Bump golang from 1.22.4-alpine to 1.23.0-alpine #2090
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| push: | |
| pull_request: | |
| types: [ opened, reopened ] | |
| jobs: | |
| golang: | |
| name: Go CI | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.17 | |
| - uses: innovationnorway/setup-vault@v1.0.3 | |
| with: | |
| version: '1.5.2' | |
| - name: Check out code | |
| uses: actions/checkout@v4.1.6 | |
| with: | |
| submodules: recursive | |
| - uses: actions/cache@v4.0.1 | |
| id: go-mod-cache | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Get dependencies | |
| run: go mod download | |
| - name: Lint | |
| run: | | |
| result=$(make lint) | |
| echo "$result" | |
| [ -n "$(echo "$result" | grep 'diff -u')" ] && exit 1 || exit 0 | |
| - name: Build | |
| run: make build | |
| - name: Build sandbox | |
| run: | | |
| (cd notary ; make cross) | |
| docker-compose -f notary/docker-compose.sandbox.yml build | |
| - name: Run sandbox | |
| run: docker-compose -f notary/docker-compose.sandbox.yml up -d | |
| - name: Wait for notary server to be ready | |
| run: | | |
| health_check=https://localhost:4443/_notary_server/health | |
| while [[ "$(curl --insecure -sLSo /dev/null -w ''%{http_code}'' ${health_check})" != "200" ]]; \ | |
| do echo "Waiting for ${health_check}" && sleep 1; \ | |
| done | |
| echo 'OK!' | |
| curl -X GET -sIL --insecure ${health_check} | |
| - name: Test and Cover | |
| run: go test -v -race -count=1 -covermode=atomic -coverprofile=coverage.out ./... | |
| - name: Upload Code Coverage | |
| uses: codecov/codecov-action@v4.4.1 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./coverage.out | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: true | |
| verbose: true | |
| - name: Shutdown sandbox | |
| run: docker-compose -f notary/docker-compose.sandbox.yml down | |
| nodejs: | |
| name: NodeJS CI | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| node-version: [16.x] | |
| fail-fast: true | |
| env: | |
| CI: true | |
| steps: | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Check out code | |
| uses: actions/checkout@v4.1.6 | |
| - name: Get yarn cache directory path | |
| id: yarn-cache-dir-path | |
| run: echo "::set-output name=dir::$(yarn cache dir)" | |
| - uses: actions/cache@v4.0.1 | |
| id: yarn-cache | |
| with: | |
| path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
| key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-yarn- | |
| - name: Install Dependencies | |
| working-directory: web | |
| run: yarn | |
| - name: Build local packages | |
| working-directory: web | |
| run: yarn build | |
| - name: Test and coverage | |
| working-directory: web | |
| run: yarn test --coverage | |
| - name: Upload Code Coverage | |
| uses: codecov/codecov-action@v4.4.1 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./web/coverage/clover.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: true | |
| verbose: true | |
| release: | |
| name: Release artifacts | |
| needs: [golang, nodejs] | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4.1.6 | |
| with: | |
| fetch-depth: 0 | |
| submodules: recursive | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.17 | |
| - name: Login to Docker Registries | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin | |
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Release ${{ (!startsWith(github.ref, 'refs/tags/') && 'snapshot') || '' }} | |
| uses: goreleaser/goreleaser-action@v3 | |
| with: | |
| version: latest | |
| args: release --rm-dist ${{ (!startsWith(github.ref, 'refs/tags/') && '--snapshot') || '' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Release Docker dctna-web | |
| run: | | |
| make dockerize-web | |
| if [ "${{ startsWith(github.ref, 'refs/tags/') }}" == 'true' ] ; then | |
| make docker-publish-web | |
| fi | |
| - name: Logout from Docker Registries | |
| if: ${{ always() }} | |
| run: | | |
| docker logout | |
| docker logout ghcr.io | |
| provenance: | |
| name: Generate provenance | |
| runs-on: ubuntu-20.04 | |
| needs: [release] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Generate provenance for release | |
| uses: philips-labs/slsa-provenance-action@v0.9.0 | |
| with: | |
| command: generate | |
| subcommand: github-release | |
| arguments: --artifact-path release-assets --output-path provenance.json --tag-name ${{ github.ref_name }} | |
| env: | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" |