Bump github.com/alecthomas/kingpin/v2 from 2.3.2 to 2.4.0 #62
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
pull_request_target: | |
types: | |
- closed | |
branches: | |
- master | |
- main | |
concurrency: | |
group: ${{ github.workflow }} | |
cancel-in-progress: false | |
permissions: | |
contents: write | |
packages: write | |
security-events: write | |
env: | |
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} | |
PULL_REQUEST_BRANCH: ${{ github.head_ref }} | |
BRANCH: ${{ github.event.pull_request.head.ref }} | |
REGISTRY: ghcr.io | |
IMAGE_NAME: "ghcr.io/${{ github.repository }}" | |
RELEASE: true | |
jobs: | |
config: | |
if: github.triggering_actor != 'dependabot[bot]' && github.event.pull_request.merged == true | |
runs-on: ubuntu-latest | |
outputs: | |
go-version: ${{ fromJson(steps.config.outputs.config).go-version }} | |
deploy-pull-request: ${{ fromJson(steps.config.outputs.config).deploy.pull-request }} | |
deploy-sign-docker-image: ${{ fromJson(steps.config.outputs.config).deploy.sign-docker-image }} | |
deploy-pre-release-matrix: ${{ steps.pre-release-matrix.outputs.matrix }} | |
deploy-release-matrix: ${{ steps.release-matrix.outputs.matrix }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Read config | |
id: config | |
run: echo "config=$(jq -M -c '.' ./.github/workflow-config.json)" >> $GITHUB_OUTPUT | |
- name: List Pre-release profiles | |
id: deploy-pr-images-profiles | |
run: echo "profiles=$(jq -c -M '.deploy."pull-request-images"' .github/workflow-config.json)" >> $GITHUB_OUTPUT | |
- name: Deploy pre-release matrix | |
id: pre-release-matrix | |
run: echo 'matrix={"include":${{ steps.deploy-pr-images-profiles.outputs.profiles }} }' >> $GITHUB_OUTPUT | |
- name: List release profiles | |
id: deploy-images-profiles | |
run: echo "profiles=$(jq -c -M '.deploy."release-images"' .github/workflow-config.json)" >> $GITHUB_OUTPUT | |
- name: Deploy release matrix | |
id: release-matrix | |
run: echo 'matrix={"include":${{ steps.deploy-images-profiles.outputs.profiles }} }' >> $GITHUB_OUTPUT | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- config | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Golang | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ needs.config.outputs.go-version }} | |
- name: Get makefile versions | |
id: version | |
run: | | |
version=$(make version) | |
echo "version=$version" >> $GITHUB_OUTPUT | |
- name: Setup Golang cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Build artifact | |
run: make go-build | |
- name: Run test | |
run: make go-test | |
- name: Go lint | |
continue-on-error: true | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
args: --issues-exit-code=0 | |
skip-pkg-cache: true | |
skip-build-cache: true | |
- name: Package artifact | |
run: | | |
mv dist/*.tar.gz application.tar.gz | |
- name: Upload build output | |
uses: actions/upload-artifact@v3 | |
with: | |
name: application | |
path: "./application.tar.gz" | |
- name: Upload test coverage | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test-coverage | |
path: "./test-coverage.out" | |
release: | |
runs-on: ubuntu-latest | |
needs: | |
- config | |
- build | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set releasw version | |
id: version | |
run: echo "version=${{ needs.build.outputs.version }}" >> $GITHUB_OUTPUT | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: application | |
path: "." | |
- name: Rename artifact | |
run: mv application.tar.gz ${{ github.event.repository.name }}.tar.gz | |
- name: Create release | |
uses: softprops/action-gh-release@v1 | |
id: create-release | |
with: | |
name: Release ${{ steps.version.outputs.version }} | |
tag_name: ${{ steps.version.outputs.version }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
body: ${{ steps.changelog.outputs.changelog }} | |
files: | | |
./${{ github.event.repository.name }}.tar.gz | |
draft: false | |
prerelease: false | |
generate_release_notes: true | |
deploy: | |
name: deploy-[${{ matrix.name }}] | |
runs-on: ubuntu-latest | |
strategy: | |
max-parallel: 1 | |
matrix: ${{ fromJson(needs.config.outputs.deploy-release-matrix) }} | |
if: ${{ !failure() && needs.release.result == 'success' && needs.config.outputs.deploy-pull-request == 'true' }} | |
needs: | |
- config | |
- build | |
- release | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Build image | |
id: docker-meta | |
env: | |
VERSION: "${{ needs.release.outputs.version }}" | |
run: | | |
make ${{ matrix.name }}-image | |
TAG_SUFFIX=$(echo "-${{ matrix.name }}" | sed s/-ubuntu//) | |
echo "image-id=$IMAGE_NAME" >> $GITHUB_OUTPUT | |
echo "image-version=${VERSION}${TAG_SUFFIX}" >> $GITHUB_OUTPUT | |
- name: Log in to registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${{ env.REGISTRY }} -u $ --password-stdin | |
- name: Push image | |
env: | |
VERSION: "${{ needs.release.outputs.version }}" | |
run: | | |
make push-${{ matrix.name }}-image | |
- name: Setup cosign | |
if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' }} | |
uses: sigstore/cosign-installer@main | |
- name: Write signing key to disk (only needed for `cosign sign --key`) | |
if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' }} | |
continue-on-error: true | |
run: echo "${{ secrets.SIGNING_SECRET }}" > cosign.key | |
- name: Sign the published Docker image | |
if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' }} | |
continue-on-error: true | |
env: | |
COSIGN_PASSWORD: "" | |
VERSION: "${{ needs.release.outputs.version }}" | |
run: make sign-${{ matrix.name }}-image | |
- name: Container scan | |
uses: aquasecurity/trivy-action@0.8.0 | |
env: | |
image-ref: "${{ steps.docker-meta.outputs.image-id }}:${{ steps.docker-meta.outputs.image-version }}" | |
with: | |
image-ref: "${{ env.image-ref }}" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
severity: "CRITICAL,HIGH" | |
format: "sarif" | |
output: "trivy-results.sarif" | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: "trivy-results.sarif" | |
category: trivy-${{ matrix.name }} |