Github actions for HMPPS projects
This contains a library of Github actions for use by other projects. These include:
- security scans
- testing / deployments
- slack messaging templates
- NPM dependency
- NPM outdated
- OWASP reports
- Trivy reports
- Veracode pipeline scan
- Veracode policy scan
Documentation for migrating security scans from CircleCI to Github Actions can be found in this document
slack_prepare_results: filter non-Slack compatible text out of a text file and load it into a variableslack_failure_results: report on a failed operation with results as generated by slack_prepare_resultsslack_codescan_notification: links to the Codescan section of a repository to show the currently identified issues
These workflows are called by other repositories. Templates to call these are in the templates directory.
Workflows and actions are referred to by the tags associated with the current release, eg:
- uses: ministryofjustice/hmpps-github-actions/.github/actions/security_owasp_reports@v2 # WORKFLOW_VERSION
When a new release is issued, all of these referred workflows (as well as the calling ones within applications) will need to be updated as well.
To perform a release:
- Update the WORKFLOW_VERSION across the project
- Ensure the
CHANGELOG.mdhas been updated - Create a pull request and get it merged
- Create a new release, and select create new tag, incrementing the version appropriately.
- Update the short version of the tags for
vx,vx.y.
e.g: For a new version: v2.1.5
git tag -f v2 && git push -f origin v2
git tag -f v2.1 && git push -f origin v2.1- Update the discovery tool to scan the version of Github Actions Workflows