chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 #362
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This GitHub action can publish assets for release when a tag is created. | |
# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0). | |
# | |
# This uses an action (paultyng/ghaction-import-gpg) that assumes you set your | |
# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE` | |
# secret. If you would rather own your own GPG handling, please fork this action | |
# or use an alternative one for key handling. | |
# | |
# You will need to pass the `--batch` flag to `gpg` in your signing step | |
# in `goreleaser` to indicate this is being used in a non-interactive mode. | |
# | |
name: release | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- 'v*' | |
paths-ignore: | |
- 'CHANGELOG.md' | |
pull_request: | |
paths: | |
- .github/workflows/release.yml | |
- .golangci.yml | |
- .goreleaser.yml | |
- .semgrep.yml | |
- interal/** | |
- api/** | |
- powershell/** | |
- examples/** | |
- docs/** | |
- go.sum | |
- GNUmakefile | |
- main.go | |
- staticcheck.conf | |
- website/** | |
env: | |
GO_VERSION: "1.21.5" | |
GO111MODULE: on | |
TERRAFORM_VERSION: "1.5.5" | |
GIT_CHGLOG_VERSION: "0.15.4" | |
SVU_VERSION: "1.12.0" | |
TEST_TIME_OUT: "120s" | |
RELEASE_TIME_OUT: "30m" | |
jobs: | |
go_mod_download: | |
name: go mod download | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-pkg-mod | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-pkg-mod | |
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' | |
name: go mod download | |
run: go mod download | |
go_build: | |
name: go build | |
needs: [go_mod_download] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-pkg-mod | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-pkg-mod | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-build | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
restore-keys: | | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-build | |
- name: Cache cache-terraform-plugin-dir | |
uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-terraform-plugin-dir | |
timeout-minutes: 2 | |
with: | |
path: | | |
terraform-plugin-dir | |
key: ${{ runner.os }}-terraform-plugin-dir-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' || steps.cache-go-build.outputs.cache-hit != 'true' || steps.cache-go-build.outcome == 'failure' || steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' | |
name: go mod download | |
run: go mod download | |
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' || steps.cache-go-build.outputs.cache-hit != 'true' || steps.cache-go-build.outcome == 'failure' || steps.cache-terraform-plugin-dir.outputs.cache-hit != 'true' || steps.cache-terraform-plugin-dir.outcome == 'failure' | |
name: go build | |
run: go build -o terraform-plugin-dir/registry.terraform.io/hashicorp/hyperv/99.99.99/linux_amd64/terraform-provider-hyperv_v99.99.99 | |
terraform_providers_schema: | |
name: terraform providers schema | |
needs: [go_build] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache cache-terraform-providers-schema | |
uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-terraform-providers-schema | |
timeout-minutes: 2 | |
with: | |
path: | | |
terraform-providers-schema | |
key: ${{ runner.os }}-terraform-providers-schema-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
- name: Cache cache-terraform-plugin-dir | |
uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-terraform-plugin-dir | |
timeout-minutes: 2 | |
with: | |
path: | | |
terraform-plugin-dir | |
key: ${{ runner.os }}-terraform-plugin-dir-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
restore-keys: | | |
${{ runner.os }}-terraform-plugin-dir-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
${{ runner.os }}-terraform-plugin-dir-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-terraform-plugin-dir- | |
- if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure' | |
uses: hashicorp/[email protected] | |
with: | |
terraform_version: ${{ env.TERRAFORM_VERSION }} | |
terraform_wrapper: false | |
- if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure' | |
name: terraform init | |
run: | | |
# We need a file to initialize the provider | |
echo 'resource "hyperv_network_switch" "dmz_network_switch" {name = "dmz"}' > example.tf | |
terraform init -plugin-dir terraform-plugin-dir | |
- if: steps.cache-terraform-providers-schema.outputs.cache-hit != 'true' || steps.cache-terraform-providers-schema.outcome == 'failure' | |
name: terraform providers schema | |
run: | | |
mkdir terraform-providers-schema | |
terraform providers schema -json > terraform-providers-schema/schema.json | |
go_generate: | |
name: go generate | |
needs: [go_build] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-pkg-mod | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-pkg-mod | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-build | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
restore-keys: | | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-build | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' | |
name: go mod download | |
run: go mod download | |
- run: go generate ./... | |
- name: Check for Git Differences | |
run: | | |
git diff --exit-code || \ | |
(echo; echo "Unexpected difference in directories after code generation. Run 'go generate ./...' command and commit."; exit 1) | |
go_test: | |
name: go test | |
needs: [go_build] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-pkg-mod | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-pkg-mod | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-build | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
restore-keys: | | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-build | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' | |
name: go mod download | |
run: go mod download | |
- run: go test ./... -timeout=${{ env.TEST_TIME_OUT }} | |
golangci-lint: | |
needs: [go_build] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-pkg-mod | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-pkg-mod | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-build | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
restore-keys: | | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-build | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' | |
name: go mod download | |
run: go mod download | |
- run: go get -d github.com/golangci/golangci-lint/cmd/golangci-lint | |
- run: go install github.com/golangci/golangci-lint/cmd/golangci-lint | |
- run: golangci-lint run | |
semgrep: | |
# User definable name of this GitHub Actions job. | |
name: semgrep/ci | |
# If you are self-hosting, change the following `runs-on` value: | |
runs-on: ubuntu-latest | |
container: | |
# A Docker image with Semgrep installed. Do not change this. | |
image: returntocorp/semgrep | |
# Skip any PR created by dependabot to avoid permission issues: | |
if: (github.actor != 'dependabot[bot]') | |
steps: | |
# Fetch project source with GitHub Actions Checkout. | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# Run the "semgrep ci" command on the command line of the docker image. | |
- run: semgrep ci --no-suppress-errors | |
env: | |
# Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN. | |
# Generate a token from Semgrep Cloud Platform > Settings | |
# and add it to your GitHub secrets. | |
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} | |
goreleaser: | |
needs: [go_build] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
persist-credentials: true | |
fetch-tags: true | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
ref: ${{ github.event.pull_request.head.ref }} | |
token: ${{ secrets.CREATE_TAG_GITHUB_TOKEN }} | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-pkg-mod | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-pkg-mod-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-pkg-mod | |
- uses: actions/[email protected] | |
continue-on-error: true | |
id: cache-go-build | |
timeout-minutes: 3 | |
with: | |
path: | | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
restore-keys: | | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('internal/**', 'api/**', 'powershell/**') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }}-${{ hashFiles('**/go.sum') }} | |
${{ runner.os }}-go-build-${{ hashFiles('.github/workflows/release.yml') }} | |
${{ runner.os }}-go-build | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- if: steps.cache-go-pkg-mod.outputs.cache-hit != 'true' || steps.cache-go-pkg-mod.outcome == 'failure' | |
name: go mod download | |
run: go mod download | |
- uses: Bpazy/setup-git-chglog@v1 | |
with: | |
git-chglog-version: ${{ env.GIT_CHGLOG_VERSION}} | |
- uses: obfu5c8/action-svu@v1 | |
id: install_svu | |
with: | |
type: none | |
svu-version: ${{ env.SVU_VERSION}} | |
- name: get version | |
id: get_version | |
run: | | |
current_version="$(svu current --tag-mode current-branch --strip-prefix)" | |
previous_version="$(git tag -l --sort=-version:refname | grep -E '^v.*' | head -n2 | sed -n 2p | cut -c 2-)" | |
prerelease_version="$(svu prerelease --tag-mode all-branches --strip-prefix --pre-release prerelease)" | |
release_version="$(svu next --tag-mode all-branches --strip-prefix)" | |
echo "CURRENT_VERSION=${current_version}" >> $GITHUB_OUTPUT | |
echo "PREVIOUS_VERSION=${previous_version}" >> $GITHUB_OUTPUT | |
echo "PRERELEASE_VERSION=${prerelease_version}" >> $GITHUB_OUTPUT | |
echo "RELEASE_VERSION=${release_version}" >> $GITHUB_OUTPUT | |
echo "current version: ${current_version}" | |
echo "previous version: ${previous_version}" | |
echo "prerelease version: ${prerelease_version}" | |
echo "release version: ${release_version}" | |
- name: goreleaser check | |
continue-on-error: true | |
uses: goreleaser/goreleaser-action@v5 | |
with: | |
args: check | |
- name: Import GPG key | |
id: import_gpg | |
uses: crazy-max/[email protected] | |
if: startsWith(github.ref, 'refs/tags/v') | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
#passphrase: ${{ secrets.PASSPHRASE }} | |
- name: goreleaser release | |
uses: goreleaser/goreleaser-action@v5 | |
if: startsWith(github.ref, 'refs/tags/v') | |
with: | |
version: latest | |
args: release --clean --timeout ${{ env.RELEASE_TIME_OUT }} --release-notes=CHANGELOG.md | |
env: | |
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GORELEASER_CURRENT_TAG: "v${{ steps.get_version.outputs.RELEASE_VERSION }}" | |
GORELEASER_PREVIOUS_TAG: "v${{ steps.get_version.outputs.PREVIOUS_VERSION }}" | |
- name: generate change log for prerelease | |
if: "!(startsWith(github.ref, 'refs/tags/v'))" | |
run: | | |
git-chglog --next-tag "v${{ steps.get_version.outputs.PRERELEASE_VERSION }}" > CHANGELOG.md | |
- name: goreleaser snapshot | |
uses: goreleaser/goreleaser-action@v5 | |
if: "!(startsWith(github.ref, 'refs/tags/v'))" | |
with: | |
args: release --clean --skip=sign --snapshot --timeout ${{ env.RELEASE_TIME_OUT }} --release-notes=CHANGELOG.md | |
env: | |
GORELEASER_CURRENT_TAG: "v${{ steps.get_version.outputs.RELEASE_VERSION }}" | |
GORELEASER_PREVIOUS_TAG: "v${{ steps.get_version.outputs.CURRENT_VERSION }}" | |
- name: snapshot artifact naming | |
id: naming | |
if: "!(startsWith(github.ref, 'refs/tags/v'))" | |
run: | | |
case $GITHUB_REF in | |
refs/heads/*) | |
ARTIFACT="${GITHUB_REF#refs/heads/}";; | |
refs/pull/*) | |
ARTIFACT="pr-${GITHUB_REF#refs/pull/}" | |
ARTIFACT="${ARTIFACT%/merge}";; | |
*) | |
ARTIFACT="${GITHUB_REF}";; | |
esac | |
ARTIFACT="${ARTIFACT}-$(date -u +'%Y-%m-%dT%H-%M')" | |
echo "ARTIFACT=${ARTIFACT}" >> $GITHUB_OUTPUT | |
- name: upload snapshot artifact | |
uses: actions/upload-artifact@v4 | |
if: "!(startsWith(github.ref, 'refs/tags/v'))" | |
with: | |
name: ${{steps.naming.outputs.ARTIFACT}} | |
path: dist/*.zip | |
- name: Add updated changelog | |
uses: EndBug/add-and-commit@v9 | |
if: "startsWith(github.ref, 'refs/heads/master')" | |
with: | |
default_author: github_actions | |
message: "chore(release): v${{ steps.get_version.outputs.PRERELEASE_VERSION }}" | |
add: "CHANGELOG.md" |