Skip to content

Merge pull request #216 from taliesins/dependabot/github_actions/acti… #300

Merge pull request #216 from taliesins/dependabot/github_actions/acti…

Merge pull request #216 from taliesins/dependabot/github_actions/acti… #300

Workflow file for this run

# This GitHub action can publish assets for release when a tag is created.
# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
#
# This uses an action (paultyng/ghaction-import-gpg) that assumes you set your
# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
# secret. If you would rather own your own GPG handling, please fork this action
# or use an alternative one for key handling.
#
# You will need to pass the `--batch` flag to `gpg` in your signing step
# in `goreleaser` to indicate this is being used in a non-interactive mode.
#
name: release
on:
push:
branches:
- master
tags:
- 'v*'
paths-ignore:
- 'CHANGELOG.md'
pull_request:
paths:
- .github/workflows/release.yml
- .golangci.yml
- .goreleaser.yml
- .semgrep.yml
- interal/**
- api/**
- powershell/**
- examples/**
- docs/**
- go.sum
- GNUmakefile
- main.go
- staticcheck.conf
- website/**
env:
GO_VERSION: "1.21.5"
GO111MODULE: on
TERRAFORM_VERSION: "1.5.5"
GIT_CHGLOG_VERSION: "0.15.4"
SVU_VERSION: "1.12.0"
TEST_TIME_OUT: "120s"
RELEASE_TIME_OUT: "30m"
jobs:
go_mod_download:
name: go mod download
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Cache cache-go-pkg-mod
uses: actions/[email protected]
continue-on-error: true
id: cache-go-pkg-mod
timeout-minutes: 2
with:
path: ~/go/pkg/mod
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }}
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure'
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure'
name: go mod download
run: go mod download
go_build:
name: go build
needs: [go_mod_download]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Cache cache-terraform-plugin-dir
uses: actions/[email protected]
continue-on-error: true
id: cache-terraform-plugin-dir
timeout-minutes: 2
with:
path: terraform-plugin-dir
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-terraform-plugin-dir-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }}
- if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure'
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure'
name: go env
run: |
echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV
- if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure'
uses: actions/[email protected]
with:
path: ${{ env.GOCACHE }}
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }}
- if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure'
uses: actions/[email protected]
with:
path: ~/go/pkg/mod
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }}
- if: steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure'
name: go build
run: go build -o terraform-plugin-dir/registry.terraform.io/hashicorp/hyperv/99.99.99/linux_amd64/terraform-provider-hyperv_v99.99.99
terraform_providers_schema:
name: terraform providers schema
needs: [go_build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Cache cache-terraform-providers-schema
uses: actions/[email protected]
continue-on-error: true
id: cache-terraform-providers-schema
timeout-minutes: 2
with:
path: terraform-providers-schema
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-terraform-providers-schema-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }}
- if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure'
uses: actions/[email protected]
timeout-minutes: 2
with:
path: terraform-plugin-dir
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-terraform-plugin-dir-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }}
- if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure'
uses: hashicorp/[email protected]
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: false
- if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure'
name: terraform init
run: |
# We need a file to initialize the provider
echo 'resource "hyperv_network_switch" "dmz_network_switch" {name = "dmz"}' > example.tf
terraform init -plugin-dir terraform-plugin-dir
- if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure'
name: terraform providers schema
run: |
mkdir terraform-providers-schema
terraform providers schema -json > terraform-providers-schema/schema.json
go_generate:
name: go generate
needs: [go_build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: go env
run: |
echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV
- uses: actions/[email protected]
continue-on-error: true
timeout-minutes: 2
with:
path: ${{ env.GOCACHE }}
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }}
- uses: actions/[email protected]
continue-on-error: true
timeout-minutes: 2
with:
path: ~/go/pkg/mod
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }}
- run: go generate ./...
- name: Check for Git Differences
run: |
git diff --exit-code || \
(echo; echo "Unexpected difference in directories after code generation. Run 'go generate ./...' command and commit."; exit 1)
go_test:
name: go test
needs: [go_build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: go env
run: |
echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV
- uses: actions/[email protected]
continue-on-error: true
timeout-minutes: 2
with:
path: ${{ env.GOCACHE }}
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }}
- uses: actions/[email protected]
continue-on-error: true
timeout-minutes: 2
with:
path: ~/go/pkg/mod
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }}
- run: go test ./... -timeout=${{ env.TEST_TIME_OUT }}
golangci-lint:
needs: [go_build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: go env
run: |
echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV
- uses: actions/[email protected]
continue-on-error: true
timeout-minutes: 2
with:
path: ${{ env.GOCACHE }}
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-GOCACHE-${{ hashFiles('go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }}
- uses: actions/[email protected]
continue-on-error: true
timeout-minutes: 2
with:
path: ~/go/pkg/mod
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }}
- run: go get -d github.com/golangci/golangci-lint/cmd/golangci-lint
- run: go install github.com/golangci/golangci-lint/cmd/golangci-lint
- run: golangci-lint run
semgrep:
# User definable name of this GitHub Actions job.
name: semgrep/ci
# If you are self-hosting, change the following `runs-on` value:
runs-on: ubuntu-latest
container:
# A Docker image with Semgrep installed. Do not change this.
image: returntocorp/semgrep
# Skip any PR created by dependabot to avoid permission issues:
if: (github.actor != 'dependabot[bot]')
steps:
# Fetch project source with GitHub Actions Checkout.
- uses: actions/checkout@v4
with:
fetch-depth: 0
# Run the "semgrep ci" command on the command line of the docker image.
- run: semgrep ci --no-suppress-errors
env:
# Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
# Generate a token from Semgrep Cloud Platform > Settings
# and add it to your GitHub secrets.
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
goreleaser:
needs: [go_mod_download]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-git-chglog@v1
with:
git-chglog-version: ${{ env.GIT_CHGLOG_VERSION}}
- uses: obfu5c8/action-svu
id: install_svu
with:
type: none
svu-version: ${{ env.SVU_VERSION}}
- name: get version
id: get_version
run: |
current_version="$(svu current --tag-mode current-branch --strip-prefix)"
prerelease_version="$(svu prerelease --tag-mode all-branches --strip-prefix --pre-release prerelease)"
release_version="$(svu next --tag-mode all-branches --strip-prefix)"
echo ::set-output name=CURRENT_VERSION::${current_version}
echo ::set-output name=PRERELEASE_VERSION::${prerelease_version}
echo ::set-output name=RELEASE_VERSION::${release_version}
echo "current version: ${current_version}"
echo "prerelease version: ${prerelease_version}"
echo "release version: ${release_version}"
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/[email protected]
continue-on-error: true
timeout-minutes: 2
with:
path: ~/go/pkg/mod
key: ${{ hashFiles('.github/workflows/release.yml') }}-${{ runner.os }}-go-pkg-mod-${{ hashFiles('go.sum') }}
- name: goreleaser check
continue-on-error: true
uses: goreleaser/goreleaser-action@v5
with:
args: check
- name: Import GPG key
id: import_gpg
uses: crazy-max/[email protected]
if: startsWith(github.ref, 'refs/tags/v')
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
#passphrase: ${{ secrets.PASSPHRASE }}
- name: goreleaser release
uses: goreleaser/goreleaser-action@v5
if: startsWith(github.ref, 'refs/tags/v')
with:
version: latest
args: release --rm-dist --timeout ${{ env.RELEASE_TIME_OUT }} --release-notes=CHANGELOG.md
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: ${{ steps.get_version.outputs.RELEASE_VERSION }}
GORELEASER_PREVIOUS_TAG: ${{ steps.get_version.outputs.CURRENT_VERSION }}
- name: generate change log for prerelease
if: "!(startsWith(github.ref, 'refs/tags/v'))"
run: |
git-chglog --next-tag "v${{ steps.get_version.outputs.PRERELEASE_VERSION }}" > CHANGELOG.md
- name: goreleaser snapshot
uses: goreleaser/goreleaser-action@v5
if: "!(startsWith(github.ref, 'refs/tags/v'))"
with:
args: release --rm-dist --skip-sign --snapshot --timeout ${{ env.RELEASE_TIME_OUT }} --release-notes=CHANGELOG.md
env:
GORELEASER_CURRENT_TAG: ${{ steps.get_version.outputs.RELEASE_VERSION }}
GORELEASER_PREVIOUS_TAG: ${{ steps.get_version.outputs.CURRENT_VERSION }}
- name: snapshot artifact naming
id: naming
if: "!(startsWith(github.ref, 'refs/tags/v'))"
run: |
case $GITHUB_REF in
refs/heads/*)
ARTIFACT="${GITHUB_REF#refs/heads/}";;
refs/pull/*)
ARTIFACT="pr-${GITHUB_REF#refs/pull/}"
ARTIFACT="${ARTIFACT%/merge}";;
*)
ARTIFACT="${GITHUB_REF}";;
esac
echo "::set-output name=ARTIFACT::$ARTIFACT-$(date -u +'%Y-%m-%dT%H-%M')"
- name: upload snapshot artifact
uses: actions/upload-artifact@v3
if: "!(startsWith(github.ref, 'refs/tags/v'))"
with:
name: ${{steps.naming.outputs.ARTIFACT}}
path: dist/*.zip
- name: Add updated changelog, and create new branch
uses: EndBug/add-and-commit@v9
if: "!(startsWith(github.ref, 'refs/tags/v'))"
with:
default_author: github_actions
message: "chore(release): v${{ steps.get_version.outputs.PRERELEASE_VERSION }}"
add: "CHANGELOG.md"
new_branch: "v${{ steps.get_version.outputs.PRERELEASE_VERSION }}"