diff --git a/.github/actions/setup-build-and-push/action.yml b/.github/actions/setup-build-and-push/action.yml index ba76453b..c0cd4e64 100644 --- a/.github/actions/setup-build-and-push/action.yml +++ b/.github/actions/setup-build-and-push/action.yml @@ -31,7 +31,9 @@ runs: "$GITHUB_SHA" "$GITHUB_REF_NAME" \ "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ - > ${{ inputs.version_json_path }} + > ${JSON_PATH} + env: + JSON_PATH: ${{ inputs.version_json_path }} - name: Compute image tag id: tag diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9558d50d..3c6a4548 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -58,6 +58,8 @@ updates: - dependency-name: slog-scope versions: - 4.4.0 + cooldown: + default-days: 7 - package-ecosystem: "pip" # Applies for poetry deps as well directories: @@ -80,6 +82,8 @@ updates: group-by: dependency-name patterns: - "*" + cooldown: + default-days: 7 - package-ecosystem: "github-actions" directory: "/" @@ -93,3 +97,5 @@ updates: actions-deps: patterns: - "*" + cooldown: + default-days: 7 diff --git a/.github/workflows/main-workflow.yml b/.github/workflows/main-workflow.yml index 410be787..b812ae94 100644 --- a/.github/workflows/main-workflow.yml +++ b/.github/workflows/main-workflow.yml @@ -52,6 +52,7 @@ jobs: ~/.cache/pip ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-python-${{ hashFiles('pyproject.toml', 'poetry.lock') }} + lookup-only: true - name: Install Poetry run: pip3 install poetry @@ -77,10 +78,11 @@ jobs: ~/.rustup/toolchains ~/.rustup/update-hashes key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }} + lookup-only: true - name: Install Rust toolchain if: steps.cache-rust-toolchain.outputs.cache-hit != 'true' - run: rustup toolchain install ${{ env.RUST_VERSION }} --component rustfmt --component clippy --component llvm-tools-preview --no-self-update && rustup default ${{ env.RUST_VERSION }} + run: rustup toolchain install ${RUST_VERSION} --component rustfmt --component clippy --component llvm-tools-preview --no-self-update && rustup default ${RUST_VERSION} - name: Display Rust Version Info shell: bash @@ -150,7 +152,7 @@ jobs: key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }} - name: Set Rust toolchain - run: rustup default ${{ env.RUST_VERSION }} + run: rustup default ${RUST_VERSION} - name: Cache cargo-audit id: cache-cargo-audit @@ -207,7 +209,7 @@ jobs: key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }} - name: Set Rust toolchain - run: rustup default ${{ env.RUST_VERSION }} + run: rustup default ${RUST_VERSION} - name: Rust Clippy ${{ matrix.target }} run: make clippy_${{ matrix.target }} @@ -246,7 +248,7 @@ jobs: ${{ runner.os }}-cargo-release-${{ matrix.target }}- - name: Set Rust toolchain - run: rustup default ${{ env.RUST_VERSION }} + run: rustup default ${RUST_VERSION} - name: Rust Clippy release ${{ matrix.target }} run: make clippy_release_${{ matrix.target }} @@ -296,7 +298,7 @@ jobs: key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }} - name: Set Rust toolchain - run: rustup default ${{ env.RUST_VERSION }} + run: rustup default ${RUST_VERSION} - name: Restore pip and Poetry virtualenv uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 @@ -589,7 +591,7 @@ jobs: key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }} - name: Set Rust toolchain - run: rustup default ${{ env.RUST_VERSION }} + run: rustup default ${RUST_VERSION} - name: Restore pip and Poetry virtualenv uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 @@ -878,7 +880,7 @@ jobs: key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }} - name: Set Rust toolchain - run: rustup default ${{ env.RUST_VERSION }} + run: rustup default ${RUST_VERSION} - name: Restore pip and Poetry virtualenv uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 diff --git a/.github/workflows/mozcloud-publish.yaml b/.github/workflows/mozcloud-publish.yaml index 8b7c9909..d691a8ed 100644 --- a/.github/workflows/mozcloud-publish.yaml +++ b/.github/workflows/mozcloud-publish.yaml @@ -56,11 +56,11 @@ jobs: - name: Compute tags run: | TAGS=$(cat <> "$GITHUB_ENV" echo "$TAGS" >> "$GITHUB_ENV" echo "EOF" >> "$GITHUB_ENV" + env: + IMAGE_TAG: ${{ steps.setup.outputs.image_tag }} + PUSH_LATEST: ${{ steps.setup.outputs.push_latest }} - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: @@ -101,11 +104,11 @@ jobs: - name: Compute tags run: | TAGS=$(cat <> "$GITHUB_ENV" echo "$TAGS" >> "$GITHUB_ENV" echo "EOF" >> "$GITHUB_ENV" + env: + IMAGE_TAG: ${{ steps.setup.outputs.image_tag }} + PUSH_LATEST: ${{ steps.setup.outputs.push_latest }} - name: Build and push to prod GAR and ghcr uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 @@ -143,14 +149,17 @@ jobs: - name: Compute enterprise tags run: | - TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:${{ steps.setup.outputs.image_tag }}" - if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then + TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:${IMAGE_TAG}" + if [[ "${PUSH_LATEST}" == "true" ]]; then TAGS="$TAGS us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:latest" fi echo "IMAGE_TAGS<> "$GITHUB_ENV" echo "$TAGS" >> "$GITHUB_ENV" echo "EOF" >> "$GITHUB_ENV" + env: + IMAGE_TAG: ${{ steps.setup.outputs.image_tag }} + PUSH_LATEST: ${{ steps.setup.outputs.push_latest }} - name: Build and push to enterprise GAR uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 @@ -188,11 +197,11 @@ jobs: - name: Compute tags run: | TAGS=$(cat <> "$GITHUB_ENV" echo "$TAGS" >> "$GITHUB_ENV" echo "EOF" >> "$GITHUB_ENV" + env: + IMAGE_TAG: ${{ steps.setup.outputs.image_tag }} + PUSH_LATEST: ${{ steps.setup.outputs.push_latest }} - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: @@ -232,11 +244,11 @@ jobs: - name: Compute tags run: | TAGS=$(cat <> "$GITHUB_ENV" echo "$TAGS" >> "$GITHUB_ENV" echo "EOF" >> "$GITHUB_ENV" + env: + IMAGE_TAG: ${{ steps.setup.outputs.image_tag }} + PUSH_LATEST: ${{ steps.setup.outputs.push_latest }} - name: Build and push to prod GAR and ghcr uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 @@ -272,14 +287,17 @@ jobs: - name: Compute enterprise tags run: | - TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }}" - if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then + TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:${IMAGE_TAG}" + if [[ "${PUSH_LATEST}" == "true" ]]; then TAGS="$TAGS us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:latest" fi echo "IMAGE_TAGS<> "$GITHUB_ENV" echo "$TAGS" >> "$GITHUB_ENV" echo "EOF" >> "$GITHUB_ENV" + env: + IMAGE_TAG: ${{ steps.setup.outputs.image_tag }} + PUSH_LATEST: ${{ steps.setup.outputs.push_latest }} - name: Build and push to enterprise GAR uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 @@ -311,11 +329,11 @@ jobs: - name: Compute tags run: | TAGS=$(cat <> "$GITHUB_ENV" echo "$TAGS" >> "$GITHUB_ENV" echo "EOF" >> "$GITHUB_ENV" + env: + IMAGE_TAG: ${{ steps.setup.outputs.image_tag }} + PUSH_LATEST: ${{ steps.setup.outputs.push_latest }} - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: