+- test locally point to your own fork
+- open pr, link to runs from your fork
+- explain in the pr why is keeping things simple while adding value

LICENSE.md

@@ -0,0 +1,22 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2023 Santiago Bernhardt
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1 +1,72 @@
 # simple-compose-service-updates
+
+## USAGE
+
+```yaml
+with:
+  default_branch: 'main|master|other' # defaults to 'master'
+  skips: 'mongodb:6' # defaults to '', example: 'skip:1,other:3'
+```
+
+```yaml
+name: compose-service-updates
+
+on:
+  push:
+    branches:
+      - master
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+
+  flow:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: '0'
+
+      - name: setup-git
+        run: |
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "[email protected]"
+
+      - name: simple-compose-service-updates
+        uses: sbe-arg/[email protected] # use sha pinning when possible
+        with:
+          default_branch: 'main'
+          skips: 'mongodb:6,postgresql-repmgr:15' # examples
+        env:
+          GH_TOKEN: ${{ github.token }} # required
+```
+
+## requirements:
+
+- your compose files must be on your repo root.
+- your compose files must match '\*compose\*.yaml' or '\*compose\*.yml'
+- your images in compose files must include the full registry: 
+  - docker.io/somecompany/theimage:x.x.x
+  - mcr.microsoft.com/part/theimage:x.x.x
+
+## what for:
+
+- find compose services and bump them using prs
+
+## supported registries
+
+- dockerhub
+- microsoft mcr
+- other? open an issue or open pr
+
+## what does it look like
+
+- runs: [link](https://github.com/sbe-arg/simple-compose-service-updates/actions/workflows/simple.yml)
+- releases: [link](https://github.com/sbe-arg/simple-compose-service-updates/releases)
+- tags: [link](https://github.com/sbe-arg/simple-compose-service-updates/tags)

SECURITY.md

@@ -0,0 +1,4 @@
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities via issues **[advisory](https://github.com/sbe-arg/simple-compose-service-updates/security/advisories/new)** this allows transparent disclosure.
+If the issue is valid and accepted, we will release a patch as soon as possible depending on complexity but ideally within 30 days.

VERSION

@@ -0,0 +1 @@
+v0.1.0

action.yml

@@ -0,0 +1,21 @@
+name: 'Simple compose service updates'
+description: 'Simple compose service update process for your repos'
+inputs:
+  default_branch: 
+    description: 'Path to file'
+    required: false
+    default: 'master'
+  skips:
+    description: 'Skip some services'
+    required: false
+    default: ''
+runs:
+  using: composite
+  steps:
+    - name: compose service updates
+      shell: bash
+      run: |
+        default_branch=${{ inputs.default_branch }}
+        skips=${{ inputs.skips }}
+
+        ${{ github.action_path }}/bin/pincher.sh "$default_branch" "$skips"