Bump golang.org/x/crypto from 0.43.0 to 0.45.0 #16
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: "Main" | |
| on: | |
| push: | |
| tags: ["*"] | |
| branches: ["*"] | |
| pull_request: | |
| branches: ["*"] | |
| workflow_dispatch: | |
| permissions: {} | |
| jobs: | |
| gofmt: | |
| name: "Run gofmt" | |
| runs-on: "ubuntu-latest" | |
| permissions: | |
| contents: "read" | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" | |
| - name: "Set up Go" | |
| uses: "actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00" | |
| with: | |
| go-version-file: "./go.mod" | |
| check-latest: true | |
| - name: "Run gofmt" | |
| run: | | |
| make gofmt | |
| gosec: | |
| name: "Run gosec" | |
| runs-on: "ubuntu-latest" | |
| permissions: | |
| actions: "read" | |
| contents: "read" | |
| security-events: "write" | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" | |
| - name: "Set up Go" | |
| uses: "actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00" | |
| with: | |
| go-version-file: "./go.mod" | |
| check-latest: true | |
| - name: "Install gosec" | |
| run: | | |
| go install github.com/securego/gosec/v2/cmd/gosec@latest | |
| - name: "Run gosec" | |
| run: | |
| make gosec | |
| staticcheck: | |
| name: "Run staticcheck" | |
| runs-on: "ubuntu-latest" | |
| permissions: | |
| contents: "read" | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" | |
| - name: "Set up Go" | |
| uses: "actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00" | |
| with: | |
| go-version-file: "./go.mod" | |
| check-latest: true | |
| - name: "Install staticcheck" | |
| run: | | |
| go install honnef.co/go/tools/cmd/staticcheck@latest | |
| - name: "Run staticcheck" | |
| run: | | |
| make staticcheck | |
| test: | |
| name: "Test on ${{ matrix.os }}" | |
| needs: ["gofmt", "gosec", "staticcheck"] | |
| runs-on: "${{ matrix.os }}" | |
| permissions: | |
| contents: "read" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: ["ubuntu-latest", "windows-latest", "macos-latest"] | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" | |
| - name: "Set up Go" | |
| uses: "actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00" | |
| with: | |
| go-version-file: "./go.mod" | |
| check-latest: true | |
| - name: "Test" | |
| run: | | |
| make test | |
| - name: "Test (race)" | |
| run: | | |
| make test-race | |
| build: | |
| name: >- | |
| Build for | |
| ${{ matrix.go.GOOS }}-${{ matrix.go.GOARCH }} | |
| ${{ matrix.go.GOARM != '' && format('v{0}', matrix.go.GOARM) || '' }} | |
| needs: ["test"] | |
| runs-on: "ubuntu-latest" | |
| permissions: | |
| attestations: "write" | |
| contents: "read" | |
| id-token: "write" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go: | |
| - { GOOS: "linux", GOARCH: "amd64" } | |
| - { GOOS: "linux", GOARCH: "arm64" } | |
| - { GOOS: "linux", GOARCH: "arm", GOARM: "7" } | |
| - { GOOS: "linux", GOARCH: "arm", GOARM: "6" } | |
| - { GOOS: "linux", GOARCH: "riscv64" } | |
| - { GOOS: "linux", GOARCH: "ppc64le" } | |
| - { GOOS: "linux", GOARCH: "s390x" } | |
| - { GOOS: "windows", GOARCH: "amd64" } | |
| - { GOOS: "windows", GOARCH: "arm64" } | |
| - { GOOS: "darwin", GOARCH: "amd64" } | |
| - { GOOS: "darwin", GOARCH: "arm64" } | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" | |
| with: | |
| filter: "blob:none" | |
| fetch-depth: 0 | |
| - name: "Set up Go" | |
| uses: "actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00" | |
| with: | |
| go-version-file: "./go.mod" | |
| check-latest: true | |
| - name: "Build" | |
| run: | | |
| make build \ | |
| GOOS="${{ matrix.go.GOOS }}" \ | |
| GOARCH="${{ matrix.go.GOARCH }}" \ | |
| GOARM="${{ matrix.go.GOARM }}" | |
| file ./dist/* && gzip -nv ./dist/* | |
| - name: "Generate artifact attestation" | |
| uses: "actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a" | |
| with: | |
| subject-path: "./dist/*.gz" | |
| - name: "Upload artifact" | |
| uses: "actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02" | |
| with: | |
| name: "dist-${{ matrix.go.GOOS }}-${{ matrix.go.GOARCH }}-${{ matrix.go.GOARM }}" | |
| path: "./dist/*.gz" | |
| retention-days: 1 | |
| build-push-docker: | |
| name: "Build and push Docker images" | |
| needs: ["build"] | |
| runs-on: "ubuntu-latest" | |
| permissions: | |
| contents: "read" | |
| packages: "write" | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" | |
| with: | |
| filter: "blob:none" | |
| fetch-depth: 0 | |
| - name: "Set up QEMU" | |
| uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392" | |
| - name: "Set up Docker Buildx" | |
| uses: "docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435" | |
| - name: "Login to GitHub Container Registry" | |
| if: "github.event_name != 'pull_request'" | |
| uses: "docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef" | |
| with: | |
| registry: "ghcr.io" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: "Login to Docker Hub" | |
| if: "github.event_name != 'pull_request'" | |
| uses: "docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef" | |
| with: | |
| registry: "docker.io" | |
| username: "${{ secrets.DOCKERHUB_USERNAME }}" | |
| password: "${{ secrets.DOCKERHUB_TOKEN }}" | |
| - name: "Extract metadata" | |
| id: "meta" | |
| uses: "docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f" | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| docker.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern=v{{version}} | |
| type=semver,pattern=v{{major}}.{{minor}} | |
| type=semver,pattern=v{{major}} | |
| - name: "Build and push" | |
| uses: "docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83" | |
| with: | |
| context: "./" | |
| platforms: "linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/riscv64,linux/ppc64le,linux/s390x" | |
| tags: "${{ steps.meta.outputs.tags }}" | |
| labels: "${{ steps.meta.outputs.labels }}" | |
| push: "${{ github.event_name != 'pull_request' }}" | |
| provenance: "mode=max" | |
| sbom: true | |
| publish-github-release: | |
| name: "Publish GitHub release" | |
| if: "startsWith(github.ref, 'refs/tags/v')" | |
| needs: ["build", "build-push-docker"] | |
| runs-on: "ubuntu-latest" | |
| permissions: | |
| contents: "write" | |
| steps: | |
| - name: "Download artifacts" | |
| uses: "actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0" | |
| with: | |
| pattern: "dist-*" | |
| merge-multiple: true | |
| path: "assets" | |
| - name: "Publish" | |
| uses: "hectorm/ghaction-release@d0426a7a369ce2c1ed615e1a583788b22745ccfe" | |
| with: | |
| assets-path: "./assets/" |