Skip to content

Go: Bump golang.org/x/crypto from 0.21.0 to 0.31.0 #555

Go: Bump golang.org/x/crypto from 0.21.0 to 0.31.0

Go: Bump golang.org/x/crypto from 0.21.0 to 0.31.0 #555

name: check-generated-files
on:
# pull_request_target needed to be able to commit and push bundle diffs to external fork PRs.
# But we included a manual authorization safeguard to prevent PWN requests. See the 'authorize' job below.
pull_request_target:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.number }}
cancel-in-progress: true
jobs:
authorize:
# The 'external' environment is configured with the odo-maintainers team as required reviewers.
# All the subsequent jobs in this workflow 'need' this job, which will require manual approval for PRs coming from external forks.
# TODO(rm3l): list of authorized users that do not require manual review comes from the maintainers team and various robot accounts that handle automation in the repo => find a better way not to hardcode this list!
environment:
${{ (github.event.pull_request.head.repo.full_name == github.repository ||
contains(fromJSON('["odo-robot[bot]", "dependabot[bot]", "openshift-ci[bot]", "openshift-merge-robot", "openshift-ci-robot", "kadel", "rm3l"]'), github.actor)) &&
'internal' || 'external' }}
runs-on: ubuntu-latest
steps:
- run: echo ✓
check-ui-static-files:
needs: authorize
runs-on: ubuntu-22.04
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
repository: ${{github.event.pull_request.head.repo.full_name}}
ref: ${{ github.event.pull_request.head.ref }}
- name: Generate static files for UI
run: make ui-static
- name: Copy embedded files to Go sources
run: make prebuild
- name: Verify Changed files
uses: tj-actions/verify-changed-files@eb6d385c0e52fb28e2f6b70e15c835cb3cbfff17
id: verify-changed-files
- name: Some files have changed
if: ${{ !cancelled() && steps.verify-changed-files.outputs.files_changed == 'true' }}
run: |
echo "::warning Changed files: ${{ steps.verify-changed-files.outputs.changed_files }} -- Regenerating with make ui-static / make prebuild"
git config user.name 'github-actions[bot]'
git config user.email 'github-actions[bot]@users.noreply.github.com'
git fetch --prune
git pull --rebase --autostash
git add -A .
git commit \
-m "Regenerate static UI files" \
-m "Co-authored-by: $GITHUB_ACTOR <$GITHUB_ACTOR@users.noreply.github.com>"
git push
- name: Comment on PR if bundle manifests were updated
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
if: ${{ !cancelled() && steps.verify-changed-files.outputs.files_changed == 'true' }}
continue-on-error: true
with:
script: |
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '⚠️ <b>Static UI files regenerated!</b><br/><br/>Those changes should have been pushed automatically to your PR branch.'
})