Skip to content

build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 in /golang/vaas #646

build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 in /golang/vaas

build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 in /golang/vaas #646

Workflow file for this run

name: vaas-golang-ci
on:
push:
branches:
- main
paths:
- "golang/vaas/**"
- ".github/workflows/ci-golang.yaml"
tags:
- "golang/vaas/v*.*.*"
pull_request:
branches:
- main
paths:
- "golang/vaas/**"
- ".github/workflows/ci-golang.yaml"
workflow_dispatch:
inputs:
environment:
type: choice
description: "Test environment"
options:
- production
- staging
- develop
default: "production"
env:
LATEST_PATH: v3/
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{secrets.CLIENT_SECRET}}
VAAS_URL: "wss://gateway.production.vaas.gdatasecurity.de"
TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token"
VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }}
VAAS_PASSWORD: ${{secrets.VAAS_PASSWORD}}
jobs:
extract-major-version:
runs-on: ubuntu-latest
outputs:
major_version: ${{ steps.extract_major_version.outputs.major_version }}
steps:
- uses: actions/checkout@v4
- name: Extract major version
id: extract_major_version
if: startsWith(github.ref, 'refs/tags')
run: echo "major_version=$(echo ${GITHUB_REF#refs/tags/golang/vaas/} | cut -d '.' -f 1)" >> "$GITHUB_OUTPUT"
virus-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Scan for Viruses
uses: ./.github/actions/vaas-scan-action
with:
VAAS_CLIENT_ID: ${{ secrets.VAAS_SCAN_CLIENT_ID }}
VAAS_CLIENT_SECRET: ${{ secrets.VAAS_SCAN_CLIENT_SECRET }}
build-golang:
runs-on: ubuntu-latest
container:
image: golang:latest
strategy:
matrix:
version-directory: ["./", "v2/", "v3/"]
steps:
- uses: actions/checkout@v4
- name: set legacy vaas gateway for production
run: |
if [ "${{ matrix.version-directory }}" = "./" -o "${{ matrix.version-directory }}" = "v2/" ]; then
echo "VAAS_URL=wss://gateway.production.vaas.gdatasecurity.de" >> $GITHUB_ENV
else
echo "VAAS_URL=https://gateway.production.vaas.gdatasecurity.de" >> $GITHUB_ENV
fi
- name: set staging environment
if: (inputs.environment == 'staging' || (startsWith(github.ref, 'refs/tags') && endsWith(github.ref, '-beta')))
run: |
echo "Beta version: Testing against staging"
echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV
echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV
if [ "${{ matrix.version-directory }}" = "./" -o "${{ matrix.version-directory }}" = "v2/" ]; then
echo "VAAS_URL=wss://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV
else
echo "VAAS_URL=https://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV
fi
echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV
echo "VAAS_PASSWORD=${{ secrets.STAGING_VAAS_PASSWORD }}" >> $GITHUB_ENV
- name: set develop environment
if: (inputs.environment == 'develop' || (startsWith(github.ref, 'refs/tags') && endsWith(github.ref, '-alpha')))
run: |
echo "Alpha version: Testing against develop"
echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV
echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV
if [ "${{ matrix.version-directory }}" = "./" -o "${{ matrix.version-directory }}" = "v2/" ]; then
echo "VAAS_URL=wss://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV
else
echo "VAAS_URL=https://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV
fi
echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV
echo "VAAS_PASSWORD=${{ secrets.DEVELOP_VAAS_PASSWORD }}" >> $GITHUB_ENV
- name: run tests
run: go test -race ./...
working-directory: golang/vaas/${{ matrix.version-directory }}
- name: Microsoft Teams Notification
uses: skitionek/notify-microsoft-teams@master
if: failure()
with:
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`"
job: ${{ toJson(job) }}
steps: ${{ toJson(steps) }}
codeql:
runs-on: ubuntu-latest
timeout-minutes: 360
permissions:
security-events: write
actions: read
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:go"
- name: Microsoft Teams Notification
uses: skitionek/notify-microsoft-teams@master
if: failure()
with:
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
title: "`Failed codeql on for VaaS-SDK ${GITHUB_WORKFLOW}`"
job: ${{ toJson(job) }}
steps: ${{ toJson(steps) }}
vulncheck:
runs-on: ubuntu-latest
container:
image: golang:latest
strategy:
matrix:
version-directory: [".", "v2", "v3"]
steps:
- uses: actions/checkout@v4
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
shell: bash
- name: Run govulncheck
run: govulncheck ./${{ matrix.version-directory }}...
working-directory: golang/vaas/
shell: bash
- name: Microsoft Teams Notification
uses: skitionek/notify-microsoft-teams@master
if: failure()
with:
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`"
job: ${{ toJson(job) }}
steps: ${{ toJson(steps) }}
deploy:
runs-on: ubuntu-latest
needs:
- extract-major-version
- virus-scan
- build-golang
- codeql
- vulncheck
steps:
- name: publish module
env:
MAJOR_VERSION: ${{ needs.extract-major-version.outputs.major_version }}
if: startsWith(github.ref, 'refs/tags/golang/vaas/v3<')
run: |
if [ "$MAJOR_VERSION" = "v1" ]; then
GOPROXY=proxy.golang.org go list -m github.com/GDATASoftwareAG/vaas/golang/vaas@${GITHUB_REF#refs/tags/golang/vaas/}
else
GOPROXY=proxy.golang.org go list -m github.com/GDATASoftwareAG/vaas/golang/vaas/${MAJOR_VERSION}@${GITHUB_REF#refs/tags/golang/vaas/}
fi
- name: Microsoft Teams Notification
uses: skitionek/notify-microsoft-teams@master
if: failure()
with:
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`"
job: ${{ toJson(job) }}
steps: ${{ toJson(steps) }}
deploy-git-scan:
if: startsWith(github.ref, 'refs/tags')
needs:
- extract-major-version
- virus-scan
- build-golang
- codeql
- vulncheck
permissions:
contents: read
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
env:
MAJOR_VERSION: ${{ needs.extract-major-version.outputs.major_version }}
uses: docker/metadata-action@v5
id: meta
with:
images: |
ghcr.io/gdatasoftwareag/vaas/git-scan
tags: |
type=semver,pattern={{version}},value=${{ env.MAJOR_VERSION }}
type=semver,pattern={{major}}.{{minor}},value=${{ env.MAJOR_VERSION }}
type=semver,pattern={{major}},value=${{ env.MAJOR_VERSION }}
flavor: |
latest=auto
- name: login to ghcr.io/gdatasoftwareag
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.GHCR_IO_GDATASOFTWAREAG_USERNAME }}
password: ${{ secrets.GHCR_IO_GDATASOFTWAREAG_PASSWORD }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: "golang/vaas/${{ env.LATEST_PATH }}"
file: "golang/vaas/${{ env.LATEST_PATH }}git-scan.Dockerfile"
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}