Bump github.com/sijms/go-ora/v2 from 2.7.17 to 2.7.22 / [dependabot[bot]] is testing from current repo 🚀 #110
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull request | |
run-name: "${{ github.event.pull_request.title }} / [${{ github.actor }}] is testing${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name && format(' from fork [{0}]', github.event.pull_request.head.repo.full_name) || format(' from current repo') }} 🚀" | |
on: | |
pull_request: | |
branches: | |
- main | |
- master | |
paths-ignore: | |
- ".github/**/*.yml" | |
- "**/*.md" | |
- "README.md" | |
permissions: | |
contents: write | |
packages: write | |
security-events: write | |
pull-requests: write | |
concurrency: | |
group: ${{ github.event.pull_request.head.repo.full_name }}-${{ github.head_ref }}/${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} | |
PULL_REQUEST_BRANCH: ${{ github.head_ref }} | |
PULL_REQUEST_HEAD: ${{ github.event.pull_request.head.sha }} | |
CONCURRENCY_GROUP: ${{ github.event.pull_request.head.repo.full_name }}-${{ github.head_ref }}/${{ github.ref }} | |
BRANCH: ${{ github.event.pull_request.head.ref }} | |
REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }} | |
REGISTRY: ghcr.io | |
IMAGE_NAME: "ghcr.io/${{ github.repository }}" | |
RELEASE: false | |
FORKED: ${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }} | |
jobs: | |
config: | |
if: github.triggering_actor != 'dependabot[bot]' | |
runs-on: ubuntu-latest | |
outputs: | |
go-version: ${{ fromJson(steps.config.outputs.config).go-version }} | |
deploy-pull-request: ${{ fromJson(steps.config.outputs.config).deploy.pull-request }} | |
deploy-sign-docker-image: ${{ fromJson(steps.config.outputs.config).deploy.sign-docker-image }} | |
deploy-pre-release-matrix: ${{ steps.pre-release-matrix.outputs.matrix }} | |
deploy-release-matrix: ${{ steps.release-matrix.outputs.matrix }} | |
is-forked: ${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.PULL_REQUEST_HEAD }} | |
- name: Read config | |
id: config | |
run: echo "config=$(jq -M -c '.' ./.github/workflow-config.json)" >> $GITHUB_OUTPUT | |
- name: List Pre-release profiles | |
id: deploy-pr-images-profiles | |
run: echo "profiles=$(jq -c -M '.deploy."pull-request-images"' .github/workflow-config.json)" >> $GITHUB_OUTPUT | |
- name: Deploy pre-release matrix | |
id: pre-release-matrix | |
run: echo 'matrix={"include":${{ steps.deploy-pr-images-profiles.outputs.profiles }} }' >> $GITHUB_OUTPUT | |
- name: List release profiles | |
id: deploy-images-profiles | |
run: echo "profiles=$(jq -c -M '.deploy."release-images"' .github/workflow-config.json)" >> $GITHUB_OUTPUT | |
- name: Deploy release matrix | |
id: release-matrix | |
run: echo 'matrix={"include":${{ steps.deploy-images-profiles.outputs.profiles }} }' >> $GITHUB_OUTPUT | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- config | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.PULL_REQUEST_HEAD }} | |
- name: Setup Golang | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ needs.config.outputs.go-version }} | |
- name: Get makefile versions | |
id: version | |
run: | | |
version=$(make version) | |
echo "version=$version" >> $GITHUB_OUTPUT | |
- name: Setup Golang cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Build artifact | |
run: make go-build | |
- name: Run test | |
run: make go-test | |
- name: Go lint | |
continue-on-error: true | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
args: --issues-exit-code=0 | |
skip-pkg-cache: true | |
skip-build-cache: true | |
- name: Package artifact | |
run: | | |
mv dist/*.tar.gz application.tar.gz | |
- name: Upload build output | |
uses: actions/upload-artifact@v3 | |
with: | |
name: application | |
path: "./application.tar.gz" | |
- name: Upload test coverage | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test-coverage | |
path: "./test-coverage.out" | |
release: | |
runs-on: ubuntu-latest | |
needs: | |
- config | |
- build | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.PULL_REQUEST_HEAD }} | |
- name: Set alpha version | |
id: version | |
run: echo "version=${{ needs.build.outputs.version }}-rc.pr-${{ env.PULL_REQUEST_NUMBER }}-${{ github.run_number }}" >> $GITHUB_OUTPUT | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: application | |
path: "." | |
- name: Rename artifact | |
run: mv application.tar.gz ${{ github.event.repository.name }}.tar.gz | |
- name: Create release | |
if: ${{ env.FORKED == 'false' }} | |
uses: softprops/action-gh-release@v1 | |
id: create-release | |
with: | |
name: Pre-release ${{ steps.version.outputs.version }} | |
tag_name: ${{ steps.version.outputs.version }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
body: ${{ steps.changelog.outputs.changelog }} | |
files: | | |
./${{ github.event.repository.name }}.tar.gz | |
draft: false | |
prerelease: true | |
generate_release_notes: true | |
deploy: | |
name: deploy-[${{ matrix.name }}] | |
runs-on: ubuntu-latest | |
strategy: | |
max-parallel: 1 | |
matrix: ${{ fromJson(needs.config.outputs.deploy-pre-release-matrix) }} | |
if: ${{ !failure() && needs.release.result == 'success' && needs.config.outputs.deploy-pull-request == 'true' }} | |
needs: | |
- config | |
- build | |
- release | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.PULL_REQUEST_HEAD }} | |
- name: Build image | |
id: docker-meta | |
env: | |
VERSION: "${{ needs.release.outputs.version }}" | |
run: | | |
make ${{ matrix.name }}-image | |
TAG_SUFFIX=$(echo "-${{ matrix.name }}" | sed s/-ubuntu//) | |
echo "image-id=$IMAGE_NAME" >> $GITHUB_OUTPUT | |
echo "image-version=${VERSION}${TAG_SUFFIX}" >> $GITHUB_OUTPUT | |
- name: Log in to registry | |
if: ${{ env.FORKED == 'false' }} | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${{ env.REGISTRY }} -u $ --password-stdin | |
- name: Push image | |
if: ${{ env.FORKED == 'false' }} | |
env: | |
VERSION: "${{ needs.release.outputs.version }}" | |
run: | | |
make push-${{ matrix.name }}-image | |
- name: Format current time | |
if: ${{ env.FORKED == 'false' }} | |
id: time_now | |
run: echo "time_now_formatted=$(date +'%Y-%m-%d %H:%M:%S')" >> "$GITHUB_OUTPUT" | |
- name: Find releases comment | |
if: ${{ env.FORKED == 'false' }} | |
uses: peter-evans/find-comment@v2 | |
id: find_comment | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-author: "github-actions[bot]" | |
body-includes: "Following docker image(s) have been created for this PR." | |
- name: Create releases comment | |
uses: peter-evans/create-or-update-comment@v2 | |
if: ${{ steps.find_comment.outputs.comment-id == '' && env.FORKED == 'false' }} | |
with: | |
comment-id: ${{ steps.find_comment.outputs.comment-id }} | |
issue-number: ${{ github.event.pull_request.number }} | |
edit-mode: replace | |
body: | | |
## Pull Request information | |
Following docker image(s) have been created for this PR. | |
| Time | Tag | | |
| --- | --- | | |
| ${{ steps.time_now.outputs.time_now_formatted }} | **${{ steps.docker-meta.outputs.image-version }}** | | |
- name: Append releases comment | |
uses: peter-evans/create-or-update-comment@v2 | |
if: ${{ steps.find_comment.outputs.comment-id != '' && env.FORKED == 'false' }} | |
with: | |
comment-id: ${{ steps.find_comment.outputs.comment-id }} | |
issue-number: ${{ github.event.pull_request.number }} | |
edit-mode: append | |
body: | | |
| ${{ steps.time_now.outputs.time_now_formatted }} | **${{ steps.docker-meta.outputs.image-version }}** | | |
- name: Setup cosign | |
if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' && env.FORKED == 'false' }} | |
uses: sigstore/cosign-installer@main | |
- name: Write signing key to disk (only needed for `cosign sign --key`) | |
if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' && env.FORKED == 'false' }} | |
continue-on-error: true | |
run: echo "${{ secrets.SIGNING_SECRET }}" > cosign.key | |
- name: Sign the published Docker image | |
if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' && env.FORKED == 'false' }} | |
continue-on-error: true | |
env: | |
COSIGN_PASSWORD: "" | |
VERSION: "${{ needs.release.outputs.version }}" | |
run: make sign-${{ matrix.name }}-image | |
- name: Container scan | |
uses: aquasecurity/trivy-action@0.8.0 | |
env: | |
image-ref: "${{ steps.docker-meta.outputs.image-id }}:${{ steps.docker-meta.outputs.image-version }}" | |
with: | |
image-ref: "${{ env.image-ref }}" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
severity: "CRITICAL,HIGH" | |
format: "sarif" | |
output: "trivy-results.sarif" | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: "trivy-results.sarif" | |
category: trivy-${{ matrix.name }} | |
comments: | |
runs-on: ubuntu-latest | |
if: ${{ needs.config.outputs.is-forked == 'false' }} | |
needs: | |
- config | |
- release | |
steps: | |
- name: Format current time | |
id: time_now | |
run: echo "time_now_formatted=$(date +'%Y-%m-%d %H:%M:%S')" >> "$GITHUB_OUTPUT" | |
- name: Find releases comment | |
uses: peter-evans/find-comment@v2 | |
id: find_comment | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-author: "github-actions[bot]" | |
body-includes: "Following release(s) have been created for this PR." | |
- name: Create releases comment | |
uses: peter-evans/create-or-update-comment@v2 | |
if: ${{ steps.find_comment.outputs.comment-id == '' }} | |
with: | |
comment-id: ${{ steps.find_comment.outputs.comment-id }} | |
issue-number: ${{ github.event.pull_request.number }} | |
edit-mode: replace | |
body: | | |
## Pull Request information | |
Following release(s) have been created for this PR. | |
| Time | Release | | |
| --- | --- | | |
| ${{ steps.time_now.outputs.time_now_formatted }} | **${{ needs.release.outputs.version }}** | | |
- name: Append releases comment | |
uses: peter-evans/create-or-update-comment@v2 | |
if: ${{ steps.find_comment.outputs.comment-id != '' }} | |
with: | |
comment-id: ${{ steps.find_comment.outputs.comment-id }} | |
issue-number: ${{ github.event.pull_request.number }} | |
edit-mode: append | |
body: | | |
| ${{ steps.time_now.outputs.time_now_formatted }} | **${{ needs.release.outputs.version }}** | |