3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 19:06:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

github: pin github actions (#3183)

Browse source
This commit is contained in:
Caleb Doxsey 2022-03-23 11:54:37 -06:00 committed by GitHub
parent 7d00ad9b7d
commit 4a0780969f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 62 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/backport.yaml vendored
View file

@ -12,13 +12,13 @@ jobs:
steps: steps:
- name: Generate token - name: Generate token
id: generate_token id: generate_token
uses: tibdex/github-app-token@v1 uses: tibdex/github-app-token@7ce9ffdcdeb2ba82b01b51d6584a6a85872336d4 # pin@v1
with: with:
app_id: ${{ secrets.BACKPORT_APP_APPID }} app_id: ${{ secrets.BACKPORT_APP_APPID }}
private_key: ${{ secrets.BACKPORT_APP_PRIVATE_KEY }} private_key: ${{ secrets.BACKPORT_APP_PRIVATE_KEY }}
- name: Backport - name: Backport
uses: tibdex/backport@v1 uses: tibdex/backport@e2ffd4c5a70730dfd19046859dfaf366e3de6466 # pin@v1
with: with:
github_token: ${{ steps.generate_token.outputs.token }} github_token: ${{ steps.generate_token.outputs.token }}
title_template: "{{originalTitle}}" title_template: "{{originalTitle}}"

26
.github/workflows/docker-main.yaml vendored
View file

@ -13,18 +13,18 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v1 uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # pin@v1
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # pin@v1
- name: Login to DockerHub - name: Login to DockerHub
uses: docker/login-action@v1 uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # pin@v1
with: with:
username: ${{ secrets.DOCKERHUB_USER }} username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
@ -45,7 +45,7 @@ jobs:
echo ::set-output name=sha-tag::${SHA_TAG} echo ::set-output name=sha-tag::${SHA_TAG}
- name: Docker Publish - Main - name: Docker Publish - Main
uses: docker/build-push-action@v2 uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # pin@v2
with: with:
context: . context: .
file: ./Dockerfile file: ./Dockerfile
@ -58,7 +58,7 @@ jobs:
org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.revision=${{ github.sha }}
- name: Docker Publish - Debug - name: Docker Publish - Debug
uses: docker/build-push-action@v2 uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # pin@v2
with: with:
context: . context: .
file: ./Dockerfile.debug file: ./Dockerfile.debug
@ -75,23 +75,25 @@ jobs:
needs: publish needs: publish
steps: steps:
- name: Checkout Helmfile Repo - name: Checkout Helmfile Repo
uses: actions/checkout@v3 uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
with: with:
repository: pomerium/helmfile repository: pomerium/helmfile
token: ${{ secrets.APPARITOR_GITHUB_TOKEN }} token: ${{ secrets.APPARITOR_GITHUB_TOKEN }}
- name: Bump psql environment - name: Bump psql environment
uses: mikefarah/yq@v4.23.1 uses: mikefarah/yq@03f57b7034d0330d54663881def67523347dfc9c # pin@v4.23.1
with: with:
cmd: yq eval '.image.tag = "${{ needs.publish.outputs.sha-tag }}"' -i environments/internal-prd/pomerium-master-postgres/values/pomerium.yaml cmd: yq eval '.image.tag = "${{ needs.publish.outputs.sha-tag }}"' -i
environments/internal-prd/pomerium-master-postgres/values/pomerium.yaml
- name: Bump mysql environment - name: Bump mysql environment
uses: mikefarah/yq@v4.23.1 uses: mikefarah/yq@03f57b7034d0330d54663881def67523347dfc9c # pin@v4.23.1
with: with:
cmd: yq eval '.image.tag = "${{ needs.publish.outputs.sha-tag }}"' -i environments/internal-prd/pomerium-master-mysql/values/pomerium.yaml cmd: yq eval '.image.tag = "${{ needs.publish.outputs.sha-tag }}"' -i
environments/internal-prd/pomerium-master-mysql/values/pomerium.yaml
- name: Commit changes - name: Commit changes
uses: stefanzweifel/git-auto-commit-action@v4 uses: stefanzweifel/git-auto-commit-action@c4b132ec2c77a21fcab564bd3c92610cee84b894 # pin@v4
with: with:
commit_message: | commit_message: |
Bump test environment pomerium/pomerium Bump test environment pomerium/pomerium

21
.github/workflows/release.yaml vendored
View file

@ -14,30 +14,30 @@ jobs:
tag: ${{ steps.tagName.outputs.tag }} tag: ${{ steps.tagName.outputs.tag }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
- name: Unshallow - name: Unshallow
run: git fetch --prune --unshallow run: git fetch --prune --unshallow
- name: Set up Node.js - name: Set up Node.js
uses: actions/setup-node@v3 uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # pin@v3
with: with:
node-version: 16.x node-version: 16.x
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v2 uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2
with: with:
go-version: 1.17.x go-version: 1.17.x
- name: Set up Docker - name: Set up Docker
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- uses: azure/docker-login@v1 - uses: azure/docker-login@81744f9799e7eaa418697cb168452a2882ae844a # pin@v1
with: with:
username: ${{ secrets.DOCKERHUB_USER }} username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: google-github-actions/setup-gcloud@v0 - uses: google-github-actions/setup-gcloud@877d4953d2c70a0ba7ef3290ae968eb24af233bb # pin@v0
with: with:
project_id: pomerium-io project_id: pomerium-io
service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT }} service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT }}
@ -46,7 +46,7 @@ jobs:
run: gcloud auth configure-docker run: gcloud auth configure-docker
- name: Run GoReleaser - name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2 uses: goreleaser/goreleaser-action@b953231f81b8dfd023c58e0854a721e35037f28b # pin@v2
with: with:
version: v0.184.0 version: v0.184.0
args: release --config .github/goreleaser.yaml args: release --config .github/goreleaser.yaml
@ -110,18 +110,19 @@ jobs:
needs: goreleaser needs: goreleaser
steps: steps:
- name: Checkout Helmfile Repo - name: Checkout Helmfile Repo
uses: actions/checkout@v3 uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
with: with:
repository: pomerium/helmfile repository: pomerium/helmfile
token: ${{ secrets.APPARITOR_GITHUB_TOKEN }} token: ${{ secrets.APPARITOR_GITHUB_TOKEN }}
- name: Bump test environment - name: Bump test environment
uses: mikefarah/yq@v4.23.1 uses: mikefarah/yq@03f57b7034d0330d54663881def67523347dfc9c # pin@v4.23.1
with: with:
cmd: yq eval '.image.tag = "${{ needs.goreleaser.outputs.tag }}"' -i environments/internal-prd/values/pomerium-demo.yaml cmd: yq eval '.image.tag = "${{ needs.goreleaser.outputs.tag }}"' -i
environments/internal-prd/values/pomerium-demo.yaml
- name: Commit changes - name: Commit changes
uses: stefanzweifel/git-auto-commit-action@v4 uses: stefanzweifel/git-auto-commit-action@c4b132ec2c77a21fcab564bd3c92610cee84b894 # pin@v4
with: with:
commit_message: | commit_message: |
Bump test environment pomerium/pomerium Bump test environment pomerium/pomerium

68
.github/workflows/test.yaml vendored
View file

@ -14,28 +14,28 @@ jobs:
platform: [ubuntu-latest, macos-latest] platform: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.platform }} runs-on: ${{ matrix.platform }}
steps: steps:
- uses: actions/setup-go@v2 - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2
with: with:
go-version: ${{ matrix.go-version }} go-version: ${{ matrix.go-version }}
- uses: actions/setup-node@v3 - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # pin@v3
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
- name: set env vars - name: set env vars
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- uses: actions/checkout@v3 - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- name: cache go binaries - name: cache go binaries
uses: actions/cache@v3 uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 # pin@v3
id: cache-go-bin id: cache-go-bin
with: with:
path: ~/go/bin path: ~/go/bin
key: ${{ runner.os }}-${{ hashFiles('**/go.mod') }} key: ${{ runner.os }}-${{ hashFiles('**/go.mod') }}
restore-keys: ${{ runner.os }}-go-bin restore-keys: ${{ runner.os }}-go-bin
- uses: actions/cache@v3 - uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 # pin@v3
with: with:
path: | path: |
~/go/pkg/mod ~/go/pkg/mod
@ -61,15 +61,15 @@ jobs:
go-version: [1.17.x] go-version: [1.17.x]
node-version: [16.x] node-version: [16.x]
steps: steps:
- uses: actions/setup-go@v2 - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2
with: with:
go-version: ${{ matrix.go-version }} go-version: ${{ matrix.go-version }}
- uses: actions/setup-node@v3 - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # pin@v3
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
- uses: actions/checkout@v3 - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
with: with:
fetch-depth: 0 fetch-depth: 0
@ -77,14 +77,14 @@ jobs:
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- name: cache go binaries - name: cache go binaries
uses: actions/cache@v3 uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 # pin@v3
id: cache-go-bin id: cache-go-bin
with: with:
path: ~/go/bin path: ~/go/bin
key: ${{ runner.os }}-${{ hashFiles('**/go.mod') }} key: ${{ runner.os }}-${{ hashFiles('**/go.mod') }}
restore-keys: ${{ runner.os }}-go-bin restore-keys: ${{ runner.os }}-go-bin
- uses: actions/cache@v3 - uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 # pin@v3
with: with:
path: | path: |
~/go/pkg/mod ~/go/pkg/mod
@ -96,14 +96,14 @@ jobs:
- name: cover - name: cover
run: make cover run: make cover
- uses: jandelgado/gcov2lcov-action@v1.0.8 - uses: jandelgado/gcov2lcov-action@2477d9ec11814a9326e7fdde8d315783d163edb7 # pin@v1.0.8
name: convert coverage to lcov name: convert coverage to lcov
with: with:
infile: coverage.txt infile: coverage.txt
outfile: coverage.lcov outfile: coverage.lcov
- name: upload to coveralls - name: upload to coveralls
uses: coverallsapp/github-action@1.1.3 uses: coverallsapp/github-action@9ba913c152ae4be1327bfb9085dc806cedb44057 # pin@1.1.3
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}
path-to-lcov: coverage.lcov path-to-lcov: coverage.lcov
@ -119,20 +119,20 @@ jobs:
idp: [auth0, azure, github, gitlab, google, oidc, okta, onelogin, ping] idp: [auth0, azure, github, gitlab, google, oidc, okta, onelogin, ping]
runs-on: ${{ matrix.platform }} runs-on: ${{ matrix.platform }}
steps: steps:
- uses: actions/setup-go@v2 - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2
with: with:
go-version: ${{ matrix.go-version }} go-version: ${{ matrix.go-version }}
- uses: actions/setup-node@v3 - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # pin@v3
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
- name: set env vars - name: set env vars
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- uses: actions/checkout@v3 - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: actions/cache@v3 - uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 # pin@v3
with: with:
path: | path: |
~/go/pkg ~/go/pkg
@ -165,18 +165,18 @@ jobs:
platform: [ubuntu-latest, macos-latest] platform: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.platform }} runs-on: ${{ matrix.platform }}
steps: steps:
- uses: actions/setup-go@v2 - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2
with: with:
go-version: ${{ matrix.go-version }} go-version: ${{ matrix.go-version }}
- uses: actions/setup-node@v3 - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # pin@v3
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
- uses: actions/checkout@v3 - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: actions/cache@v3 - uses: actions/cache@4b0cf6cc4619e737324ddfcec08fff2413359514 # pin@v3
with: with:
path: | path: |
~/go/pkg/mod ~/go/pkg/mod
@ -192,7 +192,7 @@ jobs:
make build make build
- name: save binary - name: save binary
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # pin@v2
with: with:
path: bin/pomerium* path: bin/pomerium*
name: pomerium ${{ github.run_id }} ${{ matrix.platform }} name: pomerium ${{ github.run_id }} ${{ matrix.platform }}
@ -201,15 +201,15 @@ jobs:
build-docker: build-docker:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # pin@v1
- name: Docker Build - name: Docker Build
uses: docker/build-push-action@v2 uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # pin@v2
with: with:
context: . context: .
file: ./Dockerfile file: ./Dockerfile
@ -219,16 +219,18 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: actions/setup-go@v2 - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2
with: with:
go-version: 1.17.x go-version: 1.17.x
- uses: actions/setup-python@v3 - uses: actions/setup-python@0ebf233433c08fb9061af664d501c3f3ff0e9e20 # pin@v3
- uses: pre-commit/action@release - uses: pre-commit/action@876132a3c26aa072b09eab6c5395b4749eeb2435 # pin@release
with: with:
extra_args: --show-diff-on-failure --from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }} extra_args: --show-diff-on-failure --from-ref ${{
github.event.pull_request.base.sha }} --to-ref ${{
github.event.pull_request.head.sha }}
env: env:
SKIP: lint SKIP: lint
@ -241,14 +243,14 @@ jobs:
needs: needs:
- build - build
steps: steps:
- uses: actions/setup-go@v2 - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # pin@v2
with: with:
go-version: 1.17.x go-version: 1.17.x
- uses: actions/checkout@v3 - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # pin@v3
- name: retrieve binary - name: retrieve binary
uses: actions/download-artifact@v2 uses: actions/download-artifact@f023be2c48cc18debc3bacd34cb396e0295e2869 # pin@v2
with: with:
name: pomerium ${{ github.run_id }} ${{ matrix.platform }} name: pomerium ${{ github.run_id }} ${{ matrix.platform }}
path: bin/ path: bin/
@ -257,6 +259,6 @@ jobs:
run: make get-envoy run: make get-envoy
- name: FOSSA Scan - name: FOSSA Scan
uses: fossa-contrib/fossa-action@v1 uses: fossa-contrib/fossa-action@6cffaa064112e1cf9b5798c6224f9487dc1ec316 # pin@v1
with: with:
fossa-api-key: 18f4ef488f514d06874b75f5809cea93 fossa-api-key: 18f4ef488f514d06874b75f5809cea93