fix(deps): update all dependencies #420

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	- release-*
	- feature/*
	tags:
	- 'v[0-9]+.[0-9]+.[0-9]+'
	paths-ignore:
	- '.github/**'
	- 'examples/**'
	pull_request: {}
	workflow_dispatch: {}

	env:
	# Common versions
	GO_VERSION: '1.23'
	GOLANGCI_VERSION: 'v1.61.0'
	DOCKER_BUILDX_VERSION: 'v0.18.0'

	PROVIDER: provider-nexus

	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository_owner }}/crossplane/provider-nexus
	# IMAGE_NAME: ${{ github.repository }}

	# Common users. We can't run a step 'if secrets.XXX != ""' but we can run a
	# step 'if env.XXX != ""', so we copy these to succinctly test whether
	# credentials have been provided before trying to run steps that need them.
	UPBOUND_MARKETPLACE_PUSH_ROBOT_USR: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}

	jobs:
	detect-noop:
	runs-on: ubuntu-24.04
	outputs:
	noop: ${{ steps.noop.outputs.should_skip }}
	steps:
	- name: Detect No-op Changes
	id: noop
	uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	paths_ignore: '[".md", ".png", "**.jpg"]'
	do_not_skip: '["workflow_dispatch", "schedule", "push"]'

	lint:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	submodules: true

	- name: Setup Go
	uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-lint-

	- name: Cache Go Dependencies
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	# We could run 'make lint' but we prefer this action because it leaves
	# 'annotations' (i.e. it comments on PRs to point out linter violations).
	- name: Lint
	uses: golangci/golangci-lint-action@e60da84bfae8c7920a47be973d75e15710aa8bd7 # v6.3.0
	with:
	version: ${{ env.GOLANGCI_VERSION }}

	check-diff:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	submodules: true

	- name: Setup Go
	uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Install goimports
	run: go install golang.org/x/tools/cmd/goimports

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-check-diff-

	- name: Cache Go Dependencies
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Check Diff
	run: make check-diff

	unit-tests:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-unit-tests-

	- name: Cache Go Dependencies
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Run Unit Tests
	run: make -j2 test

	# - name: Publish Unit Test Coverage
	# uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
	# with:
	# flags: unittests
	# file: _output/tests/linux_amd64/coverage.txt

	local-deploy:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-unit-tests-

	- name: Cache Go Dependencies
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make vendor vendor.check

	- name: Deploying locally built provider package
	run: make local-deploy

	publish-artifacts:
	runs-on: ubuntu-24.04
	needs: detect-noop
	if: needs.detect-noop.outputs.noop != 'true'

	permissions:
	packages: write

	outputs:
	VERSION: ${{ steps.ver.outputs.VERSION }}

	steps:
	- name: Setup QEMU
	uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
	with:
	platforms: all

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
	with:
	version: ${{ env.DOCKER_BUILDX_VERSION }}
	install: true

	- name: Login to ghcr.io
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	submodules: true

	- name: Fetch History
	run: git fetch --prune --unshallow

	- name: Setup Go
	uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Find the Go Build Cache
	id: go
	run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

	- name: Find the version
	id: ver
	run: make common.buildvars >> $GITHUB_OUTPUT

	- name: Cache the Go Build Cache
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: ${{ steps.go.outputs.cache }}
	key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-build-publish-artifacts-

	- name: Cache Go Dependencies
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: .work/pkg
	key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
	restore-keys: ${{ runner.os }}-pkg-

	- name: Vendor Dependencies
	run: make go.vendor.check

	- name: Build Artifacts
	run: make -j2 build.all
	env:
	# We're using docker buildx, which doesn't actually load the images it
	# builds by default. Specifying --load does so.
	BUILD_ARGS: "--load"
	BUILD_REGISTRY: build

	- name: Build xpkg
	uses: crossplane-contrib/xpkg-action@master
	with:
	channel: ${{ github.event.inputs.channel }}
	version: ${{ github.event.inputs.version }}
	command: xpkg build -f ./package/ --embed-runtime-image=build/${{ env.PROVIDER }}-amd64 -o ./package/${{ env.PROVIDER }}.xpkg

	- name: Push xpkg
	uses: crossplane-contrib/xpkg-action@master
	with:
	command: xpkg push -f ./package/${{ env.PROVIDER }}.xpkg ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.ver.outputs.VERSION }}

	sign-artifacts:
	runs-on: ubuntu-24.04
	needs: publish-artifacts
	if: github.event_name != 'pull_request'

	permissions:
	id-token: write
	packages: write

	steps:
	- name: Install cosign
	uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0

	- name: Login to ghcr.io
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Pull image
	run: docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.publish-artifacts.outputs.VERSION }}

	- name: Get Repo Digest
	id: meta
	run: echo "digest=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.publish-artifacts.outputs.VERSION }})" >> $GITHUB_OUTPUT

	- name: Sign the published Docker Image
	env:
	COSIGN_EXPERIMENTAL: 1
	run: \|
	cosign sign --yes ${{ steps.meta.outputs.digest }}
	cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.publish-artifacts.outputs.VERSION }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update all dependencies #420

Workflow file

fix(deps): update all dependencies #420

Jobs

Run details

Workflow file for this run