Skip to content

Commit

Permalink
chore(ci): Bump github actions
Browse files Browse the repository at this point in the history 
Signed-off-by: Maximilian Blatt (external expert on behalf of DB Netz) <[email protected]>
  • Loading branch information
@MisterMX
MisterMX committed Feb 3, 2025
1 parent 2a9ac2c commit 9400f64
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 55 deletions.
5 changes: 4 additions & 1 deletion .github/workflows/backport.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ on:
types: [closed]
# See also commands.yml for the /backport triggered variant of this workflow.

env:
ACTION_CHECKOUT: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

jobs:
# NOTE(negz): I tested many backport GitHub actions before landing on this
# one. Many do not support merge commits, or do not support pull requests with
Expand All @@ -22,7 +25,7 @@ jobs:
if: github.event.pull_request.merged
steps:
- name: Checkout
uses: actions/checkout@v2
uses: ${{ env.ACTION_CHECKOUT }}
with:
fetch-depth: 0

Expand Down
117 changes: 63 additions & 54 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,21 +21,29 @@ env:
XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }}
AWS_USR: ${{ secrets.AWS_USR }}

ACTION_CHECKOUT: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
ACTION_SETUP_GO: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
ACTION_CACHE: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
ACTION_UPLOAD_ARTIFACT: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
ACTION_DOCKER_SETUP_BUILDX: docker/setup-buildx-action@04eaa7c789c15c7207d36583e7d86cd37d837034 # v3.8.0
ACTION_DOCKER_SETUP_QUEMU: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
ACTION_DOCKER_LOGIN: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0

jobs:
check-diff:
runs-on: ubuntu-22.04

steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
uses: ${{ env.ACTION_CHECKOUT }}
with:
submodules: true

- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
uses: ${{ env.ACTION_SETUP_GO }}
with:
go-version: ${{ env.GO_VERSION }}

- name: Install goimports
run: go install golang.org/x/tools/cmd/goimports

Expand All @@ -44,14 +52,14 @@ jobs:
run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

- name: Cache the Go Build Cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: ${{ steps.go.outputs.cache }}
key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-check-diff-

- name: Cache Go Dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
Expand All @@ -70,7 +78,7 @@ jobs:
steps:
- name: Detect No-op Changes
id: noop
uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v5.3.0
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
paths_ignore: '["**.md", "**.png", "**.jpg"]'
Expand All @@ -83,13 +91,13 @@ jobs:
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Checkout
uses: actions/checkout@v2
uses: ${{ env.ACTION_CHECKOUT }}
with:
submodules: true

- name: Get modified CRDs
id: modified-crds
uses: tj-actions/changed-files@v41
uses: tj-actions/changed-files@d6e91a2266cdb9d62096cebf1e8546899c6aa18f # v45.0.6
with:
files: |
package/crds/**
Expand All @@ -107,12 +115,12 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
uses: ${{ env.ACTION_CHECKOUT }}
with:
submodules: true

- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
uses: ${{ env.ACTION_SETUP_GO }}
with:
go-version: ${{ env.GO_VERSION }}

Expand All @@ -121,14 +129,14 @@ jobs:
run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

- name: Cache the Go Build Cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: ${{ steps.go.outputs.cache }}
key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-lint-

- name: Cache Go Dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
Expand All @@ -155,12 +163,12 @@ jobs:

# steps:
# - name: Checkout
# uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
# uses: ${{ env.ACTION_CHECKOUT }}
# with:
# submodules: true

# - name: Setup Go
# uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
# uses: ${{ env.ACTION_SETUP_GO }}
# with:
# go-version: ${{ env.GO_VERSION }}

Expand All @@ -169,14 +177,14 @@ jobs:
# run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

# - name: Cache the Go Build Cache
# uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
# uses: ${{ env.ACTION_CACHE }}
# with:
# path: ${{ steps.go.outputs.cache }}
# key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
# restore-keys: ${{ runner.os }}-build-check-diff-

# - name: Cache Go Dependencies
# uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
# uses: ${{ env.ACTION_CACHE }}
# with:
# path: .work/pkg
# key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
Expand All @@ -193,25 +201,26 @@ jobs:
# - name: Perform CodeQL Analysis
# uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2

trivy-scan-fs:
runs-on: ubuntu-22.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
with:
submodules: true
## Disable due to throttling errors
# trivy-scan-fs:
# runs-on: ubuntu-22.04
# needs: detect-noop
# if: needs.detect-noop.outputs.noop != 'true'
# steps:
# - name: Checkout
# uses: ${{ env.ACTION_CHECKOUT }}
# with:
# submodules: true

- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0
with:
scan-type: 'fs'
ignore-unfixed: true
skip-dirs: design
scan-ref: '.'
exit-code: '1'
severity: 'CRITICAL,HIGH'
# - name: Run Trivy vulnerability scanner in fs mode
# uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0
# with:
# scan-type: 'fs'
# ignore-unfixed: true
# skip-dirs: design
# scan-ref: '.'
# exit-code: '1'
# severity: 'CRITICAL,HIGH'

unit-tests:
runs-on: ubuntu-22.04
Expand All @@ -220,15 +229,15 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
uses: ${{ env.ACTION_CHECKOUT }}
with:
submodules: true

- name: Fetch History
run: git fetch --prune --unshallow

- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
uses: ${{ env.ACTION_SETUP_GO }}
with:
go-version: ${{ env.GO_VERSION }}

Expand All @@ -237,14 +246,14 @@ jobs:
run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

- name: Cache the Go Build Cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: ${{ steps.go.outputs.cache }}
key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-unit-tests-

- name: Cache Go Dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
Expand All @@ -268,26 +277,26 @@ jobs:
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Setup QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
uses: ${{ env.ACTION_DOCKER_SETUP_QEMU }}
with:
platforms: all

- name: Setup Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
uses: ${{ env.ACTION_DOCKER_SETUP_BUILDX }}
with:
version: ${{ env.DOCKER_BUILDX_VERSION }}
install: true

- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
uses: ${{ env.ACTION_CHECKOUT }}
with:
submodules: true

- name: Fetch History
run: git fetch --prune --unshallow

- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
uses: ${{ env.ACTION_SETUP_GO }}
with:
go-version: ${{ env.GO_VERSION }}

Expand All @@ -296,14 +305,14 @@ jobs:
run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

- name: Cache the Go Build Cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: ${{ steps.go.outputs.cache }}
key: ${{ runner.os }}-build-e2e-tests-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-e2e-tests-

- name: Cache Go Dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
Expand All @@ -330,7 +339,7 @@ jobs:

steps:
- name: Cleanup Disk
uses: jlumbroso/free-disk-space@d5af243ce7bacb67384aa6c5b1fc5f169e30903e
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be #v1.3.1
with:
android: true
dotnet: true
Expand All @@ -340,26 +349,26 @@ jobs:
swap-storage: false

- name: Setup QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
uses: ${{ env.ACTION_DOCKER_SETUP_QEMU }}
with:
platforms: all

- name: Setup Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
uses: ${{ env.ACTION_DOCKER_SETUP_BUILDX }}
with:
version: ${{ env.DOCKER_BUILDX_VERSION }}
install: true

- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
uses: ${{ env.ACTION_CHECKOUT }}
with:
submodules: true

- name: Fetch History
run: git fetch --prune --unshallow

- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
uses: ${{ env.ACTION_SETUP_GO }}
with:
go-version: ${{ env.GO_VERSION }}

Expand All @@ -368,14 +377,14 @@ jobs:
run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT

- name: Cache the Go Build Cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: ${{ steps.go.outputs.cache }}
key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-publish-artifacts-

- name: Cache Go Dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
uses: ${{ env.ACTION_CACHE }}
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
Expand All @@ -392,20 +401,20 @@ jobs:
BUILD_ARGS: "--load"

- name: Publish Artifacts to GitHub
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
uses: ${{ env.ACTION_UPLOAD_ARTIFACT }}
with:
name: output
path: _output/**

- name: Login to DockerHub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
uses: ${{ env.ACTION_DOCKER_LOGIN }}
if: env.CONTRIB_DOCKER_USR != ''
with:
username: ${{ secrets.CONTRIB_DOCKER_USR }}
password: ${{ secrets.CONTRIB_DOCKER_PSW }}

- name: Login to Upbound
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
uses: ${{ env.ACTION_DOCKER_LOGIN }}
if: env.XPKG_ACCESS_ID != ''
with:
registry: xpkg.upbound.io
Expand Down

0 comments on commit 9400f64

Please sign in to comment.