Bump github.com/prometheus/client_golang from 1.20.2 to 1.20.5 #125
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| pull_request_target: | |
| types: | |
| - closed | |
| branches: | |
| - master | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: write | |
| packages: write | |
| security-events: write | |
| env: | |
| PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} | |
| PULL_REQUEST_BRANCH: ${{ github.head_ref }} | |
| BRANCH: ${{ github.event.pull_request.head.ref }} | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: "ghcr.io/${{ github.repository }}" | |
| RELEASE: true | |
| jobs: | |
| config: | |
| if: github.triggering_actor != 'dependabot[bot]' && github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| outputs: | |
| go-version: ${{ fromJson(steps.config.outputs.config).go-version }} | |
| deploy-pull-request: ${{ fromJson(steps.config.outputs.config).deploy.pull-request }} | |
| deploy-sign-docker-image: ${{ fromJson(steps.config.outputs.config).deploy.sign-docker-image }} | |
| deploy-pre-release-matrix: ${{ steps.pre-release-matrix.outputs.matrix }} | |
| deploy-release-matrix: ${{ steps.release-matrix.outputs.matrix }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Read config | |
| id: config | |
| run: echo "config=$(jq -M -c '.' ./.github/workflow-config.json)" >> $GITHUB_OUTPUT | |
| - name: List Pre-release profiles | |
| id: deploy-pr-images-profiles | |
| run: echo "profiles=$(jq -c -M '.deploy."pull-request-images"' .github/workflow-config.json)" >> $GITHUB_OUTPUT | |
| - name: Deploy pre-release matrix | |
| id: pre-release-matrix | |
| run: echo 'matrix={"include":${{ steps.deploy-pr-images-profiles.outputs.profiles }} }' >> $GITHUB_OUTPUT | |
| - name: List release profiles | |
| id: deploy-images-profiles | |
| run: echo "profiles=$(jq -c -M '.deploy."release-images"' .github/workflow-config.json)" >> $GITHUB_OUTPUT | |
| - name: Deploy release matrix | |
| id: release-matrix | |
| run: echo 'matrix={"include":${{ steps.deploy-images-profiles.outputs.profiles }} }' >> $GITHUB_OUTPUT | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - config | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Golang | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ needs.config.outputs.go-version }} | |
| - name: Get makefile versions | |
| id: version | |
| run: | | |
| version=$(make version) | |
| echo "version=$version" >> $GITHUB_OUTPUT | |
| - name: Setup Golang cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Build artifact | |
| run: make go-build | |
| - name: Run test | |
| run: make go-test | |
| - name: Go lint | |
| continue-on-error: true | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| args: --issues-exit-code=0 | |
| skip-pkg-cache: true | |
| skip-build-cache: true | |
| - name: Package artifact | |
| run: | | |
| mv dist/*.tar.gz application.tar.gz | |
| - name: Upload build output | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: application | |
| path: "./application.tar.gz" | |
| - name: Upload test coverage | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: test-coverage | |
| path: "./test-coverage.out" | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - config | |
| - build | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set release version | |
| id: version | |
| run: echo "version=${{ needs.build.outputs.version }}" >> $GITHUB_OUTPUT | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: application | |
| path: "." | |
| - name: Rename artifact | |
| run: mv application.tar.gz ${{ github.event.repository.name }}.tar.gz | |
| - name: Create release | |
| uses: softprops/action-gh-release@v1 | |
| id: create-release | |
| with: | |
| name: Release ${{ steps.version.outputs.version }} | |
| tag_name: ${{ steps.version.outputs.version }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| body: ${{ steps.changelog.outputs.changelog }} | |
| files: | | |
| ./${{ github.event.repository.name }}.tar.gz | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: true | |
| deploy: | |
| name: deploy-[${{ matrix.name }}] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| max-parallel: 1 | |
| matrix: ${{ fromJson(needs.config.outputs.deploy-release-matrix) }} | |
| if: ${{ !failure() && needs.release.result == 'success' && needs.config.outputs.deploy-pull-request == 'true' }} | |
| needs: | |
| - config | |
| - build | |
| - release | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Log in to registry | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${{ env.REGISTRY }} -u $ --password-stdin | |
| - name: Build image | |
| id: docker-meta | |
| env: | |
| VERSION: "${{ needs.release.outputs.version }}" | |
| run: | | |
| make ${{ matrix.name }}-image | |
| TAG_SUFFIX=$(echo "-${{ matrix.name }}" | sed s/-ubuntu//) | |
| echo "image-id=$IMAGE_NAME" >> $GITHUB_OUTPUT | |
| echo "image-version=${VERSION}${TAG_SUFFIX}" >> $GITHUB_OUTPUT | |
| make push-${{ matrix.name }}-image | |
| - name: Setup cosign | |
| if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' }} | |
| uses: sigstore/cosign-installer@main | |
| - name: Write signing key to disk (only needed for `cosign sign --key`) | |
| if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' }} | |
| continue-on-error: true | |
| run: echo "${{ secrets.SIGNING_SECRET }}" > cosign.key | |
| - name: Sign the published Docker image | |
| if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' }} | |
| continue-on-error: true | |
| env: | |
| COSIGN_PASSWORD: "" | |
| VERSION: "${{ needs.release.outputs.version }}" | |
| run: make sign-${{ matrix.name }}-image | |
| - name: Container scan | |
| uses: aquasecurity/[email protected] | |
| env: | |
| image-ref: "${{ steps.docker-meta.outputs.image-id }}:${{ steps.docker-meta.outputs.image-version }}" | |
| with: | |
| image-ref: "${{ env.image-ref }}" | |
| ignore-unfixed: true | |
| vuln-type: "os,library" | |
| severity: "CRITICAL,HIGH" | |
| format: "sarif" | |
| output: "trivy-results.sarif" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: "trivy-results.sarif" | |
| category: trivy-${{ matrix.name }} |