[Snyk] Security upgrade golang from 1.19.6-alpine to 1.21.12-alpine #604
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pre-Release | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - labeled | |
| - unlabeled | |
| env: | |
| REGISTRY: quay.io | |
| REPOSITORY: fiware | |
| jobs: | |
| generate-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.out.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-java@v1 | |
| with: | |
| java-version: '11' | |
| java-package: jdk | |
| - id: bump | |
| uses: zwaldowski/match-label-action@v1 | |
| with: | |
| allowed: major,minor,patch | |
| - uses: zwaldowski/semver-release-action@v2 | |
| with: | |
| dry_run: true | |
| bump: ${{ steps.bump.outputs.match }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get PR Number | |
| id: pr_number | |
| run: echo "::set-output name=nr::$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }')" | |
| - name: Set version output | |
| id: out | |
| run: echo "::set-output name=version::$(echo ${VERSION}-PRE-${{ steps.pr_number.outputs.nr }})" | |
| # image build&push | |
| echo-server: | |
| needs: [ "generate-version" ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-java@v1 | |
| with: | |
| java-version: '11' | |
| java-package: jdk | |
| - name: Log into quay.io | |
| run: docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" ${{ env.REGISTRY }} | |
| - name: Build&Push image | |
| run: | | |
| cd integration-test/echo-server/ | |
| mvn versions:set -DnewVersion=${{ needs.generate-version.outputs.version }} | |
| mvn clean install deploy -DskipTests -Dimage.tag=${{ needs.generate-version.outputs.version }} -Dimage.registry="${{ env.REGISTRY }}/" -Dimage.repository="${{ env.REPOSITORY }}" | |
| iptables-init: | |
| needs: [ "generate-version" ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build Image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: init-iptables | |
| tags: latest ${{ github.sha }} ${{ needs.generate-version.outputs.version }} | |
| dockerfiles: | | |
| ./src/iptables-init/Dockerfile | |
| context: ./src/iptables-init | |
| - name: Push To quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }} | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| envoy-configmap-updater: | |
| needs: [ "generate-version" ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build Image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: envoy-configmap-updater | |
| tags: latest ${{ github.sha }} ${{needs.generate-version.outputs.version}} | |
| dockerfiles: | | |
| ./src/envoy-configmap-updater/Dockerfile | |
| context: ./src/envoy-configmap-updater | |
| - name: Push To quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }} | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| envoy-resource-updater: | |
| needs: [ "generate-version" ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build Image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: envoy-resource-updater | |
| tags: latest ${{ github.sha }} ${{needs.generate-version.outputs.version}} | |
| dockerfiles: | | |
| ./src/envoy-resource-updater/Dockerfile | |
| context: ./src/envoy-resource-updater | |
| - name: Push To quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }} | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| mesh-extension-updater: | |
| needs: [ "generate-version" ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build Image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: mesh-extension-updater | |
| tags: latest ${{ github.sha }} ${{needs.generate-version.outputs.version}} | |
| dockerfiles: | | |
| ./src/mesh-extension-updater/Dockerfile | |
| context: ./src/mesh-extension-updater | |
| - name: Push To quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }} | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| envoy: | |
| needs: [ "generate-version" ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build Image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: envoy | |
| tags: latest ${{ github.sha }} ${{needs.generate-version.outputs.version}} | |
| dockerfiles: | | |
| ./envoy/Dockerfile | |
| context: . | |
| - name: Push To quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }} | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| ishare-auth-provider: | |
| needs: [ "generate-version" ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build Image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: ishare-auth-provider | |
| tags: latest ${{ github.sha }} ${{needs.generate-version.outputs.version}} | |
| dockerfiles: | | |
| ./src/ishare-auth-provider/Dockerfile | |
| context: ./src/ishare-auth-provider | |
| - name: Push To quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }} | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| endpoint-configuration-service: | |
| needs: [ "generate-version" ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-java@v1 | |
| with: | |
| java-version: '17' | |
| java-package: jdk | |
| - name: Log into quay.io | |
| run: docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" ${{ env.REGISTRY }} | |
| - name: Build&Push image | |
| run: | | |
| cd src/endpoint-configuration-service/ | |
| mvn versions:set -DnewVersion=${{ needs.generate-version.outputs.version }} | |
| mvn clean install deploy -DskipTests -Dimage.tag=${{ needs.generate-version.outputs.version }} -Dimage.registry="${{ env.REGISTRY }}/" -Dimage.repository="${{ env.REPOSITORY }}" | |
| service-mesh-extension: | |
| needs: [ "generate-version" ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set extension version | |
| run: | | |
| sed -i 's/${cache-filter-wasm.version}/${{ needs.generate-version.outputs.version }}/g' ./service-mesh/openshift/manifest.yaml | |
| cat ./service-mesh/openshift/manifest.yaml | |
| - name: Build Image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: cached-auth-filter-extension | |
| tags: ${{ github.sha }} ${{ needs.generate-version.outputs.version }} | |
| dockerfiles: | | |
| ./service-mesh/openshift/Dockerfile | |
| context: . | |
| - name: Push To quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }} | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| cached-auth-filter: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build wasm | |
| run: | | |
| docker run -u root -v /etc/ssl/certs:/etc/ssl/certs -v $(pwd)/src/cached-auth-filter:/cached-auth-filter --workdir /cached-auth-filter tinygo/tinygo:0.26.0 tinygo build -o cached-auth-filter.wasm -target=wasi ./main.go | |
| - uses: actions/upload-artifact@v2 | |
| with: | |
| name: cached-auth-filter | |
| path: src/cached-auth-filter/cached-auth-filter.wasm | |
| git-release: | |
| needs: | |
| - generate-version | |
| - endpoint-configuration-service | |
| - ishare-auth-provider | |
| - envoy | |
| - envoy-resource-updater | |
| - envoy-configmap-updater | |
| - iptables-init | |
| - echo-server | |
| - cached-auth-filter | |
| - service-mesh-extension | |
| - mesh-extension-updater | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/download-artifact@v2 | |
| with: | |
| name: cached-auth-filter | |
| path: ./ | |
| - uses: "marvinpinto/action-automatic-releases@latest" | |
| with: | |
| repo_token: "${{ secrets.GITHUB_TOKEN }}" | |
| automatic_release_tag: ${{ needs.generate-version.outputs.version }} | |
| prerelease: true | |
| title: ${{ needs.generate-version.outputs.version }} | |
| files: | | |
| LICENSE | |
| cached-auth-filter.wasm |