Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 #806

Workflow file for this run

.github/workflows/release.yml at c4970a0

	# Generated by: gromit policy
	# Generated on: Mon Mar 11 09:51:17 UTC 2024

	# Distribution channels covered by this workflow
	# - Ubuntu and Debian
	# - RHEL and AL
	# - docker hub
	# - devenv ECR
	# - Cloudsmith

	name: Release
	on:
	# Trigger release every monday at midnight for master CI images
	schedule:
	- cron: "0 0 * * 1"
	pull_request:
	push:
	branches:
	- master
	- release-**
	tags:
	- 'v*'
	env:
	GOPRIVATE: github.com/TykTechnologies
	jobs:
	goreleaser:
	name: '${{ matrix.golang_cross }}'
	runs-on: ubuntu-latest
	permissions:
	id-token: write # AWS OIDC JWT
	contents: read # actions/checkout
	strategy:
	fail-fast: false
	matrix:
	golang_cross:
	- 1.21-bullseye
	include:
	- golang_cross: 1.21-bullseye
	goreleaser: 'ci/goreleaser/goreleaser.yml'
	cgo: 0
	rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023'
	debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye debian/bookworm'
	outputs:
	tags: ${{ steps.metadata.outputs.tags }}
	commit_author: ${{ steps.fetch-author.outputs.commit_author}}
	steps:
	- name: Checkout of tyk-identity-broker
	uses: actions/checkout@v4
	with:
	fetch-depth: 1
	- name: Get commit author
	id: fetch-author
	run: echo "commit_author=$(git show -s --format='%ae' HEAD)" >> $GITHUB_OUTPUT
	- uses: docker/setup-qemu-action@v3
	- uses: docker/setup-buildx-action@v3
	- name: Login to DockerHub
	if: startsWith(github.ref, 'refs/tags')
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: Login to Cloudsmith
	if: startsWith(github.ref, 'refs/tags')
	uses: docker/login-action@v3
	with:
	registry: docker.tyk.io
	username: ${{ secrets.CLOUDSMITH_USERNAME }}
	password: ${{ secrets.CLOUDSMITH_API_KEY }}
	- uses: actions/cache@v4
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	- name: Build
	env:
	NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
	PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
	PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
	run: \|
	echo '#!/bin/sh
	ci/bin/unlock-agent.sh
	git config --global url."https://${{ secrets.ORG_GH_TOKEN }}@github.com".insteadOf "https://github.com"
	git config --global --add safe.directory /go/src/github.com/TykTechnologies/tyk-identity-broker
	goreleaser release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' \|\| '' }}' \| tee /tmp/build.sh
	chmod +x /tmp/build.sh
	docker run --rm --privileged -e GITHUB_TOKEN=${{ github.token }} \
	-e GOPRIVATE=github.com/TykTechnologies \
	-e GO111MODULE=on \
	-e DEBVERS='${{ matrix.debvers }}' \
	-e RPMVERS='${{ matrix.rpmvers }}' \
	-e CGO_ENABLED=${{ matrix.cgo }} \
	-e NFPM_STD_PASSPHRASE="$NFPM_STD_PASSPHRASE" \
	-e GPG_FINGERPRINT=12B5D62C28F57592D1575BD51ED14C59E37DAC20 \
	-e PKG_SIGNING_KEY="$PKG_SIGNING_KEY" \
	-e PACKAGECLOUD_TOKEN=$PACKAGECLOUD_TOKEN \
	-v ${{github.workspace}}:/go/src/github.com/TykTechnologies/tyk-identity-broker \
	-v /var/run/docker.sock:/var/run/docker.sock \
	-v ~/.docker/config.json:/root/.docker/config.json \
	-v ~/go/pkg/mod:/go/pkg/mod \
	-v /tmp/build.sh:/tmp/build.sh \
	-w /go/src/github.com/TykTechnologies/tyk-identity-broker \
	tykio/golang-cross:${{ matrix.golang_cross }} /tmp/build.sh
	- uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
	role-session-name: cipush
	aws-region: eu-central-1
	# Don't mask to pass it across job boundaries
	mask-aws-account-id: false
	- uses: aws-actions/amazon-ecr-login@v2
	id: ecr
	if: ${{ matrix.golang_cross == '1.21-bullseye' }}
	with:
	mask-password: 'true'
	- name: Docker metadata for CI
	id: metadata
	if: ${{ matrix.golang_cross == '1.21-bullseye' }}
	uses: docker/metadata-action@v5
	with:
	images: ${{ steps.ecr.outputs.registry }}/tyk-identity-broker
	flavor: \|
	latest=false
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=sha,format=long
	type=semver,pattern=v{{major}}.{{minor}},prefix=v
	type=semver,pattern=v{{version}},prefix=v
	- name: CI push
	if: ${{ matrix.golang_cross == '1.21-bullseye' }}
	shell: bash
	env:
	t: ${{ steps.metadata.outputs.tags }}
	build_tag: ${{ startswith(github.ref, 'refs/tags') && github.ref_name \|\| 'v0.0.0' }}
	run: \|
	set +e
	IFS=$'\n' tags=($t)
	for tag in "${tags[@]}"; do
	for arch in amd64 arm64; do
	docker tag tykio/tyk-identity-broker:${build_tag}-${arch} ${tag}-${arch} && docker push ${tag}-${arch}
	done
	docker manifest create ${tag} ${tag}-amd64 ${tag}-arm64 && docker manifest push ${tag}
	done
	- uses: actions/upload-artifact@v4
	if: ${{ matrix.golang_cross == '1.21-bullseye' }}
	with:
	name: deb
	retention-days: 1
	path: \|
	dist/*.deb
	!dist/PAYG.deb
	- uses: actions/upload-artifact@v4
	if: ${{ matrix.golang_cross == '1.21-bullseye' }}
	with:
	name: rpm
	retention-days: 1
	path: \|
	dist/*.rpm
	!dist/PAYG.rpm
	upgrade-deb:
	services:
	httpbin.org:
	image: kennethreitz/httpbin
	runs-on: ubuntu-latest
	needs: goreleaser
	strategy:
	fail-fast: false
	matrix:
	arch:
	- amd64
	- arm64
	distro:
	- ubuntu:bionic
	- ubuntu:focal
	- ubuntu:jammy
	- debian:bullseye
	- debian:bookworm
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 1
	- uses: actions/download-artifact@v4
	with:
	name: deb
	- uses: docker/setup-qemu-action@v3
	- uses: docker/setup-buildx-action@v3
	- name: generate dockerfile
	run: \|
	echo 'FROM ${{ matrix.distro }}
	ARG TARGETARCH
	COPY tyk-identity-broker*_${TARGETARCH}.deb /tyk-identity-broker.deb
	RUN apt-get update && apt-get install -y curl
	RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-identity-broker/script.deb.sh \| bash && apt-get install -y tyk-identity-broker=1.1.0
	RUN dpkg -i tyk-identity-broker.deb
	' > Dockerfile
	- name: install on ${{ matrix.distro }}
	uses: docker/build-push-action@v5
	with:
	context: "."
	platforms: linux/${{ matrix.arch }}
	file: Dockerfile
	push: false
	upgrade-rpm:
	services:
	httpbin.org:
	image: kennethreitz/httpbin
	needs: goreleaser
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	distro:
	- amazonlinux:2023
	- registry.access.redhat.com/ubi8/ubi
	- registry.access.redhat.com/ubi9/ubi
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 1
	- uses: actions/download-artifact@v4
	with:
	name: rpm
	- uses: docker/setup-buildx-action@v3
	- name: generate dockerfile
	run: \|
	echo 'FROM ${{ matrix.distro }}
	COPY tyk-identity-broker*.x86_64.rpm /tyk-identity-broker.rpm
	RUN command -v curl \|\| yum install -y curl
	RUN command -v useradd \|\| yum install -y shadow-utils
	RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-identity-broker/script.rpm.sh \| bash && yum install -y tyk-identity-broker-1.1.0-1
	RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-identity-broker.key && rpm --import tyk-identity-broker.key
	RUN rpm --checksig tyk-identity-broker.rpm
	RUN rpm -Uvh --force tyk-identity-broker.rpm
	' > Dockerfile
	- name: install on ${{ matrix.distro }}
	uses: docker/build-push-action@v5
	with:
	context: "."
	file: Dockerfile
	push: false
	sbom:
	needs: goreleaser
	uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
	secrets:
	DEPDASH_URL: ${{ secrets.DEPDASH_URL }}
	DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
	ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 #806

Workflow file

Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 #806

Jobs

Run details

Workflow file for this run