From 6699733bc4a3e24a2a613652ac88a422b76ac8f2 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 20 Sep 2024 12:06:26 +1000 Subject: [PATCH 1/9] Fix version number not matched problem --- .github/actions/build_aws_eif/action.yaml | 11 +++++++++++ .github/workflows/publish-aws-nitro-eif.yaml | 3 +++ 2 files changed, 14 insertions(+) diff --git a/.github/actions/build_aws_eif/action.yaml b/.github/actions/build_aws_eif/action.yaml index d37b91a26..f97e60f18 100644 --- a/.github/actions/build_aws_eif/action.yaml +++ b/.github/actions/build_aws_eif/action.yaml @@ -17,6 +17,9 @@ inputs: version_number_input: description: If set, the version number will not be incremented and the given number will be used. default: '' + new_version: + description: The new version that will be used to build the EIF. NOTE This will only be set when version_number_input == ''. + default: '' outputs: enclave_id: @@ -77,10 +80,18 @@ runs: - name: Get version number from pom.xml shell: bash + if: ${{ inputs.version_number_input != '' }} run: | grep -o '.*' ./pom.xml | head -1 | sed 's/\(.*\)<\/version>/\1/' > ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt cat ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt + - name: Get version number from inputs + shell: bash + if: ${{ inputs.version_number_input == '' }} && ${{ inputs.new_version != '' }} + run: | + echo ${{ inputs.new_version }} > ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt + cat ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt + - name: Build EIF shell: bash run: | diff --git a/.github/workflows/publish-aws-nitro-eif.yaml b/.github/workflows/publish-aws-nitro-eif.yaml index 89b45991d..6e5a420ee 100644 --- a/.github/workflows/publish-aws-nitro-eif.yaml +++ b/.github/workflows/publish-aws-nitro-eif.yaml @@ -62,6 +62,7 @@ jobs: amazonlinux_dockerfile: ./scripts/aws/pipeline/amazonlinux2023.Dockerfile makefile: Makefile.eif version_number_input: ${{ inputs.version_number_input }} + new_version: ${{ needs.start.outputs.new_version }} - name: Check disk usage shell: bash @@ -96,6 +97,8 @@ jobs: artifacts_base_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid amazonlinux_dockerfile: ./scripts/aws/pipeline/amazonlinux2023.Dockerfile makefile: Makefile.eif + version_number_input: ${{ inputs.version_number_input }} + new_version: ${{ needs.start.outputs.new_version }} - name: Check disk usage shell: bash From 8cc564644a8c171aa69c1db013b51914e78f4366 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 20 Sep 2024 12:14:43 +1000 Subject: [PATCH 2/9] Use kcc-UID2-4116-fix-euid-version-problem --- .github/workflows/publish-aws-nitro-eif.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-aws-nitro-eif.yaml b/.github/workflows/publish-aws-nitro-eif.yaml index 6e5a420ee..8ff878899 100644 --- a/.github/workflows/publish-aws-nitro-eif.yaml +++ b/.github/workflows/publish-aws-nitro-eif.yaml @@ -55,7 +55,7 @@ jobs: steps: - name: Build UID2 AWS EIF id: build_uid2_eif - uses: IABTechLab/uid2-operator/.github/actions/build_aws_eif@main + uses: IABTechLab/uid2-operator/.github/actions/build_aws_eif@kcc-UID2-4116-fix-euid-version-problem with: identity_scope: uid2 artifacts_base_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2 @@ -91,7 +91,7 @@ jobs: steps: - name: Build EUID AWS EIF id: build_euid_eif - uses: IABTechLab/uid2-operator/.github/actions/build_aws_eif@main + uses: IABTechLab/uid2-operator/.github/actions/build_aws_eif@kcc-UID2-4116-fix-euid-version-problem with: identity_scope: euid artifacts_base_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid From 4414aed8759f4dea9081e3fd5b68380f82a30dcc Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 20 Sep 2024 14:54:37 +1000 Subject: [PATCH 3/9] Use commit hash --- .github/actions/build_aws_eif/action.yaml | 28 ++++--------------- .../update_operator_version/action.yaml | 26 +++++++++++++++-- .github/workflows/publish-all-operators.yaml | 9 ++++-- .github/workflows/publish-aws-nitro-eif.yaml | 14 ++++++---- .../publish-azure-cc-enclave-docker.yaml | 3 ++ .../publish-gcp-oidc-enclave-docker.yaml | 3 ++ 6 files changed, 52 insertions(+), 31 deletions(-) diff --git a/.github/actions/build_aws_eif/action.yaml b/.github/actions/build_aws_eif/action.yaml index f97e60f18..f17523a44 100644 --- a/.github/actions/build_aws_eif/action.yaml +++ b/.github/actions/build_aws_eif/action.yaml @@ -17,8 +17,8 @@ inputs: version_number_input: description: If set, the version number will not be incremented and the given number will be used. default: '' - new_version: - description: The new version that will be used to build the EIF. NOTE This will only be set when version_number_input == ''. + commit_sha: + description: The commit SHA for committing the new version for pom.xml. default: '' outputs: @@ -30,18 +30,10 @@ runs: using: "composite" steps: - - name: Checkout full history on Main + - name: Checkout full history at commit sha ${{ inputs.commit_sha }} uses: actions/checkout@v4 - if: ${{ inputs.version_number_input == '' }} with: - # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. - fetch-depth: 0 - - - name: Checkout full history at tag v${{ inputs.version_number_input }} - uses: actions/checkout@v4 - if: ${{ inputs.version_number_input != '' }} - with: - ref: v${{ inputs.version_number_input }} + ref: ${{ inputs.commit_sha }} # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout. fetch-depth: 0 @@ -78,18 +70,10 @@ runs: echo "${{ inputs.identity_scope }}" | tr '[:lower:]' '[:upper:]' > ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/identity_scope.txt cat ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/identity_scope.txt - - name: Get version number from pom.xml - shell: bash - if: ${{ inputs.version_number_input != '' }} - run: | - grep -o '.*' ./pom.xml | head -1 | sed 's/\(.*\)<\/version>/\1/' > ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt - cat ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt - - - name: Get version number from inputs + - name: Get version number shell: bash - if: ${{ inputs.version_number_input == '' }} && ${{ inputs.new_version != '' }} run: | - echo ${{ inputs.new_version }} > ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt + echo ${{ inputs.version_number_input }} > ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt cat ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt - name: Build EIF diff --git a/.github/actions/update_operator_version/action.yaml b/.github/actions/update_operator_version/action.yaml index b681e01b9..76e9bfbd1 100644 --- a/.github/actions/update_operator_version/action.yaml +++ b/.github/actions/update_operator_version/action.yaml @@ -10,6 +10,9 @@ inputs: default: '' image_tag_suffix: description: Suffix to apply to the docker image tag + commit_sha: + description: The commit SHA for committing the new version for pom.xml. + default: '' outputs: @@ -22,6 +25,9 @@ outputs: image_tag: description: The tag to use for the docker image value: ${{ steps.updatePom.outputs.image_tag }} + commit_sha: + description: The commit SHA for committing the new version for pom.xml + value: ${{ steps.get-commit-sha.outputs.commit_sha }} runs: using: "composite" @@ -92,20 +98,36 @@ runs: echo "image_tag=${{ steps.version.outputs.new_version }}-${{ inputs.image_tag_suffix }}" >> $GITHUB_OUTPUT - name: Commit pom.xml and version.json + id: commit-without-tag if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release != 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v2 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@kcc-UID2-4116-fix-euid-version-problem with: add: 'pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' - name: Commit pom.xml, version.json and set tag + id: commit-and-tag if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release == 'true' }} - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v2 + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@kcc-UID2-4116-fix-euid-version-problem with: add: 'pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' tag: v${{ steps.version.outputs.new_version }} + - name: Get value of commit_sha + id: get-commit-sha + shell: bash + run: | + if [[ "${{ inputs.commit_sha }}" != "" ]]; then + echo "commit_sha=${{ inputs.commit_sha }}" >> $GITHUB_OUTPUT + elif [[ ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release != 'true' }} ]]; then + echo "commit_sha=${{ steps.commit-without-tag.outputs.commit_sha }}" >> $GITHUB_OUTPUT + elif [[ ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release == 'true' }} ]]; then + echo "commit_sha=${{ steps.commit-and-tag.outputs.commit_sha }}" >> $GITHUB_OUTPUT + else + echo "ERROR: Can't determine commit_sha" + fi + - name: Check disk usage shell: bash run: | diff --git a/.github/workflows/publish-all-operators.yaml b/.github/workflows/publish-all-operators.yaml index 6bf496f1e..a4c679b67 100644 --- a/.github/workflows/publish-all-operators.yaml +++ b/.github/workflows/publish-all-operators.yaml @@ -24,6 +24,7 @@ jobs: runs-on: ubuntu-latest outputs: new_version: ${{ steps.version.outputs.new_version }} + commit_sha: ${{ steps.commit-and-tag.outputs.commit_sha }} steps: - name: Approve Major release if: inputs.release_type == 'Major' @@ -73,12 +74,13 @@ jobs: echo "Version number updated from $current_version to $new_version" - name: Commit pom.xml, version.json and set tag - uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v2 + id: commit-and-tag + uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@kcc-UID2-4116-fix-euid-version-problem with: add: 'pom.xml version.json' message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' tag: v${{ steps.version.outputs.new_version }} - + buildPublic: name: Public Operator needs: start @@ -96,6 +98,7 @@ jobs: with: release_type: ${{ inputs.release_type }} version_number_input: ${{ needs.start.outputs.new_version }} + commit_sha: ${{ needs.start.outputs.commit_sha }} vulnerability_severity: ${{ inputs.vulnerability_severity }} secrets: inherit @@ -106,6 +109,7 @@ jobs: with: release_type: ${{ inputs.release_type }} version_number_input: ${{ needs.start.outputs.new_version }} + commit_sha: ${{ needs.start.outputs.commit_sha }} vulnerability_severity: ${{ inputs.vulnerability_severity }} secrets: inherit @@ -116,6 +120,7 @@ jobs: with: release_type: ${{ inputs.release_type }} version_number_input: ${{ needs.start.outputs.new_version }} + commit_sha: ${{ needs.start.outputs.commit_sha }} secrets: inherit createRelease: diff --git a/.github/workflows/publish-aws-nitro-eif.yaml b/.github/workflows/publish-aws-nitro-eif.yaml index 8ff878899..05ae1420e 100644 --- a/.github/workflows/publish-aws-nitro-eif.yaml +++ b/.github/workflows/publish-aws-nitro-eif.yaml @@ -15,6 +15,9 @@ on: description: If set, the version number will not be incremented and the given number will be used. type: string default: '' + commit_sha: + description: The commit SHA for committing the new version for pom.xml. + default: '' workflow_call: inputs: release_type: @@ -37,7 +40,7 @@ jobs: steps: - name: Update Operator Version id: update_version - uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@main + uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@kcc-UID2-4116-fix-euid-version-problem with: release_type: ${{ inputs.release_type }} version_number_input: ${{ inputs.version_number_input }} @@ -47,6 +50,7 @@ jobs: new_version: ${{ steps.update_version.outputs.new_version }} is_release: ${{ steps.update_version.outputs.is_release }} image_tag: ${{ steps.update_version.outputs.image_tag }} + commit_sha: ${{ steps.update_version.outputs.commit_sha }} buildUID2EIF: name: Build UID2 EIF @@ -61,8 +65,8 @@ jobs: artifacts_base_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2 amazonlinux_dockerfile: ./scripts/aws/pipeline/amazonlinux2023.Dockerfile makefile: Makefile.eif - version_number_input: ${{ inputs.version_number_input }} - new_version: ${{ needs.start.outputs.new_version }} + version_number_input: ${{ needs.start.outputs.new_version }} + commit_sha: ${{ needs.start.outputs.commit_sha }} - name: Check disk usage shell: bash @@ -97,8 +101,8 @@ jobs: artifacts_base_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid amazonlinux_dockerfile: ./scripts/aws/pipeline/amazonlinux2023.Dockerfile makefile: Makefile.eif - version_number_input: ${{ inputs.version_number_input }} - new_version: ${{ needs.start.outputs.new_version }} + version_number_input: ${{ needs.start.outputs.new_version }} + commit_sha: ${{ needs.start.outputs.commit_sha }} - name: Check disk usage shell: bash diff --git a/.github/workflows/publish-azure-cc-enclave-docker.yaml b/.github/workflows/publish-azure-cc-enclave-docker.yaml index 9a62785dc..6ef313aba 100644 --- a/.github/workflows/publish-azure-cc-enclave-docker.yaml +++ b/.github/workflows/publish-azure-cc-enclave-docker.yaml @@ -15,6 +15,9 @@ on: description: If set, the version number will not be incremented and the given number will be used. type: string default: '' + commit_sha: + description: The commit SHA for committing the new version for pom.xml. + default: '' vulnerability_severity: description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. type: choice diff --git a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml index 705dfb1c9..98b211ab6 100644 --- a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml +++ b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml @@ -15,6 +15,9 @@ on: description: If set, the version number will not be incremented and the given number will be used. type: string default: '' + commit_sha: + description: The commit SHA for committing the new version for pom.xml. + default: '' vulnerability_severity: description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. type: choice From f437723e80b4315e5b65f936617d4f836dd1533d Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 20 Sep 2024 15:23:50 +1000 Subject: [PATCH 4/9] Use kcc-UID2-4116-fix-euid-version-problem for gcp and azure --- .github/workflows/publish-azure-cc-enclave-docker.yaml | 2 +- .github/workflows/publish-gcp-oidc-enclave-docker.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-azure-cc-enclave-docker.yaml b/.github/workflows/publish-azure-cc-enclave-docker.yaml index 6ef313aba..99afbc7ae 100644 --- a/.github/workflows/publish-azure-cc-enclave-docker.yaml +++ b/.github/workflows/publish-azure-cc-enclave-docker.yaml @@ -71,7 +71,7 @@ jobs: steps: - name: Update Operator Version id: update_version - uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@main + uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@kcc-UID2-4116-fix-euid-version-problem with: release_type: ${{ inputs.release_type }} version_number_input: ${{ inputs.version_number_input }} diff --git a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml index 98b211ab6..854494fe3 100644 --- a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml +++ b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml @@ -72,7 +72,7 @@ jobs: steps: - name: Update Operator Version id: update_version - uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@main + uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@kcc-UID2-4116-fix-euid-version-problem with: release_type: ${{ inputs.release_type }} version_number_input: ${{ inputs.version_number_input }} From 458541477929914bf2d364d645c3d21e49d1d484 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 20 Sep 2024 15:26:42 +1000 Subject: [PATCH 5/9] Use commit_sha only for workflow_call --- .github/workflows/publish-aws-nitro-eif.yaml | 7 ++++--- .github/workflows/publish-azure-cc-enclave-docker.yaml | 7 ++++--- .github/workflows/publish-gcp-oidc-enclave-docker.yaml | 7 ++++--- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish-aws-nitro-eif.yaml b/.github/workflows/publish-aws-nitro-eif.yaml index 05ae1420e..a3bcc957a 100644 --- a/.github/workflows/publish-aws-nitro-eif.yaml +++ b/.github/workflows/publish-aws-nitro-eif.yaml @@ -15,9 +15,6 @@ on: description: If set, the version number will not be incremented and the given number will be used. type: string default: '' - commit_sha: - description: The commit SHA for committing the new version for pom.xml. - default: '' workflow_call: inputs: release_type: @@ -28,6 +25,9 @@ on: description: If set, the version number will not be incremented and the given number will be used. type: string default: '' + commit_sha: + description: The commit SHA for committing the new version for pom.xml. + default: '' env: ENCLAVE_PROTOCOL: aws-nitro @@ -45,6 +45,7 @@ jobs: release_type: ${{ inputs.release_type }} version_number_input: ${{ inputs.version_number_input }} image_tag_suffix: ${{ env.ENCLAVE_PROTOCOL }} + image_sha: ${{ inputs.image_sha }} outputs: new_version: ${{ steps.update_version.outputs.new_version }} diff --git a/.github/workflows/publish-azure-cc-enclave-docker.yaml b/.github/workflows/publish-azure-cc-enclave-docker.yaml index 99afbc7ae..496451577 100644 --- a/.github/workflows/publish-azure-cc-enclave-docker.yaml +++ b/.github/workflows/publish-azure-cc-enclave-docker.yaml @@ -15,9 +15,6 @@ on: description: If set, the version number will not be incremented and the given number will be used. type: string default: '' - commit_sha: - description: The commit SHA for committing the new version for pom.xml. - default: '' vulnerability_severity: description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. type: choice @@ -36,6 +33,9 @@ on: description: If set, the version number will not be incremented and the given number will be used. type: string default: '' + commit_sha: + description: The commit SHA for committing the new version for pom.xml. + default: '' vulnerability_severity: description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. Must be one of ['CRITICAL', 'CRITICAL,HIGH' or 'CRITICAL,HIGH,MEDIUM'] (without space in between). type: string @@ -76,6 +76,7 @@ jobs: release_type: ${{ inputs.release_type }} version_number_input: ${{ inputs.version_number_input }} image_tag_suffix: ${{ env.ENCLAVE_PROTOCOL }} + image_sha: ${{ inputs.image_sha }} - name: Set up JDK uses: actions/setup-java@v4 diff --git a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml index 854494fe3..0959bdff6 100644 --- a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml +++ b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml @@ -15,9 +15,6 @@ on: description: If set, the version number will not be incremented and the given number will be used. type: string default: '' - commit_sha: - description: The commit SHA for committing the new version for pom.xml. - default: '' vulnerability_severity: description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. type: choice @@ -35,6 +32,9 @@ on: description: If set, the version number will not be incremented and the given number will be used. type: string default: '' + commit_sha: + description: The commit SHA for committing the new version for pom.xml. + default: '' vulnerability_severity: description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. Must be one of ['CRITICAL', 'CRITICAL,HIGH' or 'CRITICAL,HIGH,MEDIUM'] (without space in between). type: string @@ -77,6 +77,7 @@ jobs: release_type: ${{ inputs.release_type }} version_number_input: ${{ inputs.version_number_input }} image_tag_suffix: ${{ env.ENCLAVE_PROTOCOL }} + image_sha: ${{ inputs.image_sha }} - name: Set up JDK uses: actions/setup-java@v4 From 1d13c1e08e91e4566aa240e1248992cd680a14cd Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 20 Sep 2024 15:35:03 +1000 Subject: [PATCH 6/9] Add type: string to commit_sha --- .github/workflows/publish-aws-nitro-eif.yaml | 1 + .github/workflows/publish-azure-cc-enclave-docker.yaml | 1 + .github/workflows/publish-gcp-oidc-enclave-docker.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/publish-aws-nitro-eif.yaml b/.github/workflows/publish-aws-nitro-eif.yaml index a3bcc957a..dfbe29308 100644 --- a/.github/workflows/publish-aws-nitro-eif.yaml +++ b/.github/workflows/publish-aws-nitro-eif.yaml @@ -27,6 +27,7 @@ on: default: '' commit_sha: description: The commit SHA for committing the new version for pom.xml. + type: string default: '' env: diff --git a/.github/workflows/publish-azure-cc-enclave-docker.yaml b/.github/workflows/publish-azure-cc-enclave-docker.yaml index 496451577..1bbc426a8 100644 --- a/.github/workflows/publish-azure-cc-enclave-docker.yaml +++ b/.github/workflows/publish-azure-cc-enclave-docker.yaml @@ -35,6 +35,7 @@ on: default: '' commit_sha: description: The commit SHA for committing the new version for pom.xml. + type: string default: '' vulnerability_severity: description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. Must be one of ['CRITICAL', 'CRITICAL,HIGH' or 'CRITICAL,HIGH,MEDIUM'] (without space in between). diff --git a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml index 0959bdff6..50241eaeb 100644 --- a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml +++ b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml @@ -34,6 +34,7 @@ on: default: '' commit_sha: description: The commit SHA for committing the new version for pom.xml. + type: string default: '' vulnerability_severity: description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. Must be one of ['CRITICAL', 'CRITICAL,HIGH' or 'CRITICAL,HIGH,MEDIUM'] (without space in between). From 1b1aae008c0537a9e8925684fd9fabca8ade94b1 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 20 Sep 2024 16:00:39 +1000 Subject: [PATCH 7/9] Replace image_sha with commit_sha --- .github/workflows/publish-aws-nitro-eif.yaml | 2 +- .github/workflows/publish-azure-cc-enclave-docker.yaml | 2 +- .github/workflows/publish-gcp-oidc-enclave-docker.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-aws-nitro-eif.yaml b/.github/workflows/publish-aws-nitro-eif.yaml index dfbe29308..cc91fcecb 100644 --- a/.github/workflows/publish-aws-nitro-eif.yaml +++ b/.github/workflows/publish-aws-nitro-eif.yaml @@ -46,7 +46,7 @@ jobs: release_type: ${{ inputs.release_type }} version_number_input: ${{ inputs.version_number_input }} image_tag_suffix: ${{ env.ENCLAVE_PROTOCOL }} - image_sha: ${{ inputs.image_sha }} + commit_sha: ${{ inputs.commit_sha }} outputs: new_version: ${{ steps.update_version.outputs.new_version }} diff --git a/.github/workflows/publish-azure-cc-enclave-docker.yaml b/.github/workflows/publish-azure-cc-enclave-docker.yaml index 1bbc426a8..3e4d07aa0 100644 --- a/.github/workflows/publish-azure-cc-enclave-docker.yaml +++ b/.github/workflows/publish-azure-cc-enclave-docker.yaml @@ -77,7 +77,7 @@ jobs: release_type: ${{ inputs.release_type }} version_number_input: ${{ inputs.version_number_input }} image_tag_suffix: ${{ env.ENCLAVE_PROTOCOL }} - image_sha: ${{ inputs.image_sha }} + commit_sha: ${{ inputs.commit_sha }} - name: Set up JDK uses: actions/setup-java@v4 diff --git a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml index 50241eaeb..b33e0a619 100644 --- a/.github/workflows/publish-gcp-oidc-enclave-docker.yaml +++ b/.github/workflows/publish-gcp-oidc-enclave-docker.yaml @@ -78,7 +78,7 @@ jobs: release_type: ${{ inputs.release_type }} version_number_input: ${{ inputs.version_number_input }} image_tag_suffix: ${{ env.ENCLAVE_PROTOCOL }} - image_sha: ${{ inputs.image_sha }} + commit_sha: ${{ inputs.commit_sha }} - name: Set up JDK uses: actions/setup-java@v4 From ca0e55e39cdf5e73043618b2d4a57ddb22f9fc05 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Fri, 20 Sep 2024 06:01:54 +0000 Subject: [PATCH 8/9] [CI Pipeline] Released Snapshot version: 5.39.35-alpha-6-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0ca0d7c0b..9fabc1b59 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.39.34 + 5.39.35-alpha-6-SNAPSHOT UTF-8 From 9d837e6800384172ba9a52c36368a6354010ef74 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Fri, 20 Sep 2024 06:06:19 +0000 Subject: [PATCH 9/9] [CI Pipeline] Released Snapshot version: 5.39.36-alpha-150-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9fabc1b59..85845eadc 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.39.35-alpha-6-SNAPSHOT + 5.39.36-alpha-150-SNAPSHOT UTF-8