[PATCH 3/4] dump: Use 2 spaces as indention in generated yaml
6 views
Skip to first unread message
Jan Kiszka
Mar 26, 2026, 8:28:10 AMMar 26
to kas-...@googlegroups.com
From: Jan Kiszka <jan.k...@siemens.com>
This is community standard.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
kas/plugins/dump.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kas/plugins/dump.py b/kas/plugins/dump.py
index bdbaf32..8b13818 100644
--- a/kas/plugins/dump.py
+++ b/kas/plugins/dump.py
@@ -156,8 +156,8 @@ class Dump(Checkout):
def setup_parser_format_args(parser):
parser.add_argument('--indent',
type=int,
- default=4,
- help='Line indent (# of spaces, default: 4)')
+ default=2,
+ help='Line indent (# of spaces, default: 2)')
parser.add_argument('--sort',
action='store_true',
default=False,
--
2.47.3
This is community standard.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
kas/plugins/dump.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kas/plugins/dump.py b/kas/plugins/dump.py
index bdbaf32..8b13818 100644
--- a/kas/plugins/dump.py
+++ b/kas/plugins/dump.py
@@ -156,8 +156,8 @@ class Dump(Checkout):
def setup_parser_format_args(parser):
parser.add_argument('--indent',
type=int,
- default=4,
- help='Line indent (# of spaces, default: 4)')
+ default=2,
+ help='Line indent (# of spaces, default: 2)')
parser.add_argument('--sort',
action='store_true',
default=False,
--
2.47.3
Jan Kiszka
Mar 26, 2026, 8:28:10 AMMar 26
to kas-...@googlegroups.com
See patches for details.
Jan
Jan Kiszka (4):
repos: Warn about repos with branches but without commit or lock file
tests: Check if branch without commit warning works
dump: Use 2 spaces as indention in generated yaml
ci: Update actions
.github/actions/docker-init/action.yml | 10 +++++-----
.github/actions/perform-tests/action.yml | 2 +-
.github/workflows/master.yml | 6 +++---
.github/workflows/next.yml | 14 +++++++-------
.github/workflows/release.yml | 6 +++---
kas/plugins/dump.py | 4 ++--
kas/repos.py | 13 +++++++++----
tests/test_refspec.py | 18 +++++++++++++++++-
8 files changed, 47 insertions(+), 26 deletions(-)
--
2.47.3
Jan
Jan Kiszka (4):
repos: Warn about repos with branches but without commit or lock file
tests: Check if branch without commit warning works
dump: Use 2 spaces as indention in generated yaml
ci: Update actions
.github/actions/docker-init/action.yml | 10 +++++-----
.github/actions/perform-tests/action.yml | 2 +-
.github/workflows/master.yml | 6 +++---
.github/workflows/next.yml | 14 +++++++-------
.github/workflows/release.yml | 6 +++---
kas/plugins/dump.py | 4 ++--
kas/repos.py | 13 +++++++++----
tests/test_refspec.py | 18 +++++++++++++++++-
8 files changed, 47 insertions(+), 26 deletions(-)
--
2.47.3
Jan Kiszka
Mar 26, 2026, 8:28:12 AMMar 26
to kas-...@googlegroups.com
From: Jan Kiszka <jan.k...@siemens.com>
This resolves warnings about outdated node.js.
While at it:
- use hashes, rather than major version pinnings for stronger
supply-chain security
- switch to actions/attest for which attest-build-provenance is now
just a wrapper
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index 3f6df3b..27afa21 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -26,12 +26,12 @@ runs:
sudo dpkg -i ${QEMU_USER_STATIC_PACKAGE}
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
+ uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
with:
driver-opts: image=moby/buildkit:v0.16.0
- name: Login to ghcr.io
- uses: docker/login-action@v3
+ uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.
with:
registry: ghcr.io
username: ${{ inputs.deploy-user }}
@@ -85,7 +85,7 @@ runs:
- name: Extract metadata
id: meta
- uses: docker/metadata-action@v5
+ uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v5.0.0
with:
annotations: |
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
@@ -98,7 +98,7 @@ runs:
- name: Cache apt
id: cache-apt
- uses: actions/cache@v4
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
var-cache-apt
@@ -106,7 +106,7 @@ runs:
key: cache-apt-${{ env.DEBIAN_TAG }}-${{ inputs.image-name }}
- name: Inject cache into docker
- uses: reproducible-containers/buildkit-cache-dance@5b6db76d1da5c8b307d5d2e0706d266521b710de #v3.1.2
+ uses: reproducible-containers/buildkit-cache-dance@1b8ab18fbda5ad3646e3fcc9ed9dd41ce2f297b4 #v3.3.2
with:
cache-map: |
{
diff --git a/.github/actions/perform-tests/action.yml b/.github/actions/perform-tests/action.yml
index f728f6f..cdef2a4 100644
--- a/.github/actions/perform-tests/action.yml
+++ b/.github/actions/perform-tests/action.yml
@@ -7,7 +7,7 @@ runs:
using: composite
steps:
- name: Set up Python
- uses: actions/setup-python@v5
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ inputs.python-version }}
architecture: x64
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index eabc559..2839b20 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -20,7 +20,7 @@ jobs:
distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set up docker build
@@ -31,7 +31,7 @@ jobs:
image-name: ${{ matrix.image-name }}
distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
@@ -47,7 +47,7 @@ jobs:
ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-${{ matrix.distro-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index 3ff9f46..d4871c6 100644
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install Checkcode dependencies
run: |
pip install flake8 pycodestyle doc8 Pygments
@@ -40,7 +40,7 @@ jobs:
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: PyTest
uses: ./.github/actions/perform-tests
with:
@@ -63,7 +63,7 @@ jobs:
distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up docker build
uses: ./.github/actions/docker-init
with:
@@ -73,7 +73,7 @@ jobs:
distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
context: /home/runner/kas-clone
target: ${{ matrix.image-name }}
@@ -109,7 +109,7 @@ jobs:
fi
- name: Complete build and deploy ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
@@ -126,7 +126,7 @@ jobs:
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
@@ -143,7 +143,7 @@ jobs:
matrix:
image-name: ["kas", "kas-isar"]
steps:
- - uses: dataaxiom/ghcr-cleanup-action@98b4022383d6ddb70ccbf6a378b4d8c67a60f066 #v1.0.13
+ - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4 # v1.0.16
with:
dry-run: false
validate: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4583e2f..0c6b57d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,7 +20,7 @@ jobs:
distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Get release
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Set up docker build
@@ -33,7 +33,7 @@ jobs:
- name: Find latest tag
run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
@@ -50,7 +50,7 @@ jobs:
${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
--
2.47.3
This resolves warnings about outdated node.js.
While at it:
- use hashes, rather than major version pinnings for stronger
supply-chain security
- switch to actions/attest for which attest-build-provenance is now
just a wrapper
.github/actions/docker-init/action.yml | 10 +++++-----
.github/actions/perform-tests/action.yml | 2 +-
.github/workflows/master.yml | 6 +++---
.github/workflows/next.yml | 14 +++++++-------
.github/workflows/release.yml | 6 +++---
5 files changed, 19 insertions(+), 19 deletions(-)
.github/actions/perform-tests/action.yml | 2 +-
.github/workflows/master.yml | 6 +++---
.github/workflows/next.yml | 14 +++++++-------
.github/workflows/release.yml | 6 +++---
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index 3f6df3b..27afa21 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -26,12 +26,12 @@ runs:
sudo dpkg -i ${QEMU_USER_STATIC_PACKAGE}
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
+ uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
with:
driver-opts: image=moby/buildkit:v0.16.0
- name: Login to ghcr.io
- uses: docker/login-action@v3
+ uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.
with:
registry: ghcr.io
username: ${{ inputs.deploy-user }}
@@ -85,7 +85,7 @@ runs:
- name: Extract metadata
id: meta
- uses: docker/metadata-action@v5
+ uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v5.0.0
with:
annotations: |
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
@@ -98,7 +98,7 @@ runs:
- name: Cache apt
id: cache-apt
- uses: actions/cache@v4
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
var-cache-apt
@@ -106,7 +106,7 @@ runs:
key: cache-apt-${{ env.DEBIAN_TAG }}-${{ inputs.image-name }}
- name: Inject cache into docker
- uses: reproducible-containers/buildkit-cache-dance@5b6db76d1da5c8b307d5d2e0706d266521b710de #v3.1.2
+ uses: reproducible-containers/buildkit-cache-dance@1b8ab18fbda5ad3646e3fcc9ed9dd41ce2f297b4 #v3.3.2
with:
cache-map: |
{
diff --git a/.github/actions/perform-tests/action.yml b/.github/actions/perform-tests/action.yml
index f728f6f..cdef2a4 100644
--- a/.github/actions/perform-tests/action.yml
+++ b/.github/actions/perform-tests/action.yml
@@ -7,7 +7,7 @@ runs:
using: composite
steps:
- name: Set up Python
- uses: actions/setup-python@v5
+ uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ inputs.python-version }}
architecture: x64
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index eabc559..2839b20 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -20,7 +20,7 @@ jobs:
distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set up docker build
@@ -31,7 +31,7 @@ jobs:
image-name: ${{ matrix.image-name }}
distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
@@ -47,7 +47,7 @@ jobs:
ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-${{ matrix.distro-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index 3ff9f46..d4871c6 100644
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install Checkcode dependencies
run: |
pip install flake8 pycodestyle doc8 Pygments
@@ -40,7 +40,7 @@ jobs:
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: PyTest
uses: ./.github/actions/perform-tests
with:
@@ -63,7 +63,7 @@ jobs:
distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up docker build
uses: ./.github/actions/docker-init
with:
@@ -73,7 +73,7 @@ jobs:
distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
context: /home/runner/kas-clone
target: ${{ matrix.image-name }}
@@ -109,7 +109,7 @@ jobs:
fi
- name: Complete build and deploy ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
@@ -126,7 +126,7 @@ jobs:
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
@@ -143,7 +143,7 @@ jobs:
matrix:
image-name: ["kas", "kas-isar"]
steps:
- - uses: dataaxiom/ghcr-cleanup-action@98b4022383d6ddb70ccbf6a378b4d8c67a60f066 #v1.0.13
+ - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4 # v1.0.16
with:
dry-run: false
validate: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4583e2f..0c6b57d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,7 +20,7 @@ jobs:
distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Get release
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Set up docker build
@@ -33,7 +33,7 @@ jobs:
- name: Find latest tag
run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
@@ -50,7 +50,7 @@ jobs:
${{ matrix.distro-release == env.DISTRO_LATEST_RELEASE && github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
--
2.47.3
Jan Kiszka
Mar 26, 2026, 8:34:14 AMMar 26
to kas-...@googlegroups.com
On 26.03.26 13:28, 'Jan Kiszka' via kas-devel wrote:
> From: Jan Kiszka <jan.k...@siemens.com>
>
> This resolves warnings about outdated node.js.
>
Almost, but not fully. These deps, though in their latest versions,
> From: Jan Kiszka <jan.k...@siemens.com>
>
> This resolves warnings about outdated node.js.
>
still use only node.js:
- reproducible-containers/buildkit-cache-dance
- dataaxiom/ghcr-cleanup-action
And I introduced a regression via the attest switch. V2 on the way.
Jan
Linux Expert Center
Jan Kiszka
Mar 26, 2026, 2:50:37 PMMar 26
to kas-...@googlegroups.com
From: Jan Kiszka <jan.k...@siemens.com>
This resolves most warnings about outdated node.js,
reproducible-containers/buildkit-cache-dance and
dataaxiom/ghcr-cleanup-action still trigger some.
While at it:
- use hashes, rather than major version pinnings for stronger
supply-chain security
- switch to actions/attest for which attest-build-provenance is now
just a wrapper - which needs additional "artifact-metadata: write"
permission
Changes in v2:
- add extra permission
- adjust commit message
.github/actions/docker-init/action.yml | 10 +++++-----
.github/actions/perform-tests/action.yml | 2 +-
.github/workflows/master.yml | 7 ++++---
.github/workflows/next.yml | 15 ++++++++-------
.github/workflows/release.yml | 7 ++++---
5 files changed, 22 insertions(+), 19 deletions(-)
index eabc559..ebe0178 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -14,13 +14,14 @@ jobs:
packages: write
contents: read
attestations: write
+ artifact-metadata: write
strategy:
packages: write
contents: read
attestations: write
+ artifact-metadata: write
strategy:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,13 +14,14 @@ jobs:
packages: write
contents: read
attestations: write
+ artifact-metadata: write
strategy:
This resolves most warnings about outdated node.js,
reproducible-containers/buildkit-cache-dance and
dataaxiom/ghcr-cleanup-action still trigger some.
While at it:
- use hashes, rather than major version pinnings for stronger
supply-chain security
- switch to actions/attest for which attest-build-provenance is now
permission
Changes in v2:
- add extra permission
- adjust commit message
.github/actions/docker-init/action.yml | 10 +++++-----
.github/actions/perform-tests/action.yml | 2 +-
.github/workflows/next.yml | 15 ++++++++-------
.github/workflows/release.yml | 7 ++++---
5 files changed, 22 insertions(+), 19 deletions(-)
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -14,13 +14,14 @@ jobs:
packages: write
contents: read
attestations: write
+ artifact-metadata: write
strategy:
matrix:
image-name: ["kas", "kas-isar"]
image-name: ["kas", "kas-isar"]
distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set up docker build
@@ -31,7 +32,7 @@ jobs:
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set up docker build
image-name: ${{ matrix.image-name }}
distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
@@ -47,7 +48,7 @@ jobs:
distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-${{ matrix.distro-release }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index 3ff9f46..c1a7f6f 100644
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install Checkcode dependencies
run: |
pip install flake8 pycodestyle doc8 Pygments
@@ -40,7 +40,7 @@ jobs:
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: PyTest
uses: ./.github/actions/perform-tests
with:
@@ -57,13 +57,14 @@ jobs:
+++ b/.github/workflows/next.yml
@@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install Checkcode dependencies
run: |
pip install flake8 pycodestyle doc8 Pygments
@@ -40,7 +40,7 @@ jobs:
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: PyTest
uses: ./.github/actions/perform-tests
with:
packages: write
contents: read
attestations: write
+ artifact-metadata: write
strategy:
matrix:
image-name: ["kas", "kas-isar"]
image-name: ["kas", "kas-isar"]
distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up docker build
uses: ./.github/actions/docker-init
with:
@@ -73,7 +74,7 @@ jobs:
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up docker build
uses: ./.github/actions/docker-init
with:
distro-release: ${{ matrix.distro-release }}
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
context: /home/runner/kas-clone
target: ${{ matrix.image-name }}
@@ -109,7 +110,7 @@ jobs:
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
context: /home/runner/kas-clone
target: ${{ matrix.image-name }}
fi
- name: Complete build and deploy ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
@@ -126,7 +127,7 @@ jobs:
- name: Complete build and deploy ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
@@ -143,7 +144,7 @@ jobs:
- name: Attest ${{ matrix.image-name }} image
if: github.ref == 'refs/heads/next'
- uses: actions/attest-build-provenance@v1
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
subject-digest: ${{ steps.push.outputs.digest }}
matrix:
image-name: ["kas", "kas-isar"]
steps:
- - uses: dataaxiom/ghcr-cleanup-action@98b4022383d6ddb70ccbf6a378b4d8c67a60f066 #v1.0.13
+ - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4 # v1.0.16
with:
dry-run: false
validate: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4583e2f..c69a5ae 100644
image-name: ["kas", "kas-isar"]
steps:
- - uses: dataaxiom/ghcr-cleanup-action@98b4022383d6ddb70ccbf6a378b4d8c67a60f066 #v1.0.13
+ - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4 # v1.0.16
with:
dry-run: false
validate: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,13 +14,14 @@ jobs:
packages: write
contents: read
attestations: write
+ artifact-metadata: write
strategy:
matrix:
image-name: ["kas", "kas-isar"]
image-name: ["kas", "kas-isar"]
distro-release: ["debian-bookworm", "debian-trixie"]
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Get release
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Set up docker build
@@ -33,7 +34,7 @@ jobs:
steps:
- name: Check out repo
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Get release
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Set up docker build
- name: Find latest tag
run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
@@ -50,7 +51,7 @@ jobs:
run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
- uses: docker/build-push-action@v6
+ uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
id: push
with:
context: /home/runner/kas-clone
Reply all
Reply to author
Forward
0 new messages