Added Dependabot version monitoring (#93)

* Added Dependabot version monitoring
AxisCommunications · Mar 29, 2023 · 2a076b2 · 2a076b2
1 parent 54c06e2
commit 2a076b2
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 15 deletions.
diff --git a/.github/actions/metadata-action/action.yml b/.github/actions/metadata-action/action.yml
@@ -44,8 +44,7 @@ runs:
   steps:
     - name: Create metadata for docker image
       id: meta
-      # sha for docker/metadata-action@v4 at time of commit.
-      uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96
+      uses: docker/metadata-action@v4
       with:
         images: ${{ inputs.repository }}
         # adds the suffix for all tags, even latest.

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,25 @@
+---
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Check status of workflows
+  - package-ecosystem: "github-actions"
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+      day: "monday"
+  # Check status of composite actions
+  # Depandabot doesn't support wildcards so each folder need to be listed
+  # (See https://github.com/dependabot/dependabot-core/issues/2178)
+  - package-ecosystem: "github-actions" # Check status of actions we use
+    directory: ".github/actions/metadata-action" # Location of package manifests
+    schedule:
+      interval: "weekly"
+      day: "monday"
+  - package-ecosystem: "github-actions" # Check status of actions we use
+    directory: ".github/actions/update-acap-manifest-action" # Location of package manifests
+    schedule:
+      interval: "weekly"
+      day: "monday"
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -7,7 +7,7 @@ on:
     branches:
       - 'main'
     tags:
-      # semver, e.g. 1.2.0 (does no match 0.1.2)
+      # semver, e.g. 1.2.0 (does not match 0.1.2)
       - '[1-9]+.[0-9]+.[0-9]+'
       # semver with prerelease info, e.g. 1.0.2-beta.1 or 1.2.3-rc.10
       - '[1-9]+.[0-9]+.[0-9]+-[a-z]+.[0-9]+'
@@ -22,6 +22,9 @@ on:
       - 'main'
 
 jobs:
+  # Builds docker ACAP using the build.sh script, then signs the eap-file in
+  # ACAP Portal and stores it as a build artifact.
+  # This job runs for all triggers of the workflow
   build:
     runs-on: ubuntu-latest
     strategy:
@@ -30,17 +33,14 @@ jobs:
     outputs:
       EAP_FILE_ARMV7HF: ${{ steps.save_full_file_name.outputs.EAP_FILE_ARMV7HF }}
       EAP_FILE_AARCH64: ${{ steps.save_full_file_name.outputs.EAP_FILE_AARCH64 }}
-    env:
-      DOCKER_HUB_REPOSITORY: 'axisecp/docker-acap'
     steps:
-        # sha for actions/checkout@v3 at time of commit.
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+      - uses: actions/checkout@v3
       - name: Create base image metadata
         id: meta
         uses: ./.github/actions/metadata-action
         with:
           suffix: -${{ matrix.arch }}
-          repository: ${{ env.DOCKER_HUB_REPOSITORY }}
+          repository: ${{ vars.REPOSITORY_DOCKER_HUB }}
           get_version: 'true'
       - name: Update manifest file
         if: ( github.ref_type == 'tag')
@@ -73,16 +73,16 @@ jobs:
         run: |
           if [[ -n "$HTTP_RESPONSE" && "$HTTP_RESPONSE" =~ ^[0-9]+$ ]]; then
             if [ "$HTTP_RESPONSE" -eq 200 ]; then
-              echo "HTTP response code is 200, signing was succesful"
+              echo "HTTP response code is 200, signing was successful"
             else
-              echo "HTTP response code is: $HTTP_RESPONSE, signing was not succesful"
+              echo "HTTP response code is: $HTTP_RESPONSE, signing was not successful"
               exit 1
             fi
           else
             echo "HTTP_RESPONSE is empty or not a valid integer: $HTTP_RESPONSE"
           fi
       - name: Upload artifact
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+        uses: actions/upload-artifact@v3
         with:
           name: ${{ env.SIGNED_EAP_FILE }}
           path: build-${{ matrix.arch }}/${{ env.SIGNED_EAP_FILE }}
@@ -99,6 +99,8 @@ jobs:
             echo "::error::Non valid architecture '${{ matrix.arch }}' encountered"
           fi
 
+  # Creates a pre-release in the repository.
+  # This job runs if the workflow is triggered by a tag and the build job was successful.
   create_prerelease:
     if: (github.ref_type == 'tag')
     permissions:
@@ -112,7 +114,7 @@ jobs:
       id: vars
       run: echo "TAG=${GITHUB_REF#refs/*/}" >> ${GITHUB_ENV}
     - name: Create prerelease
-      uses: "actions/github-script@v6"
+      uses: actions/github-script@v6
       id: prerelease
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -133,6 +135,8 @@ jobs:
             core.setFailed(error.message);
           }
 
+  # Uploads the signed eap files from artifacts to the pre-release.
+  # This job runs if the create_prerelease job 
   download-and-upload-artifacts:
     if: (github.ref_type == 'tag')
     permissions:
@@ -160,7 +164,7 @@ jobs:
           echo "::error::Non valid architecture '${{ matrix.arch }}' encountered"
         fi
     - name: Download artifacts
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v3
       with:
         name: ${{ env.EAP_FILE }}
         path: ./
@@ -179,9 +183,9 @@ jobs:
       run: |
         if [[ -n "$HTTP_RESPONSE" && "$HTTP_RESPONSE" =~ ^[0-9]+$ ]]; then
           if [ "$HTTP_RESPONSE" -eq 201 ]; then
-            echo "HTTP response code is 201, upload was succesful"
+            echo "HTTP response code is 201, upload was successful"
           else
-            echo "HTTP response code is: $HTTP_RESPONSE, upload was not succesful"
+            echo "HTTP response code is: $HTTP_RESPONSE, upload was not successful"
             exit 1
           fi
         else