1
0
Fork 0
mirror of https://github.com/kastenhq/kubestr.git synced 2024-12-14 11:57:56 +00:00

chore(deps) upgrade various GH actions (#170)

* chore(ci): update comment in dependency review action
* chore(deps): use commit id for action/setup-go version
* deps(gha): upgrade docker/setup-buildx-action to v3.0.0
* deps(gha): upgrade docker/metadata-action to v5.0.0
* deps(gha): upgrade docker/login-action to v3.0.0
* deps(gha): upgrade docker/build-push-action to v5.0.0
* deps(gha): upgrade docker/setup-qemu-action to v3.0.0
  Release notes: https://github.com/docker/setup-qemu-action/releases/tag/v3.0.0
* deps(gha): use commit id for dependency-review-action
* deps(gha): upgrade goreleaser-action to v5.0.0
  Release notes: https://github.com/goreleaser/goreleaser-action/releases/tag/v5.0.0
* deps(gha): use commit id for golangci-lint-action
  Pin to v3.7.0
  Release notes: https://github.com/golangci/golangci-lint-action/releases/tag/v3.7.0
This commit is contained in:
Julio Lopez 2023-09-14 15:33:53 -07:00 committed by GitHub
parent 2511849a2d
commit 50cd583328
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 18 additions and 13 deletions

View file

@ -1,9 +1,14 @@
# Dependency Review Action # Dependency Review Action
# #
# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. # This workflow scans dependency manifest files that change as part of a pull
# reqest, surfacing known-vulnerable versions of the packages declared or
# updated in the PR.
# If the workflow run is marked as required, PRs introducing known-vulnerable
# packages will be blocked from merging.
# #
# Source repository: https://github.com/actions/dependency-review-action # Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
#
name: 'Dependency Review' name: 'Dependency Review'
on: [pull_request] on: [pull_request]
@ -17,4 +22,4 @@ jobs:
- name: 'Checkout Repository' - name: 'Checkout Repository'
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: 'Dependency Review' - name: 'Dependency Review'
uses: actions/dependency-review-action@v3 uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0

View file

@ -31,24 +31,24 @@ jobs:
# https://github.com/docker/metadata-action # https://github.com/docker/metadata-action
- name: Extract Docker metadata - name: Extract Docker metadata
id: meta id: meta
uses: docker/metadata-action@v4 uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# This action can be useful if you want to add emulation # This action can be useful if you want to add emulation
# support with QEMU to be able to build against more platforms. # support with QEMU to be able to build against more platforms.
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
# This action will create and boot a builder using # This action will create and boot a builder using
# by default the docker-container builder driver. # by default the docker-container builder driver.
# Recommended for build multi-platform images, export cache, etc. # Recommended for build multi-platform images, export cache, etc.
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Log into ${{ env.REGISTRY }} - name: Log into ${{ env.REGISTRY }}
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/login-action@v2 uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
@ -57,7 +57,7 @@ jobs:
# Build and push Docker image with Buildx (don't push on PR) # Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action # https://github.com/docker/build-push-action
- name: Build and push Docker image - name: Build and push Docker image
uses: docker/build-push-action@v4 uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with: with:
context: . context: .
push: ${{ github.event_name != 'pull_request' }} push: ${{ github.event_name != 'pull_request' }}

View file

@ -13,8 +13,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Set up Go 1.x - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with: with:
go-version: ^1.19 go-version: ^1.19
id: go id: go

View file

@ -12,12 +12,12 @@ jobs:
name: lint name: lint
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/setup-go@v4 - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with: with:
go-version: 1.19 go-version: 1.19
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: golangci-lint - name: golangci-lint
uses: golangci/golangci-lint-action@v3 uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
with: with:
# Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
version: v1.48 version: v1.48

View file

@ -16,11 +16,11 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v4 uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with: with:
go-version: 1.19 go-version: 1.19
- name: Run GoReleaser - name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4 uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with: with:
distribution: goreleaser distribution: goreleaser
version: latest version: latest