File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -317,10 +317,12 @@ jobs:
317317 - name : Show docker vulnerability output
318318 if : always()
319319 run : |
320- echo "Scan output for ${{ matrix.docker_image } }"
320+ echo "Scan output for ${DOCKER_IMAGE }"
321321 if [ -f .trivy_out/dependency_results_docker.txt ]; then
322322 cat .trivy_out/dependency_results_docker.txt
323323 fi
324+ env :
325+ DOCKER_IMAGE : ${{ matrix.docker_image }}
324326
325327 IaC-validation :
326328 runs-on : ubuntu-22.04
Original file line number Diff line number Diff line change 2828 pinned_image : ${{ needs.get_config_values.outputs.pinned_image }}
2929 branch_name : main
3030 tag_format : ${{ needs.get_config_values.outputs.tag_format }}
31- secrets : inherit
Original file line number Diff line number Diff line change @@ -114,6 +114,7 @@ jobs:
114114 with :
115115 repository : ${{ github.repository }}
116116 ref : ${{ github.sha }}
117+ persist-credentials : true # needed for semantic-release to push tags and commits
117118
118119 - name : Checkout semantic-release workflow
119120 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
@@ -279,6 +280,7 @@ jobs:
279280 repository : ${{ github.repository }}
280281 ref : gh-pages
281282 path : gh-pages
283+ persist-credentials : true # needed for push to gh-pages
282284
283285 - name : Publish release notes to gh-pages
284286 if : ${{ !inputs.dry_run }}
@@ -319,5 +321,7 @@ jobs:
319321 shell : bash
320322 run : |
321323 TIMESTAMP=$(date +%s)
322- VERSION=$(echo ${{ steps.output_version_tag.outputs. VERSION_TAG }} | tr . -)
324+ VERSION=$(echo "${ VERSION_TAG}" | tr . -)
323325 echo CHANGE_SET_VERSION="$VERSION-$TIMESTAMP" >> "$GITHUB_OUTPUT"
326+ env :
327+ VERSION_TAG : ${{ steps.output_version_tag.outputs.VERSION_TAG }}
Original file line number Diff line number Diff line change 2323 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
2424 with :
2525 fetch-depth : 0
26+ persist-credentials : false
2627 - name : Load config value
2728 id : load-config
2829 run : |
9899 run : |
99100 set -euo pipefail
100101
101-
102- TARGET_VERSION='${{ steps.resolve-version.outputs.latest_version }}'
103-
104102 if [[ "$TARGET_VERSION" == "$DEVCONTAINER_VERSION" ]]; then
105103 echo "IMAGE_VERSION is already up to date (${DEVCONTAINER_VERSION})"
106104 exit 0
@@ -118,16 +116,16 @@ jobs:
118116
119117 config = json.loads(config_file.read_text())
120118
121- config['build']['args']['IMAGE_VERSION'] = '${{
122- steps.resolve-version.outputs.latest_version }}'
119+ config['build']['args']['IMAGE_VERSION'] = '${TARGET_VERSION}'
123120
124121 config_file.write_text(json.dumps(config, indent=2) + '\n')
125122
126123 PY
127124
128125
129- echo "Updated IMAGE_VERSION from ${DEVCONTAINER_VERSION} to
130- ${LATEST_DEVCONTAINER_VERSION}"
126+ echo "Updated IMAGE_VERSION from ${DEVCONTAINER_VERSION} to ${TARGET_VERSION}"
127+ env :
128+ TARGET_VERSION : " ${{ steps.resolve-version.outputs.latest_version }}"
131129 - name : Create GitHub App Token
132130 uses : actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859
133131 id : generate-token
Original file line number Diff line number Diff line change @@ -17,10 +17,17 @@ rules:
1717 - quality-checks-devcontainer.yml:190:29
1818 - dependabot-auto-approve-and-merge.yml:24:31
1919 - dependabot-auto-approve-and-merge.yml:25:36
20+ - tag-release-devcontainer.yml:229:34
21+ - tag-release-devcontainer.yml:235:35
22+ - tag-release-devcontainer.yml:241:34
23+ - tag-release-devcontainer.yml:249:35
24+ - update-dev-container-version.yml:136:24
25+ - update-dev-container-version.yml:137:29
2026 unpinned-images :
2127 ignore :
2228 - quality-checks-devcontainer.yml:32:7
2329 - quality-checks-devcontainer.yml:215:7
2430 - quality-checks-devcontainer.yml:285:7
2531 - quality-checks-devcontainer.yml:328:7
2632 - tag-release-devcontainer.yml:89:13
33+ - quality-checks-devcontainer.yml:330:7
You can’t perform that action at this time.
0 commit comments