PyPI - bitwarden_workflow_linter - Versions diffs - 0.3.1__tar.gz → 0.4.1__tar.gz - Mend

bitwarden_workflow_linter 0.3.1tar.gz → 0.4.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

{bitwarden_workflow_linter-0.3.1 → bitwarden_workflow_linter-0.4.1}/.github/workflows/cd.yml RENAMED Viewed

@@ -18,11 +18,18 @@ jobs:
   version-bump:
     name: Version bump
     if: github.actor != 'bitwarden-devops-bot'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: version-type
     outputs:
       version: ${{ steps.get-version.outputs.version }}
     steps:
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        id: app-token
+        with:
+          app-id: ${{ secrets.BW_GHAPP_ID }}
+          private-key: ${{ secrets.BW_GHAPP_KEY }}
       - name: Login to Azure - CI Subscription
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
@@ -34,14 +41,13 @@ jobs:
         with:
           keyvault: "bitwarden-ci"
           secrets: "github-gpg-private-key,
-            github-gpg-private-key-passphrase,
-            github-pat-bitwarden-devops-bot-repo-scope"
+            github-gpg-private-key-passphrase"
       - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
-          token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          token: ${{ steps.app-token.outputs.token }}
       - name: Set up Python
         uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0

{bitwarden_workflow_linter-0.3.1 → bitwarden_workflow_linter-0.4.1}/.github/workflows/enforce-labels.yml RENAMED Viewed

@@ -5,6 +5,7 @@ on:
     types: [labeled, unlabeled, opened, reopened, synchronize]
 jobs:
   enforce-labels:
+    name: Enforce Labels
     uses: bitwarden/gh-actions/.github/workflows/_enforce-labels.yml@main
   enforce-version-label:

bitwarden_workflow_linter-0.4.1/.github/workflows/update_actions.yml ADDED Viewed

@@ -0,0 +1,118 @@
+name: Update Approved Actions
+on:
+  schedule:
+  - cron: '0 0 */14 * *'
+jobs:
+  actions-update:
+    name: "Update Approved Actions"
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-gpg-private-key,
+            github-gpg-private-key-passphrase"
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
+        with:
+          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
+          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+      - name: Setup git
+        run: |
+          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
+          git config --local user.name "bitwarden-devops-bot"
+      - name: Checkout Branch
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Set up Python 3.11
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        with:
+          python-version: "3.11"
+      - name: Install bwwl binary
+        run: python -m pip install --upgrade bitwarden_workflow_linter
+      - name: Create Branch
+        id: create-branch
+        run: |
+          NAME="update-actions-$(date +'%Y%m%d-%H%M%S')"
+          git switch -c $NAME
+          echo "name=$NAME" >> $GITHUB_OUTPUT
+      - name: Run bwwl update
+        run: bwwl actions update -o src/bitwarden_workflow_linter/default_actions.json
+      - name: Check if there are changes to commit
+        id: new-changes
+        run: |
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "new_changes=TRUE" >> $GITHUB_OUTPUT
+          else
+            echo "new_changes=FALSE" >> $GITHUB_OUTPUT
+            echo "No changes to commit!";
+          fi
+      - name: Commit changes
+        if: steps.new-changes.outputs.new_changes == 'TRUE'
+        env:
+          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
+        run: |
+          git commit -m "Update approved actions" -a
+          git push origin $PR_BRANCH
+      - name: Generate GH App token
+        if: steps.new-changes.outputs.new_changes == 'TRUE'
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_KEY }}
+          owner: ${{ github.repository_owner }}
+      - name: Create PR
+        if: steps.new-changes.outputs.new_changes == 'TRUE'
+        id: create-pr
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
+          TITLE: "Update bwwl Approved Actions"
+        run: |
+          PR_URL=$(gh pr create --title "$TITLE" \
+            --base "main" \
+            --head "$PR_BRANCH" \
+            --label "version:patch" \
+            --label "automated pr" \
+            --body "
+              ## Type of change
+              - [ ] Bug fix
+              - [ ] New feature development
+              - [X] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
+              - [ ] Build/deploy pipeline (DevOps)
+              - [ ] Other
+              ## Description
+              - This PR updates the approved actions for the Bitwarden Workflow Linter.")
+          echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT
+      - name: Approve and Merge PR
+        if: ${{ steps.create-pr.outcome == 'success' }}
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
+        run: |
+          gh pr review $PR_NUMBER --approve
+          gh pr merge $PR_NUMBER --squash --auto --delete-branch

{bitwarden_workflow_linter-0.3.1 → bitwarden_workflow_linter-0.4.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bitwarden_workflow_linter
-Version: 0.3.1
+Version: 0.4.1
 Summary: Custom GitHub Action Workflow Linter
 Project-URL: Homepage, https://github.com/bitwarden/workflow-linter
 Project-URL: Issues, https://github.com/bitwarden/workflow-linter/issues
@@ -181,6 +181,6 @@ two empty lines between each job)
 To activate a rule after implementing it, add it to `settings.yaml` in the project's base folder
 and `src/bitwarden_workflow_linter/default_settings.yaml` to make the rule default
-### ToDo
+### To-Do
 -   [ ] Add Rule to assert correct format for single line run

{bitwarden_workflow_linter-0.3.1 → bitwarden_workflow_linter-0.4.1}/README.md RENAMED Viewed

@@ -155,6 +155,6 @@ two empty lines between each job)
 To activate a rule after implementing it, add it to `settings.yaml` in the project's base folder
 and `src/bitwarden_workflow_linter/default_settings.yaml` to make the rule default
-### ToDo
+### To-Do
 -   [ ] Add Rule to assert correct format for single line run

{bitwarden_workflow_linter-0.3.1 → bitwarden_workflow_linter-0.4.1}/src/bitwarden_workflow_linter/__about__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """Metadata for Workflow Linter."""
-__version__ = "0.3.1"
+__version__ = "0.4.1"

{bitwarden_workflow_linter-0.3.1 → bitwarden_workflow_linter-0.4.1}/src/bitwarden_workflow_linter/default_actions.json RENAMED Viewed

@@ -69,6 +69,11 @@
     "sha": "e5bc658cc4c965c472efe991f8beea3981499c55",
     "version": "v5.0.0"
   },
+  "actions/deploy-pages": {
+    "name": "actions/deploy-pages",
+    "sha": "d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e",
+    "version": "v4.0.5"
+  },
   "actions/download-artifact": {
     "name": "actions/download-artifact",
     "sha": "fa0a91b85d4f404e444e00e005971372dc801d16",
@@ -294,6 +299,11 @@
     "sha": "2c591bcc8ecdcd2db72b97d6147f871fcd833ba5",
     "version": "v1.14.0"
   },
+  "nuget/setup-nuget": {
+    "name": "nuget/setup-nuget",
+    "sha": "a21f25cd3998bf370fde17e3f1b4c12c175172f9",
+    "version": "v2.0.0"
+  },
   "peter-evans/close-issue": {
     "name": "peter-evans/close-issue",
     "sha": "276d7966e389d888f011539a86c8920025ea0626",
@@ -319,6 +329,11 @@
     "sha": "485a9d42d3a73031f12ec201c457e2162c45d02d",
     "version": "v2.0.0"
   },
+  "sigstore/cosign-installer": {
+    "name": "sigstore/cosign-installer",
+    "sha": "dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da",
+    "version": "v3.7.0"
+  },
   "snapcore/action-build": {
     "name": "snapcore/action-build",
     "sha": "3bdaa03e1ba6bf59a65f84a751d943d549a54e79",
@@ -334,6 +349,11 @@
     "sha": "02ef91109b2d589e757aefcfb2854c2783fd7b19",
     "version": "v4.0.0"
   },
+  "sonarsource/sonarqube-scan-action": {
+    "name": "sonarsource/sonarqube-scan-action",
+    "sha": "bfd4e558cda28cda6b5defafb9232d191be8c203",
+    "version": "v4.2.1"
+  },
   "stackrox/kube-linter-action": {
     "name": "stackrox/kube-linter-action",
     "sha": "5792edc6a03735d592b13c08201711327a935735",