From d6ba6de7e2019bbaad6eb5c97371c6dee7759a60 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 19 Feb 2025 03:34:55 +0000 Subject: [PATCH] add Renovate and custom workflow files --- .github/pull_request_template.md | 3 - .github/workflows/anchore-analysis.yml | 131 ----------- .../gradle-dependency-submission.yml | 22 ++ .github/workflows/main.yml | 220 ------------------ .github/workflows/scorecard.yml | 71 ------ .github/workflows/sync-fork.yml | 89 +++++++ .github/workflows/testWithOldMongo.yml | 60 ----- .../trivy-dependencies-submission.yml | 27 +++ .github/workflows/verify_copyright.yml | 21 -- .gitignore | 166 ------------- renovate.json | 64 ----- renovate.json5 | 12 + 12 files changed, 150 insertions(+), 736 deletions(-) delete mode 100644 .github/pull_request_template.md delete mode 100644 .github/workflows/anchore-analysis.yml create mode 100644 .github/workflows/gradle-dependency-submission.yml delete mode 100644 .github/workflows/main.yml delete mode 100644 .github/workflows/scorecard.yml create mode 100644 .github/workflows/sync-fork.yml delete mode 100644 .github/workflows/testWithOldMongo.yml create mode 100644 .github/workflows/trivy-dependencies-submission.yml delete mode 100644 .github/workflows/verify_copyright.yml delete mode 100755 .gitignore delete mode 100644 renovate.json create mode 100644 renovate.json5 diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md deleted file mode 100644 index 81a4435e85..0000000000 --- a/.github/pull_request_template.md +++ /dev/null @@ -1,3 +0,0 @@ -- In release notes : - - In chapter : Features Bugs Tasks - - Text : #xxx ... \ No newline at end of file diff --git a/.github/workflows/anchore-analysis.yml b/.github/workflows/anchore-analysis.yml deleted file mode 100644 index ac58f561b2..0000000000 --- a/.github/workflows/anchore-analysis.yml +++ /dev/null @@ -1,131 +0,0 @@ - -name: Anchore Container Scan - -on: - schedule: - # launch analysis every day on develop (shall be launch after snapshot build) - - cron: '0 1 * * *' - workflow_dispatch: - -permissions: - contents: read - -jobs: - Anchore-Build-Scan: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - runs-on: ubuntu-latest - steps: - - name: Checkout the code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Pull docker images - run: | - docker pull lfeoperatorfabric/of-cards-consultation-service:SNAPSHOT - docker pull lfeoperatorfabric/of-cards-publication-service:SNAPSHOT - docker pull lfeoperatorfabric/of-users-service:SNAPSHOT - docker pull lfeoperatorfabric/of-businessconfig-service:SNAPSHOT - docker pull lfeoperatorfabric/of-external-devices-service:SNAPSHOT - docker pull lfeoperatorfabric/of-cards-external-diffusion-service:SNAPSHOT - docker pull lfeoperatorfabric/of-cards-reminder:SNAPSHOT - docker pull lfeoperatorfabric/of-supervisor:SNAPSHOT - docker pull lfeoperatorfabric/of-web-ui:SNAPSHOT - - name: Analyse card consultation - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 - id: scan-cards-consultation - with: - image: "lfeoperatorfabric/of-cards-consultation-service:SNAPSHOT" - fail-build: false - - name: Upload Anchore Scan Report for cards-consultation - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: ${{ steps.scan-cards-consultation.outputs.sarif }} - category: consultation - - name: Analyse card publication - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 - id: scan-cards-publication - with: - image: "lfeoperatorfabric/of-cards-publication-service:SNAPSHOT" - fail-build: false - - name: Upload Anchore Scan Report for cards-publication - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: ${{ steps.scan-cards-publication.outputs.sarif }} - category: publication - - name: Analyse users - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 - id: scan-users - with: - image: "lfeoperatorfabric/of-users-service:SNAPSHOT" - fail-build: false - - name: Upload Anchore Scan Report for users - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: ${{ steps.scan-users.outputs.sarif }} - category: users - - name: Analyse businessConfig - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 - id: scan-businessconfig - with: - image: "lfeoperatorfabric/of-businessconfig-service:SNAPSHOT" - fail-build: false - - name: Upload Anchore Scan Report for businessConfig - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: ${{ steps.scan-businessconfig.outputs.sarif }} - category: businessconfig - - name: Analyse external-devices - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 - id: scan-external-devices - with: - image: "lfeoperatorfabric/of-external-devices-service:SNAPSHOT" - fail-build: false - - name: Upload Anchore Scan Report for external devices - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: ${{ steps.scan-external-devices.outputs.sarif }} - category: external-devices - - name: Analyse web-ui - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 - id: scan-web-ui - with: - image: "lfeoperatorfabric/of-web-ui:SNAPSHOT" - fail-build: false - - name: Upload Anchore Scan Report for web-ui - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: ${{ steps.scan-web-ui.outputs.sarif }} - category: web-ui - - name: Analyse external-diffusion - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 - id: scan-cards-external-diffusion - with: - image: "lfeoperatorfabric/of-cards-external-diffusion-service:SNAPSHOT" - fail-build: false - - name: Upload Anchore Scan Report for external-diffusion - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: ${{ steps.scan-cards-external-diffusion.outputs.sarif }} - category: external-diffusion - - name: Analyse cards reminder - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 - id: scan-cards-reminder - with: - image: "lfeoperatorfabric/of-cards-reminder:SNAPSHOT" - fail-build: false - - name: Upload Anchore Scan Report for cards-reminder - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: ${{ steps.scan-cards-reminder.outputs.sarif }} - category: cards-reminder - - name: Analyse supervisor - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 - id: scan-supervisor - with: - image: "lfeoperatorfabric/of-supervisor:SNAPSHOT" - fail-build: false - - name: Upload Anchore Scan Report for supervisor - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: ${{ steps.scan-supervisor.outputs.sarif }} - category: supervisor diff --git a/.github/workflows/gradle-dependency-submission.yml b/.github/workflows/gradle-dependency-submission.yml new file mode 100644 index 0000000000..32fd9ed7c3 --- /dev/null +++ b/.github/workflows/gradle-dependency-submission.yml @@ -0,0 +1,22 @@ +name: Gradle SBOM upload + +on: + workflow_dispatch: {} + schedule: + - cron: "0 10 */5 * *" # Run every fifth day at 10 AM UTC + +permissions: + contents: write + +jobs: + SBOM-upload: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 17 + - name: Generate and submit dependency graph + uses: gradle/actions/dependency-submission@v3 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index d92897292d..0000000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,220 +0,0 @@ - -name: CI - -on: - push: - pull_request: - schedule: - # launch a build every day on develop - - cron: '0 22 * * *' - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - inputs: - build: - description: 'Build' - required: false - default: 'true' - karate: - description: 'Karate tests' - required: false - default: 'true' - cypress: - description: 'Cypress Tests' - required: false - default: 'true' - cypressTestFiles: - description: 'Cypress Test files' - required: false - default: '*' - gatling: - description: 'Load tests' - required: false - default: 'false' - doc: - description: 'Build and publish documentation ' - required: false - default: 'false' - docLatest: - description: 'Build and publish documentation - Latest' - required: false - default: 'false' - dockerPush: - description: 'Docker push' - required: false - default: 'false' - dockerPushLatest: - description: 'Docker push - Latest' - required: false - default: 'false' -permissions: read-all -jobs: - build: - runs-on: ubuntu-latest - if: ${{ github.event.inputs.dockerPush != 'true' && github.event.inputs.dockerPushLatest != 'true' && github.event.inputs.doc != 'true' && github.event.inputs.docLatest != 'true' && github.event_name != 'schedule' }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Job status - env: - EVENT_NAME: ${{ github.event_name }} - REF_NAME: ${{ github.ref_name }} - HEAD_REF: ${{ github.head_ref }} - BASE_REF: ${{ github.base_ref }} - run: | - echo "----------------------------" - echo "Trigger by : $EVENT_NAME" - echo "On branch : $REF_NAME " - echo "PR source branch : $HEAD_REF " - echo "PR target branch : $BASE_REF " - echo "---------------------------" - - name: Cache Gradle packages - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - with: - path: | - ~/.gradle/caches - ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-${{ hashFiles('gradle.properties','**/*.gradle') }} - restore-keys: ${{ runner.os }}-gradle - - # Install all required tools - - name: Install - run: ./CICD/github/install.sh - - - name: Build - if: ${{ github.event.inputs.build == 'true' || github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push'}} - # build.sh set variable for sdk, nvm and gradle - # if variable is set in install step it is not accessible in this step - run: ./CICD/github/build.sh - env: - # SonarCloud access token should be generated from https://sonarcloud.io/account/security/ - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - - name: Karate tests - if: ${{ github.event.inputs.karate == 'true' || github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' }} - run: ./CICD/github/launch_karate_tests.sh - - - name: Cypress tests - if: ${{ github.event.inputs.cypress == 'true' || github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' }} - run: ./CICD/github/launch_cypress_tests.sh ${{ github.event.inputs.cypressTestFiles }} - - - name: Upload cypress screenshots and logs - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - if: failure() - with: - name: cypress-screenshots - path: | - src/test/cypress/cypress/screenshots - opfab.log - - name: Load tests - if: ${{ github.event.inputs.gatling == 'true' || github.event_name == 'schedule' }} - run: ./CICD/github/launch_load_tests.sh - publish: - runs-on: ubuntu-latest - environment: publishVersion - permissions: - contents: write - if: ${{ github.event.inputs.dockerPush == 'true' || github.event.inputs.dockerPushLatest == 'true' || github.event.inputs.doc == 'true' || github.event.inputs.docLatest == 'true' || github.event_name == 'schedule' }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Job status - env: - EVENT_NAME: ${{ github.event_name }} - REF_NAME: ${{ github.ref_name }} - HEAD_REF: ${{ github.head_ref }} - BASE_REF: ${{ github.base_ref }} - run: | - echo "----------------------------" - echo "Trigger by : $EVENT_NAME" - echo "On branch : $REF_NAME " - echo "PR source branch : $HEAD_REF " - echo "PR target branch : $BASE_REF " - echo "---------------------------" - - name: Cache Gradle packages - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - with: - path: | - ~/.gradle/caches - ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-${{ hashFiles('gradle.properties','**/*.gradle') }} - restore-keys: ${{ runner.os }}-gradle - - # Install all required tools - - name: Install - run: ./CICD/github/install.sh - - - name: Build - if: ${{ github.event.inputs.build == 'true' || github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push'}} - # set variable in this step (sdk, nvm et gradle) - # if variable is set in install step it is not accessible in this step - run: ./CICD/github/build.sh - env: - # SonarCloud access token should be generated from https://sonarcloud.io/account/security/ - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - - name: Karate tests - if: ${{ github.event.inputs.karate == 'true' || github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' }} - run: ./CICD/github/launch_karate_tests.sh - - - name: Cypress tests - if: ${{ github.event.inputs.cypress == 'true' || github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' }} - run: ./CICD/github/launch_cypress_tests.sh - - - name: Upload cypress screenshots - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - if: failure() - with: - name: cypress-screenshots - path: src/test/cypress/cypress/screenshots - - - name: Load tests - if: ${{ github.event.inputs.gatling == 'true' || github.event_name == 'schedule' }} - run: ./CICD/github/launch_load_tests.sh - - - name : Publish Documentation - if : ${{ github.event.inputs.doc == 'true' || github.event_name == 'schedule'}} - run: | - source $HOME/.sdkman/bin/sdkman-init.sh; - export NVM_DIR="$HOME/.nvm" - [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm - [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion - source ./bin/load_environment_light.sh; - ./gradlew --build-cache generateSwaggerUI asciidoctor; - ./CICD/github/upload_doc.sh - env: - GH_DOC_TOKEN: ${{ secrets.GH_DOC_TOKEN}} - - - name : Publish Documentation (latest) - if : ${{ github.event.inputs.docLatest == 'true' }} - run: | - source $HOME/.sdkman/bin/sdkman-init.sh; - export NVM_DIR="$HOME/.nvm" - [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm - [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion - source ./bin/load_environment_light.sh; - ./gradlew --build-cache generateSwaggerUI asciidoctor; - ./CICD/github/upload_doc.sh --updateLatest true - env: - GH_DOC_TOKEN: ${{ secrets.GH_DOC_TOKEN}} - - - name : Push images to dockerhub - if: ${{ github.event.inputs.dockerPush == 'true' || github.event_name == 'schedule' }} - run: | - echo ${{ secrets.DOCKER_TOKEN }} | docker login --username opfabtravis --password-stdin - docker images --format "{{.Repository}}:{{.Tag}}" | grep lfe | while read image; do - echo push ${image} - docker push ${image} - done - - - name : Push images latest to dockerhub - if: ${{ github.event.inputs.dockerPushLatest == 'true' }} - run: | - echo ${{ secrets.DOCKER_TOKEN }} | docker login --username opfabtravis --password-stdin - docker images --format "{{.Repository}}:{{.Tag}}" | grep lfe | while read image; do - export repository=$(echo ${image} | cut -d ":" -f 1) - echo "create tag latest for ${repository}" - docker tag ${image} ${repository}:latest - docker push ${repository}:latest - done - diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml deleted file mode 100644 index 71962a5d2b..0000000000 --- a/.github/workflows/scorecard.yml +++ /dev/null @@ -1,71 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecard supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '28 5 * * *' - workflow_dispatch: - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read - - steps: - - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecard on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 - with: - sarif_file: results.sarif diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml new file mode 100644 index 0000000000..42ba380546 --- /dev/null +++ b/.github/workflows/sync-fork.yml @@ -0,0 +1,89 @@ +name: Sync fork + +on: + workflow_dispatch: {} + schedule: + - cron: "15 3 * * *" # Run every day at 3:15 UTC + +jobs: + sync: + runs-on: ubuntu-latest + steps: + - name: Checkout fork's default branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + path: "fork" + token: ${{ secrets.GH_PAT }} + - name: Checkout fork's configuration branch + uses: actions/checkout@v4 + with: + path: "configuration" + ref: "renovate-and-workflow-files" + token: ${{ secrets.GH_PAT }} + - name: Determine Upstream clone URL + id: upstream-repo-clone-url + uses: actions/github-script@v7 + with: + script: | + const { data } = await github.rest.repos.get({ + owner: context.repo.owner, + repo: context.repo.repo, + }); + if (data.fork) { + return data.parent.clone_url; + } else { + throw new Error('This repository is not a fork.'); + } + result-encoding: string + - name: Determine Upstream default branch + id: upstream-repo-default-branch + uses: actions/github-script@v7 + with: + script: | + const { data } = await github.rest.repos.get({ + owner: context.repo.owner, + repo: context.repo.repo, + }); + if (data.fork) { + return data.parent.default_branch; + } else { + throw new Error('This repository is not a fork.'); + } + result-encoding: string + - name: Sync fork with upstream + run: | + set -ex + cd fork + git config --global user.name "github-actions[bot]" + git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + git remote add upstream ${{ steps.upstream-repo-clone-url.outputs.result }} + git fetch upstream ${{ steps.upstream-repo-default-branch.outputs.result }} + UPSTREAM_MOST_RECENT_COMMIT_HASH=$(git log upstream/${{ steps.upstream-repo-default-branch.outputs.result }} -n 1 --format="%H") + PREVIOUS_SYNC_COMMIT_HASH=$(cat ../configuration/upstream_commit_hash) + if [ "$PREVIOUS_SYNC_COMMIT_HASH" = "$UPSTREAM_MOST_RECENT_COMMIT_HASH" ]; then + echo "No need to sync, already up-to-date" + exit 0 + fi + + git reset --hard upstream/${{ steps.upstream-repo-default-branch.outputs.result }} + # Enforce the usage of our own config (renovate.json5) + git rm renovate.json* || true + # Avoid problems where an existing .gitignore file would prevent committing our configuration files + git rm .gitignore || true + # Delete existing workflows, we don't need to run them in our fork + rm -rf .github || true + # Instead of using "cp -r", rsync allows us to exclude the .git directory + rsync -av --exclude '.git' ../configuration/ . + rm upstream_commit_hash + git add . + git commit -m "add Renovate and custom workflow files" + git push --force-with-lease + + cd ../configuration + # git config user.name "github-actions[bot]" + # git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + echo $UPSTREAM_MOST_RECENT_COMMIT_HASH > upstream_commit_hash + git add upstream_commit_hash + git commit -m "update commit hash to $UPSTREAM_MOST_RECENT_COMMIT_HASH" + git push diff --git a/.github/workflows/testWithOldMongo.yml b/.github/workflows/testWithOldMongo.yml deleted file mode 100644 index 2020cf34c9..0000000000 --- a/.github/workflows/testWithOldMongo.yml +++ /dev/null @@ -1,60 +0,0 @@ - -name: Test with old mongo version - -on: - schedule: - # launch a build every day on develop - - cron: '0 23 * * *' - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -permissions: read-all - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Job status - run: | - export OF_VERSION=$(