diff --git a/.github/linters/zizmor.yaml b/.github/linters/zizmor.yaml index 00ea2bb..2fe7954 100644 --- a/.github/linters/zizmor.yaml +++ b/.github/linters/zizmor.yaml @@ -3,3 +3,7 @@ rules: config: policies: "*": ref-pin + secrets-outside-env: + ignore: + - docker-build-container.yaml + - docker-push-containers-to-dockerhub.yaml diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml index c39cedf..447a4ca 100644 --- a/.github/workflows/add-labels-standardized.yaml +++ b/.github/workflows/add-labels-standardized.yaml @@ -15,14 +15,6 @@ jobs: secrets: ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} MEMBERS: ${{ secrets.SENZING_MEMBERS }} - uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v4 - - slack-notification: - needs: [add-issue-labels] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-issue-labels.result) }} - secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 - with: - job-status: ${{ needs.add-issue-labels.result }} + uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v4 diff --git a/.github/workflows/add-to-project-senzing-dependabot.yaml b/.github/workflows/add-to-project-senzing-dependabot.yaml index fac7087..d1f9acd 100644 --- a/.github/workflows/add-to-project-senzing-dependabot.yaml +++ b/.github/workflows/add-to-project-senzing-dependabot.yaml @@ -12,16 +12,8 @@ jobs: repository-projects: write secrets: PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v4 - with: - project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} - - slack-notification: - needs: [add-to-project-dependabot] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project-dependabot.result) }} - secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 + uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v4 with: - job-status: ${{ needs.add-to-project-dependabot.result }} + project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} diff --git a/.github/workflows/add-to-project-senzing.yaml b/.github/workflows/add-to-project-senzing.yaml index 2f06f1a..d2193f4 100644 --- a/.github/workflows/add-to-project-senzing.yaml +++ b/.github/workflows/add-to-project-senzing.yaml @@ -14,17 +14,9 @@ jobs: repository-projects: write secrets: PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v4 with: project-number: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }} - - slack-notification: - needs: [add-to-project] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project.result) }} - secrets: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 - with: - job-status: ${{ needs.add-to-project.result }} diff --git a/.github/workflows/docker-build-container.yaml b/.github/workflows/docker-build-container.yaml index a7038f4..caa3fa2 100644 --- a/.github/workflows/docker-build-container.yaml +++ b/.github/workflows/docker-build-container.yaml @@ -6,6 +6,10 @@ on: - main workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/docker-push-containers-to-dockerhub.yaml b/.github/workflows/docker-push-containers-to-dockerhub.yaml index 7f860e7..a609c37 100644 --- a/.github/workflows/docker-push-containers-to-dockerhub.yaml +++ b/.github/workflows/docker-push-containers-to-dockerhub.yaml @@ -32,12 +32,10 @@ jobs: sign-image: true username: ${{ secrets.DOCKERHUB_USERNAME }} - slack-notification: - needs: [docker-push-containers-to-dockerhub] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.docker-push-containers-to-dockerhub.result) }} - secrets: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 - with: - job-status: ${{ needs.docker-push-containers-to-dockerhub.result }} + - name: Notify Slack on failure + if: (failure() || cancelled()) + uses: senzing-factory/build-resources/slack-failure-notification@v4 + with: + job-status: ${{ job.status }} + slack-channel: ${{ secrets.SLACK_CHANNEL }} + slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml index 3efc412..38d13c9 100644 --- a/.github/workflows/lint-workflows.yaml +++ b/.github/workflows/lint-workflows.yaml @@ -1,11 +1,13 @@ name: lint workflows on: - push: - branches-ignore: [main] pull_request: branches: [main] +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/spellcheck.yaml b/.github/workflows/spellcheck.yaml index 356027f..4490dc9 100644 --- a/.github/workflows/spellcheck.yaml +++ b/.github/workflows/spellcheck.yaml @@ -4,6 +4,10 @@ on: pull_request: branches: [main] +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + permissions: {} jobs: