diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/ci.yml | 53 | ||||
| -rw-r--r-- | .github/workflows/cross-build.yml | 41 | ||||
| -rw-r--r-- | .github/workflows/lint.yml | 34 | ||||
| -rw-r--r-- | .github/workflows/release.yml | 40 | ||||
| -rw-r--r-- | .github/workflows/release_published.yml | 3 |
5 files changed, 85 insertions, 86 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba07419..ed83744 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,17 +18,22 @@ jobs: # Default is true, cancels jobs for other platforms in the matrix if one fails fail-fast: false matrix: - os: [ ubuntu-latest, macos-latest, windows-latest ] - go: [ '1.18', '1.20' ] + os: + - ubuntu-latest + - macos-latest + - windows-latest + go: + - '1.20' + - '1.21' include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.18' - GO_SEMVER: '~1.18.4' - - go: '1.20' - GO_SEMVER: '~1.20.0' + GO_SEMVER: '~1.20.6' + + - go: '1.21' + GO_SEMVER: '~1.21.0' # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing @@ -48,15 +53,15 @@ jobs: runs-on: ${{ matrix.os }} steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: ${{ matrix.GO_SEMVER }} check-latest: true - - name: Checkout code - uses: actions/checkout@v3 - # These tools would be useful if we later decide to reinvestigate # publishing test/coverage reports to some tool for easier consumption # - name: Install test and coverage analysis tools @@ -68,6 +73,7 @@ jobs: - name: Print Go version and environment id: vars + shell: bash run: | printf "Using go at: $(which go)\n" printf "Go version: $(go version)\n" @@ -79,23 +85,6 @@ jobs: # Calculate the short SHA1 hash of the git commit echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - name: Cache the build cache - uses: actions/cache@v3 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - # * Build cache (Mac) - # * Build cache (Windows) - path: | - ~/go/pkg/mod - ~/.cache/go-build - ~/Library/Caches/go-build - ~\AppData\Local\go-build - key: ${{ runner.os }}-${{ matrix.go }}-go-ci-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-${{ matrix.go }}-go-ci - - name: Get dependencies run: | go get -v -t -d ./... @@ -146,8 +135,8 @@ jobs: if: github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' continue-on-error: true # August 2020: s390x VM is down due to weather and power issues steps: - - name: Checkout code into the Go module directory - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v4 - name: Run Tests run: | mkdir -p ~/.ssh && echo -e "${SSH_KEY//_/\\n}" > ~/.ssh/id_ecdsa && chmod og-rwx ~/.ssh/id_ecdsa @@ -172,10 +161,10 @@ jobs: goreleaser-check: runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v4 - - uses: goreleaser/goreleaser-action@v4 + - uses: goreleaser/goreleaser-action@v5 with: version: latest args: check diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index 8b5e429..497f39c 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -15,20 +15,35 @@ jobs: strategy: fail-fast: false matrix: - goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] - go: [ '1.20' ] + goos: + - 'android' + - 'linux' + - 'solaris' + - 'illumos' + - 'dragonfly' + - 'freebsd' + - 'openbsd' + - 'plan9' + - 'windows' + - 'darwin' + - 'netbsd' + go: + - '1.21' include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.20' - GO_SEMVER: '~1.20.0' + - go: '1.21' + GO_SEMVER: '~1.21.0' runs-on: ubuntu-latest continue-on-error: true steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: ${{ matrix.GO_SEMVER }} check-latest: true @@ -43,22 +58,6 @@ jobs: printf "\n\nSystem environment:\n\n" env - - name: Cache the build cache - uses: actions/cache@v3 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: cross-build-go${{ matrix.go }}-${{ matrix.goos }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - cross-build-go${{ matrix.go }}-${{ matrix.goos }} - - - name: Checkout code into the Go module directory - uses: actions/checkout@v3 - - name: Run Build env: CGO_ENABLED: 0 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7e56afc..e636e07 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -17,25 +17,45 @@ jobs: # From https://github.com/golangci/golangci-lint-action golangci: permissions: - contents: read # for actions/checkout to fetch code - pull-requests: read # for golangci/golangci-lint-action to fetch pull requests + contents: read # for actions/checkout to fetch code + pull-requests: read # for golangci/golangci-lint-action to fetch pull requests name: lint strategy: matrix: - os: [ubuntu-latest, macos-latest, windows-latest] + os: + - ubuntu-latest + - macos-latest + - windows-latest runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 with: - go-version: '~1.18.4' + go-version: '~1.21.0' check-latest: true + # Workaround for https://github.com/golangci/golangci-lint-action/issues/135 + skip-pkg-cache: true + - name: golangci-lint uses: golangci/golangci-lint-action@v3 with: - version: v1.50 + version: v1.54 + + # Workaround for https://github.com/golangci/golangci-lint-action/issues/135 + skip-pkg-cache: true + # Windows times out frequently after about 5m50s if we don't set a longer timeout. args: --timeout 10m + # Optional: show only new issues if it's a pull request. The default value is `false`. # only-new-issues: true + + govulncheck: + runs-on: ubuntu-latest + steps: + - name: govulncheck + uses: golang/govulncheck-action@v1 + with: + go-version-input: '~1.21.0' + check-latest: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d8ea96b..184662f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,14 +10,16 @@ jobs: name: Release strategy: matrix: - os: [ ubuntu-latest ] - go: [ '1.20' ] + os: + - ubuntu-latest + go: + - '1.21' include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.20' - GO_SEMVER: '~1.20.0' + - go: '1.21' + GO_SEMVER: '~1.21.0' runs-on: ${{ matrix.os }} # https://github.com/sigstore/cosign/issues/1258#issuecomment-1002251233 @@ -29,19 +31,19 @@ jobs: contents: write steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Install Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: ${{ matrix.GO_SEMVER }} check-latest: true - - name: Checkout code - uses: actions/checkout@v3 - with: - fetch-depth: 0 - # Force fetch upstream tags -- because 65 minutes - # tl;dr: actions/checkout@v3 runs this line: + # tl;dr: actions/checkout@v4 runs this line: # git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +ebc278ec98bb24f2852b61fde2a9bf2e3d83818b:refs/tags/ # which makes its own local lightweight tag, losing all the annotations in the process. Our earlier script ran: # git fetch --prune --unshallow @@ -94,18 +96,6 @@ jobs: # tags are only accepted if signed by Matt's key git verify-tag "${{ steps.vars.outputs.version_tag }}" || exit 1 - - name: Cache the build cache - uses: actions/cache@v3 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go${{ matrix.go }}-release-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go${{ matrix.go }}-release - name: Install Cosign uses: sigstore/cosign-installer@main - name: Cosign version @@ -116,10 +106,10 @@ jobs: run: syft version # GoReleaser will take care of publishing those artifacts into the release - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v4 + uses: goreleaser/goreleaser-action@v5 with: version: latest - args: release --rm-dist --timeout 60m + args: release --clean --timeout 60m env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAG: ${{ steps.vars.outputs.version_tag }} diff --git a/.github/workflows/release_published.yml b/.github/workflows/release_published.yml index 7736e85..f304888 100644 --- a/.github/workflows/release_published.yml +++ b/.github/workflows/release_published.yml @@ -10,7 +10,8 @@ jobs: name: Release Published strategy: matrix: - os: [ ubuntu-latest ] + os: + - ubuntu-latest runs-on: ${{ matrix.os }} steps: |