fix: move ORT from actions to relevant workflows (#113)

* fix: move ORT from actions to relevant workflows * chore: fixate ORT version * chore: remove string to boolean hack * chore: update self dependencies * feat: add ort_version input variable --------- Co-authored-by: Vladislav Yatsun <[email protected]>
epam · Nov 18, 2024 · 4617dbb · 4617dbb
1 parent c32ebe4
commit 4617dbb
Show file tree

Hide file tree

Showing 16 changed files with 137 additions and 83 deletions.
diff --git a/.github/workflows/generic_docker_pr.yml b/.github/workflows/generic_docker_pr.yml
@@ -23,6 +23,10 @@ on:
         type: boolean
         default: false
         description: Do not fail pipeline if ORT scan failed
+      ort_version:
+        type: string
+        default: "latest"
+        description: ORT version to use
       enable_trivy:
         type: boolean
         default: true
@@ -44,14 +48,15 @@ jobs:
       bypass_style_checks: ${{ inputs.bypass_style_checks }}
       enable_ort: ${{ inputs.enable_ort }}
       bypass_ort: ${{ inputs.bypass_ort }}
+      ort_version: ${{ inputs.ort_version }}
 
   docker_build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           image_name: ghcr.io/${{ env.IMAGE_NAME }}
           image_tag: test

diff --git a/.github/workflows/generic_docker_release.yml b/.github/workflows/generic_docker_release.yml
@@ -31,6 +31,10 @@ on:
         type: boolean
         default: false
         description: Do not fail pipeline if ORT scan failed
+      ort_version:
+        type: string
+        default: "latest"
+        description: ORT version to use
       enable_trivy:
         type: boolean
         default: true
@@ -52,6 +56,7 @@ jobs:
       bypass_style_checks: ${{ inputs.bypass_style_checks }}
       enable_ort: ${{ inputs.enable_ort }}
       bypass_ort: ${{ inputs.bypass_ort }}
+      ort_version: ${{ inputs.ort_version }}
 
   calculate_version:
     runs-on: ubuntu-latest
@@ -60,7 +65,7 @@ jobs:
       is_latest: ${{ steps.semantic_versioning.outputs.is_latest }}
       latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }}
     steps:
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         id: semantic_versioning
 
   release:
@@ -73,14 +78,14 @@ jobs:
       - calculate_version
       - test
     steps:
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           latest_tag: ${{ needs.calculate_version.outputs.latest_tag }}
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
           token: ${{ secrets.ACTIONS_BOT_TOKEN }}
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           ghcr_username: ${{ github.actor }}
           ghcr_password: ${{ secrets.ACTIONS_BOT_TOKEN }}
@@ -97,7 +102,7 @@ jobs:
             ${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}}
             ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}}
             ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}}
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           tag_version: ${{ needs.calculate_version.outputs.next_version }}
           changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify
diff --git a/.github/workflows/generic_docker_test.yml b/.github/workflows/generic_docker_test.yml
@@ -23,6 +23,10 @@ on:
         type: boolean
         default: false
         description: Do not fail pipeline if ORT scan failed
+      ort_version:
+        type: string
+        default: "latest"
+        description: ORT version to use
 
 jobs:
   style_checks:
@@ -45,6 +49,10 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/ort@1.9.4
+      - uses: oss-review-toolkit/ort-ci-github-action@9acdf1e56f1b42972b12274ae56c35bf70a5f65b # v1.0.1
         with:
-          bypass_checks: ${{ inputs.bypass_checks || inputs.bypass_ort }}
+          image: "ghcr.io/oss-review-toolkit/ort:${{ inputs.ort_version }}"
+          allow-dynamic-versions: "true"
+          fail-on: "violations"
+          ort-cli-args: "-P ort.forceOverwrite=true --stacktrace"
+        continue-on-error: ${{ inputs.bypass_checks || inputs.bypass_ort }}
diff --git a/.github/workflows/java_pr.yml b/.github/workflows/java_pr.yml
@@ -31,6 +31,10 @@ on:
         type: boolean
         default: false
         description: Do not fail pipeline if ORT scan failed
+      ort_version:
+        type: string
+        default: "latest"
+        description: ORT version to use
       enable_trivy:
         type: boolean
         default: true
@@ -62,6 +66,7 @@ jobs:
       bypass_code_checks: ${{ inputs.bypass_code_checks }}
       enable_ort: ${{ inputs.enable_ort }}
       bypass_ort: ${{ inputs.bypass_ort }}
+      ort_version: ${{ inputs.ort_version }}
       java_version: ${{ inputs.java_version }}
       java_distribution: ${{ inputs.java_distribution }}
 
@@ -71,7 +76,7 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           java_version: ${{ inputs.java_version }}
           java_distribution: ${{ inputs.java_distribution }}
@@ -83,7 +88,7 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           image_name: ghcr.io/${{ env.IMAGE_NAME }}
           image_tag: test

diff --git a/.github/workflows/java_release.yml b/.github/workflows/java_release.yml
@@ -31,6 +31,10 @@ on:
         type: boolean
         default: false
         description: Do not fail pipeline if ORT scan failed
+      ort_version:
+        type: string
+        default: "latest"
+        description: ORT version to use
       enable_trivy:
         type: boolean
         default: true
@@ -62,6 +66,7 @@ jobs:
       bypass_code_checks: ${{ inputs.bypass_code_checks }}
       enable_ort: ${{ inputs.enable_ort }}
       bypass_ort: ${{ inputs.bypass_ort }}
+      ort_version: ${{ inputs.ort_version }}
       java_version: ${{ inputs.java_version }}
       java_distribution: ${{ inputs.java_distribution }}
 
@@ -72,7 +77,7 @@ jobs:
       is_latest: ${{ steps.semantic_versioning.outputs.is_latest }}
       latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }}
     steps:
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         id: semantic_versioning
 
   release:
@@ -85,22 +90,22 @@ jobs:
       - calculate_version
       - test
     steps:
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           latest_tag: ${{ needs.calculate_version.outputs.latest_tag }}
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
           token: ${{ secrets.ACTIONS_BOT_TOKEN }}
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           java_version: ${{ inputs.java_version }}
           java_distribution: ${{ inputs.java_distribution }}
       - name: Set version
         shell: bash
         run: |
           sed -i -E "s/^([ \t]*version[ \t]*=[ \t]*)[\"'].*[\"']/\1\"${{ needs.calculate_version.outputs.next_version }}\"/g" build.gradle
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           ghcr_username: ${{ github.actor }}
           ghcr_password: ${{ secrets.ACTIONS_BOT_TOKEN }}
@@ -117,7 +122,7 @@ jobs:
             ${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}}
             ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}}
             ${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}}
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           tag_version: ${{ needs.calculate_version.outputs.next_version }}
           changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify

diff --git a/.github/workflows/java_test.yml b/.github/workflows/java_test.yml
@@ -31,6 +31,10 @@ on:
         type: boolean
         default: false
         description: Do not fail pipeline if ORT scan failed
+      ort_version:
+        type: string
+        default: "latest"
+        description: ORT version to use
       java_version:
         type: string
         default: "17"
@@ -48,7 +52,7 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           java_version: ${{ inputs.java_version }}
           java_distribution: ${{ inputs.java_distribution }}
@@ -65,7 +69,7 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           java_version: ${{ inputs.java_version }}
           java_distribution: ${{ inputs.java_distribution }}
@@ -82,7 +86,10 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/ort@1.9.4
+      - uses: oss-review-toolkit/ort-ci-github-action@9acdf1e56f1b42972b12274ae56c35bf70a5f65b # v1.0.1
         with:
-          bypass_checks: ${{ inputs.bypass_checks || inputs.bypass_ort }}
-          cli_args: "-P ort.forceOverwrite=true --stacktrace -P ort.analyzer.enabledPackageManagers=Gradle"
+          image: "ghcr.io/oss-review-toolkit/ort:${{ inputs.ort_version }}"
+          allow-dynamic-versions: "true"
+          fail-on: "violations"
+          ort-cli-args: "-P ort.forceOverwrite=true --stacktrace -P ort.analyzer.enabledPackageManagers=Gradle"
+        continue-on-error: ${{ inputs.bypass_checks || inputs.bypass_ort }}
diff --git a/.github/workflows/node_pr.yml b/.github/workflows/node_pr.yml
@@ -39,6 +39,10 @@ on:
         type: boolean
         default: false
         description: Do not fail pipeline if ORT scan failed
+      ort_version:
+        type: string
+        default: "latest"
+        description: ORT version to use
       enable_trivy:
         type: boolean
         default: true
@@ -68,6 +72,7 @@ jobs:
       bypass_code_checks: ${{ inputs.bypass_code_checks }}
       enable_ort: ${{ inputs.enable_ort }}
       bypass_ort: ${{ inputs.bypass_ort }}
+      ort_version: ${{ inputs.ort_version }}
       node_version: ${{ inputs.node_version }}
 
   docker_build:
@@ -76,7 +81,7 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           image_name: ghcr.io/${{ env.IMAGE_NAME }}
           image_tag: test

diff --git a/.github/workflows/node_release.yml b/.github/workflows/node_release.yml
@@ -39,6 +39,10 @@ on:
         type: boolean
         default: false
         description: Do not fail pipeline if ORT scan failed
+      ort_version:
+        type: string
+        default: "latest"
+        description: ORT version to use
       enable_trivy:
         type: boolean
         default: true
@@ -72,6 +76,7 @@ jobs:
       bypass_code_checks: ${{ inputs.bypass_code_checks }}
       enable_ort: ${{ inputs.enable_ort }}
       bypass_ort: ${{ inputs.bypass_ort }}
+      ort_version: ${{ inputs.ort_version }}
       node_version: ${{ inputs.node_version }}
 
   calculate_version:
@@ -81,7 +86,7 @@ jobs:
       is_latest: ${{ steps.semantic_versioning.outputs.is_latest }}
       latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }}
     steps:
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         id: semantic_versioning
 
   release:
@@ -94,14 +99,14 @@ jobs:
       - calculate_version
       - test
     steps:
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           latest_tag: ${{ needs.calculate_version.outputs.latest_tag }}
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
           token: ${{ secrets.ACTIONS_BOT_TOKEN }}
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           node_version: ${{ inputs.node_version }}
           clean_install: true
@@ -110,7 +115,7 @@ jobs:
         shell: bash
         run: |
           npm version ${{ needs.calculate_version.outputs.next_version }} --no-git-tag-version || true # upstream branch may already be updated
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           ghcr_username: ${{ github.actor }}
           ghcr_password: ${{ secrets.ACTIONS_BOT_TOKEN }}
@@ -150,7 +155,7 @@ jobs:
           IS_LATEST: ${{ needs.calculate_version.outputs.is_latest == 'true' }}
           IS_DEVELOPMENT_BRANCH: ${{ github.ref == 'refs/heads/development' }}
           IS_RELEASE_BRANCH: ${{ startsWith(github.ref, 'refs/heads/release-') }}
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           tag_version: ${{ needs.calculate_version.outputs.next_version }}
           changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify

diff --git a/.github/workflows/node_test.yml b/.github/workflows/node_test.yml
@@ -39,6 +39,10 @@ on:
         type: boolean
         default: false
         description: Do not fail pipeline if ORT scan failed
+      ort_version:
+        type: string
+        default: "latest"
+        description: ORT version to use
       node_version:
         type: string
         default: "20"
@@ -52,7 +56,7 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           node_version: ${{ inputs.node_version }}
           clean_install: "true"
@@ -69,7 +73,7 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           node_version: ${{ inputs.node_version }}
           clean_install: "true"
@@ -86,7 +90,7 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/[email protected].4
+      - uses: epam/ai-dial-ci/actions/[email protected].5
         with:
           node_version: ${{ inputs.node_version }}
           clean_install: "true"
@@ -103,7 +107,10 @@ jobs:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           lfs: true
-      - uses: epam/ai-dial-ci/actions/ort@1.9.4
+      - uses: oss-review-toolkit/ort-ci-github-action@9acdf1e56f1b42972b12274ae56c35bf70a5f65b # v1.0.1
         with:
-          bypass_checks: ${{ inputs.bypass_checks || inputs.bypass_ort }}
-          cli_args: "-P ort.forceOverwrite=true --stacktrace -P ort.analyzer.enabledPackageManagers=NPM"
+          image: "ghcr.io/oss-review-toolkit/ort:${{ inputs.ort_version }}"
+          allow-dynamic-versions: "true"
+          fail-on: "violations"
+          ort-cli-args: "-P ort.forceOverwrite=true --stacktrace -P ort.analyzer.enabledPackageManagers=NPM"
+        continue-on-error: ${{ inputs.bypass_checks || inputs.bypass_ort }}