Bump nanoid and mocha (#285)

* Bump nanoid and mocha Bumps [nanoid](https://github.com/ai/nanoid) to 3.3.8 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `nanoid` from 3.3.4 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.4...3.3.8) Updates `mocha` from 10.2.0 to 10.8.2 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md) - [Commits](mochajs/mocha@v10.2.0...v10.8.2) --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect - dependency-name: mocha dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> * fixup push action --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Phillip Wirth <[email protected]>
hpi-schul-cloud · Feb 20, 2025 · 7deb0b7 · 7deb0b7
1 parent 37cc76b
commit 7deb0b7
Show file tree

Hide file tree

Showing 3 changed files with 164 additions and 217 deletions.
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -24,6 +24,8 @@ jobs:
       contains(github.event.issue.labels.*.name, 'ready-for-ci') == 'true') ||
       github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
+    needs:
+      - branch_meta
     permissions:
       packages: write
     steps:
@@ -46,7 +48,7 @@ jobs:
 
       - name: test image exists
         run: |
-         echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ github.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
+         echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
 
       - name: Set up Docker Buildx
         if: ${{ env.IMAGE_EXISTS == 0 }}
@@ -63,7 +65,7 @@ jobs:
           platforms: linux/amd64
           push: true
           pull: true
-          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
+          tags: ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}
           labels: ${{ steps.docker_meta_img.outputs.labels }}
 
   branch_meta:
@@ -79,7 +81,7 @@ jobs:
           PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
           PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
           BRANCH_REF_NAME: ${{ github.ref_name}}
-          BRANCH_SHA: ${{ github.sha }}
+          BRANCH_SHA: ${{ needs.branch_meta.outputs.sha }}
         run: |
           if [ "${{ github.event_name }}" == 'pull_request' ]; then
             echo "branch=$PR_HEAD_REF" >> $GITHUB_OUTPUT
@@ -127,7 +129,7 @@ jobs:
       - name: run trivy vulnerability scanner
         uses: aquasecurity/[email protected]
         with:
-          image-ref: 'ghcr.io/${{ github.repository }}:${{ github.sha }}'
+          image-ref: 'ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}'
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'