From 344b8928a7d8cf168b514c7ef80e69dfb113b1b7 Mon Sep 17 00:00:00 2001 From: Techassi Date: Fri, 13 Dec 2024 08:42:13 +0100 Subject: [PATCH] ci: Fix static analysis errors (#955) * ci: Fix high severity errors * ci: Set persist-credentials to false * ci: Move step output to env var * chore: Add changelog entry --- .github/workflows/build_airflow.yaml | 6 ++++++ .github/workflows/build_druid.yaml | 6 ++++++ .github/workflows/build_hadoop.yaml | 6 ++++++ .github/workflows/build_hbase.yaml | 6 ++++++ .github/workflows/build_hello-world.yaml | 6 ++++++ .github/workflows/build_hive.yaml | 6 ++++++ .github/workflows/build_java-base.yaml | 6 ++++++ .github/workflows/build_java-devel.yaml | 6 ++++++ .github/workflows/build_kafka-testing-tools.yaml | 6 ++++++ .github/workflows/build_kafka.yaml | 6 ++++++ .github/workflows/build_kcat.yaml | 6 ++++++ .github/workflows/build_krb5.yaml | 6 ++++++ .github/workflows/build_nifi.yaml | 6 ++++++ .github/workflows/build_omid.yaml | 6 ++++++ .github/workflows/build_opa.yaml | 6 ++++++ .github/workflows/build_spark-k8s.yaml | 6 ++++++ .github/workflows/build_stackable-base.yaml | 6 ++++++ .github/workflows/build_superset.yaml | 6 ++++++ .github/workflows/build_testing-tools.yaml | 6 ++++++ .github/workflows/build_tools.yaml | 6 ++++++ .github/workflows/build_trino-cli.yaml | 6 ++++++ .github/workflows/build_trino.yaml | 6 ++++++ .github/workflows/build_vector.yaml | 6 ++++++ .github/workflows/build_zookeeper.yaml | 6 ++++++ .github/workflows/mirror.yaml | 4 ++++ .github/workflows/pr_pre-commit.yaml | 1 + .github/workflows/preflight.yaml | 16 ++++++++++++---- .github/workflows/release.yml | 4 ++++ .github/workflows/ubi-rust-builder.yml | 8 +++++++- CHANGELOG.md | 2 ++ 30 files changed, 174 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_airflow.yaml b/.github/workflows/build_airflow.yaml index 0f43d3d0f..3c5fa572f 100644 --- a/.github/workflows/build_airflow.yaml +++ b/.github/workflows/build_airflow.yaml @@ -29,6 +29,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -52,6 +54,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -98,6 +102,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_druid.yaml b/.github/workflows/build_druid.yaml index 5fbe890b6..e785ac1de 100644 --- a/.github/workflows/build_druid.yaml +++ b/.github/workflows/build_druid.yaml @@ -31,6 +31,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -54,6 +56,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -100,6 +104,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_hadoop.yaml b/.github/workflows/build_hadoop.yaml index 49c56f391..d9afef86a 100644 --- a/.github/workflows/build_hadoop.yaml +++ b/.github/workflows/build_hadoop.yaml @@ -31,6 +31,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -54,6 +56,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -100,6 +104,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_hbase.yaml b/.github/workflows/build_hbase.yaml index 29a3cf59d..ab795def7 100644 --- a/.github/workflows/build_hbase.yaml +++ b/.github/workflows/build_hbase.yaml @@ -32,6 +32,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -55,6 +57,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -101,6 +105,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_hello-world.yaml b/.github/workflows/build_hello-world.yaml index 6166a2fbb..363d7fd07 100644 --- a/.github/workflows/build_hello-world.yaml +++ b/.github/workflows/build_hello-world.yaml @@ -27,6 +27,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -50,6 +52,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -96,6 +100,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_hive.yaml b/.github/workflows/build_hive.yaml index e8e2ea2ac..71429c988 100644 --- a/.github/workflows/build_hive.yaml +++ b/.github/workflows/build_hive.yaml @@ -32,6 +32,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -55,6 +57,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -101,6 +105,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_java-base.yaml b/.github/workflows/build_java-base.yaml index 42b34d0ed..7d9af2595 100644 --- a/.github/workflows/build_java-base.yaml +++ b/.github/workflows/build_java-base.yaml @@ -27,6 +27,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -50,6 +52,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -96,6 +100,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_java-devel.yaml b/.github/workflows/build_java-devel.yaml index 9cac876dd..1b9a65ea4 100644 --- a/.github/workflows/build_java-devel.yaml +++ b/.github/workflows/build_java-devel.yaml @@ -27,6 +27,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -50,6 +52,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -96,6 +100,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_kafka-testing-tools.yaml b/.github/workflows/build_kafka-testing-tools.yaml index 6c9dbdeab..6612a9ffc 100644 --- a/.github/workflows/build_kafka-testing-tools.yaml +++ b/.github/workflows/build_kafka-testing-tools.yaml @@ -31,6 +31,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -54,6 +56,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -100,6 +104,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_kafka.yaml b/.github/workflows/build_kafka.yaml index 701cf771e..7e875847a 100644 --- a/.github/workflows/build_kafka.yaml +++ b/.github/workflows/build_kafka.yaml @@ -33,6 +33,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -56,6 +58,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -102,6 +106,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_kcat.yaml b/.github/workflows/build_kcat.yaml index 9d9a45dab..ba3514d89 100644 --- a/.github/workflows/build_kcat.yaml +++ b/.github/workflows/build_kcat.yaml @@ -31,6 +31,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -54,6 +56,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -100,6 +104,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_krb5.yaml b/.github/workflows/build_krb5.yaml index c6dde6ff1..9eddff792 100644 --- a/.github/workflows/build_krb5.yaml +++ b/.github/workflows/build_krb5.yaml @@ -27,6 +27,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -50,6 +52,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -96,6 +100,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_nifi.yaml b/.github/workflows/build_nifi.yaml index 35af3105c..54bac82de 100644 --- a/.github/workflows/build_nifi.yaml +++ b/.github/workflows/build_nifi.yaml @@ -31,6 +31,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -54,6 +56,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -100,6 +104,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_omid.yaml b/.github/workflows/build_omid.yaml index 303ac60dc..67f5afea1 100644 --- a/.github/workflows/build_omid.yaml +++ b/.github/workflows/build_omid.yaml @@ -31,6 +31,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -54,6 +56,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -100,6 +104,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_opa.yaml b/.github/workflows/build_opa.yaml index ec01ed5ce..b8c19e1c2 100644 --- a/.github/workflows/build_opa.yaml +++ b/.github/workflows/build_opa.yaml @@ -29,6 +29,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -52,6 +54,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -98,6 +102,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_spark-k8s.yaml b/.github/workflows/build_spark-k8s.yaml index 1ccbebd34..beb71736e 100644 --- a/.github/workflows/build_spark-k8s.yaml +++ b/.github/workflows/build_spark-k8s.yaml @@ -32,6 +32,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -55,6 +57,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -101,6 +105,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_stackable-base.yaml b/.github/workflows/build_stackable-base.yaml index 1db75a8a9..bbaa7e69f 100644 --- a/.github/workflows/build_stackable-base.yaml +++ b/.github/workflows/build_stackable-base.yaml @@ -28,6 +28,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -51,6 +53,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -97,6 +101,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_superset.yaml b/.github/workflows/build_superset.yaml index 32747f3ba..15900e11a 100644 --- a/.github/workflows/build_superset.yaml +++ b/.github/workflows/build_superset.yaml @@ -29,6 +29,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -52,6 +54,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -98,6 +102,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_testing-tools.yaml b/.github/workflows/build_testing-tools.yaml index 9fa5311d9..e4ffb2bdd 100644 --- a/.github/workflows/build_testing-tools.yaml +++ b/.github/workflows/build_testing-tools.yaml @@ -27,6 +27,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -50,6 +52,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -96,6 +100,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_tools.yaml b/.github/workflows/build_tools.yaml index 3658acfaa..c482d6f10 100644 --- a/.github/workflows/build_tools.yaml +++ b/.github/workflows/build_tools.yaml @@ -28,6 +28,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -51,6 +53,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -97,6 +101,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_trino-cli.yaml b/.github/workflows/build_trino-cli.yaml index 6e1e094a4..f96521dcd 100644 --- a/.github/workflows/build_trino-cli.yaml +++ b/.github/workflows/build_trino-cli.yaml @@ -30,6 +30,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -53,6 +55,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -99,6 +103,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_trino.yaml b/.github/workflows/build_trino.yaml index aca8fb420..845206c5a 100644 --- a/.github/workflows/build_trino.yaml +++ b/.github/workflows/build_trino.yaml @@ -31,6 +31,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -54,6 +56,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -100,6 +104,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_vector.yaml b/.github/workflows/build_vector.yaml index 34561ccf2..03d02b5a6 100644 --- a/.github/workflows/build_vector.yaml +++ b/.github/workflows/build_vector.yaml @@ -27,6 +27,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -50,6 +52,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -96,6 +100,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/build_zookeeper.yaml b/.github/workflows/build_zookeeper.yaml index cdebb6a8d..cba06d21f 100644 --- a/.github/workflows/build_zookeeper.yaml +++ b/.github/workflows/build_zookeeper.yaml @@ -31,6 +31,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - id: shard uses: stackabletech/actions/shard@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: @@ -54,6 +56,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Free Disk Space uses: stackabletech/actions/free-disk-space@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 @@ -100,6 +104,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Publish and Sign Image Index Manifest to docker.stackable.tech uses: stackabletech/actions/publish-index-manifest@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 diff --git a/.github/workflows/mirror.yaml b/.github/workflows/mirror.yaml index d402733aa..f4619e5be 100644 --- a/.github/workflows/mirror.yaml +++ b/.github/workflows/mirror.yaml @@ -36,6 +36,8 @@ jobs: - arm64 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Pull container image shell: bash @@ -81,6 +83,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Extract Repo Name env: diff --git a/.github/workflows/pr_pre-commit.yaml b/.github/workflows/pr_pre-commit.yaml index d7096fb28..2640cc171 100644 --- a/.github/workflows/pr_pre-commit.yaml +++ b/.github/workflows/pr_pre-commit.yaml @@ -14,6 +14,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: + persist-credentials: false fetch-depth: 0 - uses: stackabletech/actions/run-pre-commit@a3f7587879e9f12e04a29fd26435949aaa4fd59c # 0.2.0 with: diff --git a/.github/workflows/preflight.yaml b/.github/workflows/preflight.yaml index 4fdf7c14d..45fd8ca14 100644 --- a/.github/workflows/preflight.yaml +++ b/.github/workflows/preflight.yaml @@ -70,6 +70,8 @@ jobs: GITHUB_REF_NAME: ${{ github.ref_name }} steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.x' @@ -80,22 +82,28 @@ jobs: chmod +x preflight-linux-amd64 - name: Submit preflight checks if: ${{ inputs.submit == true }} + env: + REGISTRY: ${{ inputs.registry }} + IMAGE_VERSION: ${{inputs.tag }} run: | ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')" check-container --product "${{ matrix.product }}" \ - --image-version "${{inputs.tag }}" \ - --registry "${{ inputs.registry }}" \ + --image-version "$IMAGE_VERSION" \ + --registry "$REGISTRY" \ --architecture "linux/${ARCH_FOR_PREFLIGHT}" \ --executable ./preflight-linux-amd64 \ --token "${{ secrets.RH_PYXIS_API_TOKEN }}" \ --submit - name: Run preflight checks (no submit) if: ${{ inputs.submit == false }} + env: + REGISTRY: ${{ inputs.registry }} + IMAGE_VERSION: ${{inputs.tag }} run: | ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')" check-container --product "${{ matrix.product }}" \ - --image-version "${{inputs.tag }}" \ - --registry "${{ inputs.registry }}" \ + --image-version "$IMAGE_VERSION" \ + --registry "$REGISTRY" \ --architecture "linux/${ARCH_FOR_PREFLIGHT}" \ --executable ./preflight-linux-amd64 \ --token "${{ secrets.RH_PYXIS_API_TOKEN }}" \ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 850b0d7cf..b3bea71ee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,6 +60,8 @@ jobs: swap-storage: true - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 # As of 2024-04-08 this throws # Error: The version '3.x' with architecture 'arm64' was not found for Ubuntu 22.04. @@ -166,6 +168,8 @@ jobs: needs: ["build_and_push"] steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: docker.stackable.tech diff --git a/.github/workflows/ubi-rust-builder.yml b/.github/workflows/ubi-rust-builder.yml index 90485fc04..132bc7152 100644 --- a/.github/workflows/ubi-rust-builder.yml +++ b/.github/workflows/ubi-rust-builder.yml @@ -23,6 +23,8 @@ jobs: runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Login to Stackable Harbor uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: @@ -44,11 +46,13 @@ jobs: tags: oci.stackable.tech/sdp/${{ matrix.ubi-version }}-rust-builder:${{ env.TAG }} - name: Sign the published builder image shell: bash + env: + DIGEST: ${{ steps.build-and-push.outputs.digest }} run: | # Refer to image via its digest (oci.stackable.tech/sdp/airflow@sha256:0a1b2c...) # This generates a signature and publishes it to the registry, next to the image # Uses the keyless signing flow with Github Actions as identity provider - cosign sign -y "oci.stackable.tech/sdp/${{ matrix.ubi-version }}-rust-builder@${{ steps.build-and-push.outputs.digest }}" + cosign sign -y "oci.stackable.tech/sdp/${{ matrix.ubi-version }}-rust-builder@$DIGEST" create_manifest: permissions: id-token: write @@ -60,6 +64,8 @@ jobs: needs: ["build"] steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false - name: Login to Stackable Harbor uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: diff --git a/CHANGELOG.md b/CHANGELOG.md index 5513c1a09..b31dae4e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file. ### Changed +- ci: Fix various static analysis errors ([#955]). - all java products: These now use the Stackable Nexus build-repo by default instead of pulling from Maven central ([#953]). - all java products: Maven is now consistently run with `--batch-mode` and `--no-transfer-progress` to reduce noise ([#953]). @@ -26,6 +27,7 @@ All notable changes to this project will be documented in this file. [#943]: https://github.com/stackabletech/docker-images/pull/943 [#952]: https://github.com/stackabletech/docker-images/pull/952 [#953]: https://github.com/stackabletech/docker-images/pull/953 +[#955]: https://github.com/stackabletech/docker-images/pull/955 ## [24.11.0] - 2024-11-18