mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-01-10 03:47:03 +02:00
9b8e82d915
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v4.1.3</h2> <h2>What's Changed</h2> <ul> <li>Update <code>actions/checkout</code> version in <code>update-main-version.yml</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li> <li>Check git version before attempting to disable <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li> <li>Add SSH user parameter by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.1.2...v4.1.3">https://github.com/actions/checkout/compare/v4.1.2...v4.1.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="1d96c772d1"><code>1d96c77</code></a> Add SSH user parameter (<a href="https://redirect.github.com/actions/checkout/issues/1685">#1685</a>)</li> <li><a href="cd7d8d697e"><code>cd7d8d6</code></a> Check git version before attempting to disable <code>sparse-checkout</code> (<a href="https://redirect.github.com/actions/checkout/issues/1656">#1656</a>)</li> <li><a href="8410ad0602"><code>8410ad0</code></a> Update <code>actions/checkout</code> version in <code>update-main-version.yml</code> (<a href="https://redirect.github.com/actions/checkout/issues/1650">#1650</a>)</li> <li>See full diff in <a href="9bb56186c3...1d96c772d1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
72 lines
2.2 KiB
YAML
72 lines
2.2 KiB
YAML
name: build
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- "main"
|
|
pull_request:
|
|
paths:
|
|
- "go.*"
|
|
- "**/*.go"
|
|
- "Taskfile.yml"
|
|
- "Dockerfile"
|
|
- ".github/workflows/*.yml"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
govulncheck:
|
|
uses: caarlos0/meta/.github/workflows/govulncheck.yml@main
|
|
semgrep:
|
|
uses: caarlos0/meta/.github/workflows/semgrep.yml@main
|
|
ruleguard:
|
|
uses: caarlos0/meta/.github/workflows/ruleguard.yml@main
|
|
with:
|
|
args: "-disable largeloopcopy"
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
DOCKER_CLI_EXPERIMENTAL: "enabled"
|
|
steps:
|
|
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v3
|
|
with:
|
|
fetch-depth: 0
|
|
- uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v1
|
|
with:
|
|
version: 3.x
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v2
|
|
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
|
|
- name: setup-snapcraft
|
|
# FIXME: the mkdirs are a hack for https://github.com/goreleaser/goreleaser/issues/1715
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft
|
|
mkdir -p $HOME/.cache/snapcraft/download
|
|
mkdir -p $HOME/.cache/snapcraft/stage-packages
|
|
- uses: crazy-max/ghaction-upx@v3
|
|
with:
|
|
install-only: true
|
|
- uses: cachix/install-nix-action@v26
|
|
with:
|
|
github_access_token: ${{ secrets.GITHUB_TOKEN }}
|
|
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
|
|
with:
|
|
go-version: stable
|
|
- uses: sigstore/cosign-installer@v3.5.0
|
|
- uses: anchore/sbom-action/download-syft@v0.15.10
|
|
- name: setup-validate-krew-manifest
|
|
run: go install sigs.k8s.io/krew/cmd/validate-krew-manifest@latest
|
|
- name: setup
|
|
run: |
|
|
task setup
|
|
task build
|
|
- name: test
|
|
run: task test
|
|
- uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4
|
|
with:
|
|
file: ./coverage.txt
|
|
- run: ./goreleaser check
|
|
- run: git diff
|