Skip to content

introduce hk #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stempler merged 5 commits into from
Dec 15, 2025
Merged

introduce hk #136

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
83806fa
ci: add initial hk configuration
stempler Dec 15, 2025
82e5208
fix: fix lint errors and apply style conventions
stempler Dec 15, 2025
b7bc3f6
ci: add initial version of managed workflow for testing
stempler Dec 15, 2025
3b8ab7d
fix: resolve shellcheck issues
stempler Dec 15, 2025
3d1217d
chore(deps): update dependency wetransform/hk-config to v1.5.1
stempler Dec 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/dockerfile-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ on:
checkout-ref:
description: Custom ref to check out
type: string
default: ''
default: ""
secrets:
DOCKER_HUB_USERNAME:
DOCKER_HUB_PASSWORD:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dockerfile-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ on:
checkout-ref:
description: Custom ref to check out
type: string
default: ''
default: ""
secrets:
DOCKER_HUB_USERNAME:
required: true
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/dockerfile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ on:
checkout-ref:
description: Custom ref to check out
type: string
default: ''
default: ""
secrets:
DOCKER_HUB_USERNAME:
DOCKER_HUB_PASSWORD:
Expand Down Expand Up @@ -72,7 +72,7 @@ jobs:
# Report build failure to Slack
#

# https://github.com/marketplace/actions/slack-notify-build
# https://github.com/marketplace/actions/slack-notify-build
- name: Notify slack fail
if: ${{ inputs.notify-failure && failure() }}
env:
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/gradle-library-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,27 +13,27 @@ on:
description: Custom Gradle tasks to run
required: false
type: string
default: ''
default: ""
expect-tests:
description: If JUnit test results are expected
default: true
type: boolean
submodules:
# see https://github.com/actions/checkout
default: 'false'
default: "false"
type: string
checkout-ref:
description: Custom ref to check out
type: string
default: ''
default: ""
skip-scan:
description: If security scan and associated tasks should be skipped (e.g. in case no Gradle lock files are configured to be generated)
type: boolean
default: false
upload-artifact-path:
description: Path for artifact to upload (to reuse in another job)
type: string
default: ''
default: ""
upload-artifact-name:
description: Name for artifact to upload (to reuse in another job)
type: string
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/gradle-library-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,24 +13,24 @@ on:
description: Custom Gradle tasks to run for building and verification
required: false
type: string
default: ''
default: ""
publish-tasks:
description: Custom Gradle tasks to run for publishing
required: false
type: string
default: ''
default: ""
expect-tests:
description: If JUnit test results are expected
default: true
type: boolean
submodules:
# see https://github.com/actions/checkout
default: 'false'
default: "false"
type: string
checkout-ref:
description: Custom ref to check out
type: string
default: ''
default: ""
semantic-release:
description: State if a release should be created using semantic-release if applicable
default: false
Expand All @@ -46,7 +46,7 @@ on:
upload-artifact-path:
description: Path for artifact to upload (to reuse in another job)
type: string
default: ''
default: ""
upload-artifact-name:
description: Name for artifact to upload (to reuse in another job)
type: string
Expand Down
19 changes: 9 additions & 10 deletions .github/workflows/gradle-library.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
publish-tasks:
description: Gradle tasks to run for publishing the project
required: false
default: ''
default: ""
type: string
semantic-release:
description: State if a release should be created using semantic-release if applicable
Expand All @@ -22,7 +22,7 @@ on:
description: Java version to use for build, ignored if the repository contains a mise.toml file
required: false
type: string
default: '17'
default: "17"
notify-failure:
description: Notify on build failure to Slack
default: true
Expand All @@ -41,20 +41,20 @@ on:
type: boolean
submodules:
# see https://github.com/actions/checkout
default: 'false'
default: "false"
type: string
pre-build-command:
description: Custom command to run before the build
type: string
default: ''
default: ""
java-options:
description: Custom JAVA_TOOL_OPTIONS
type: string
default: ''
default: ""
upload-artifact-path:
description: Path for artifact to upload (to reuse in another job)
type: string
default: ''
default: ""
upload-artifact-name:
description: Name for artifact to upload (to reuse in another job)
type: string
Expand All @@ -70,7 +70,7 @@ on:
checkout-ref:
description: Custom ref to check out
type: string
default: ''
default: ""
outputs:
release-published:
description: If a release was created
Expand Down Expand Up @@ -256,12 +256,11 @@ jobs:
# ORG_GRADLE_PROJECT_dockerHubEmail: ${{ secrets.DOCKER_HUB_EMAIL }}
# ORG_GRADLE_PROJECT_dockerHost: "unix:///var/run/docker.sock"


#
# Report on unit tests and critical vulnerabilities
#

# https://github.com/marketplace/actions/junit-report-action
# https://github.com/marketplace/actions/junit-report-action
- name: Publish Test Report
uses: mikepenz/action-junit-report@e08919a3b1fb83a78393dfb775a9c37f17d8eea6 # v6.0.1
if: always() # always run even if the previous step fails
Expand Down Expand Up @@ -292,7 +291,7 @@ jobs:
# Report build failure to Slack
#

# https://github.com/marketplace/actions/slack-notify-build
# https://github.com/marketplace/actions/slack-notify-build
- name: Notify slack fail
if: ${{ inputs.notify-failure && failure() }}
env:
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/gradle-service-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ on:
description: Custom Gradle tasks to run
required: false
type: string
default: ''
default: ""
java-version:
description: Java version to use for build, ignored if the repository contains a mise.toml file
required: false
Expand All @@ -17,11 +17,11 @@ on:
image-tag-2:
description: Additional image tag to scan after build
type: string
default: ''
default: ""
image-tag-3:
description: Additional image tag to scan after build
type: string
default: ''
default: ""
multi-module:
description: If this is a multi-module project
type: boolean
Expand All @@ -32,12 +32,12 @@ on:
type: boolean
submodules:
# see https://github.com/actions/checkout
default: 'false'
default: "false"
type: string
checkout-ref:
description: Custom ref to check out
type: string
default: ''
default: ""
secrets:
GH_PAT:
DOCKER_HUB_USERNAME:
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/gradle-service-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ on:
description: Custom Gradle tasks to run for building and verification
required: false
type: string
default: ''
default: ""
publish-tasks:
description: Custom Gradle tasks to run for publishing
required: false
type: string
default: ''
default: ""
java-version:
description: Java version to use for build, ignored if the repository contains a mise.toml file
required: false
Expand All @@ -22,11 +22,11 @@ on:
image-tag-2:
description: Additional image tag to scan after build
type: string
default: ''
default: ""
image-tag-3:
description: Additional image tag to scan after build
type: string
default: ''
default: ""
multi-module:
description: If this is a multi-module project
type: boolean
Expand All @@ -37,12 +37,12 @@ on:
type: boolean
submodules:
# see https://github.com/actions/checkout
default: 'false'
default: "false"
type: string
checkout-ref:
description: Custom ref to check out
type: string
default: ''
default: ""
semantic-release:
description: State if a release should be created using semantic-release if applicable
default: false
Expand Down
32 changes: 17 additions & 15 deletions .github/workflows/gradle-service.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
publish-tasks:
description: Gradle tasks to run for publishing the project
required: false
default: ''
default: ""
type: string
semantic-release:
description: State if a release should be created using semantic-release if applicable
Expand All @@ -22,7 +22,7 @@ on:
description: Java version to use for build, ignored if the repository contains a mise.toml file
required: false
type: string
default: '17'
default: "17"
notify-failure:
description: Notify on build failure to Slack
default: true
Expand All @@ -37,24 +37,24 @@ on:
type: boolean
submodules:
# see https://github.com/actions/checkout
default: 'false'
default: "false"
type: string
java-options:
description: Custom JAVA_TOOL_OPTIONS
type: string
default: ''
default: ""
image-tag:
description: Image tag to scan after build
required: true
type: string
image-tag-2:
description: Additional image tag to scan after build
type: string
default: ''
default: ""
image-tag-3:
description: Additional image tag to scan after build
type: string
default: ''
default: ""
multi-module:
description: If this is a multi-module project
type: boolean
Expand All @@ -66,7 +66,7 @@ on:
checkout-ref:
description: Custom ref to check out
type: string
default: ''
default: ""
outputs:
release-published:
description: If a release was created
Expand Down Expand Up @@ -121,11 +121,13 @@ jobs:
# add them as environment variables for use in subsequent steps.
# Keys prefixed with "BASE64_" will be decoded from base64 and the
# prefix will be removed. E.g., "BASE64_KEY=value" becomes "KEY=value".
IFS=$'\n'
for i in $env_vars; do
if [[ $i == BASE64_* ]]; then i=$(echo $i | sed 's/^BASE64_//g' | sed 's/=.*//g')=$(echo ${i#*=} | base64 -di | base64 -di); fi
echo ::add-mask::${i#*=}
printf '%s\n' "$i" >> $GITHUB_ENV
if [[ "$i" == BASE64_* ]]; then i="$(echo "$i" | sed 's/^BASE64_//g' | sed 's/=.*//g')=$(echo "${i#*=}" | base64 -di | base64 -di)"; fi
echo "::add-mask::${i#*=}"
printf '%s\n' "$i" >> "$GITHUB_ENV"
done
unset IFS
fi

#
Expand Down Expand Up @@ -237,7 +239,7 @@ jobs:
if: ${{ !inputs.skip-scan }}
uses: wetransform/gha-trivy@dafb78eaf440e1d9217b3432965692ab2fd1d204 # v2.5.1
with:
image-ref: 'docker.io/${{ inputs.image-tag }}'
image-ref: "docker.io/${{ inputs.image-tag }}"
junit-test-output: "${{ inputs.multi-module && 'trivy-gha-scan/build/test-results/trivy.xml' || 'build/test-results/trivy.xml' }}" # added to unit test report
report-retention-days: 30
report-tag: ${{ inputs.image-tag }}
Expand All @@ -246,7 +248,7 @@ jobs:
uses: wetransform/gha-trivy@dafb78eaf440e1d9217b3432965692ab2fd1d204 # v2.5.1
if: ${{ !inputs.skip-scan && inputs.image-tag-2 != '' }}
with:
image-ref: 'docker.io/${{ inputs.image-tag-2 }}'
image-ref: "docker.io/${{ inputs.image-tag-2 }}"
junit-test-output: "${{ inputs.multi-module && 'trivy-gha-scan/build/test-results/trivy-2.xml' || 'build/test-results/trivy-2.xml' }}" # added to unit test report
report-retention-days: 30
report-tag: ${{ inputs.image-tag-2 }}
Expand All @@ -255,7 +257,7 @@ jobs:
uses: wetransform/gha-trivy@dafb78eaf440e1d9217b3432965692ab2fd1d204 # v2.5.1
if: ${{ !inputs.skip-scan && inputs.image-tag-3 != '' }}
with:
image-ref: 'docker.io/${{ inputs.image-tag-3 }}'
image-ref: "docker.io/${{ inputs.image-tag-3 }}"
junit-test-output: "${{ inputs.multi-module && 'trivy-gha-scan/build/test-results/trivy-3.xml' || 'build/test-results/trivy-3.xml' }}" # added to unit test report
report-retention-days: 30
report-tag: ${{ inputs.image-tag-3 }}
Expand All @@ -264,7 +266,7 @@ jobs:
# Report on unit tests and critical vulnerabilities
#

# https://github.com/marketplace/actions/junit-report-action
# https://github.com/marketplace/actions/junit-report-action
- name: Publish Test Report
uses: mikepenz/action-junit-report@e08919a3b1fb83a78393dfb775a9c37f17d8eea6 # v6.0.1
if: always() # always run even if the previous step fails
Expand All @@ -283,7 +285,7 @@ jobs:
# Report build failure to Slack
#

# https://github.com/marketplace/actions/slack-notify-build
# https://github.com/marketplace/actions/slack-notify-build
- name: Notify slack fail
if: ${{ inputs.notify-failure && failure() }}
env:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/mise-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ on:
default: false
submodules:
# see https://github.com/actions/checkout
default: 'false'
default: "false"
type: string
secrets:
DOCKER_HUB_USERNAME:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/mise-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ on:
default: false
submodules:
# see https://github.com/actions/checkout
default: 'false'
default: "false"
type: string
secrets:
DOCKER_HUB_USERNAME:
Expand Down
Loading