Bump golang.org/x/crypto from 0.29.0 to 0.31.0 (#1038) #3331
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tink | |
on: | |
push: | |
branches: | |
- "*" | |
tags-ignore: | |
- "v*" | |
pull_request: {} | |
workflow_dispatch: {} | |
env: | |
CGO_ENABLED: "0" | |
GO_VERSION: "1.22" | |
jobs: | |
verify: | |
name: Verify | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "${{ env.GO_VERSION }}" | |
- run: make verify | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "${{ env.GO_VERSION }}" | |
- name: Run unit tests | |
run: make test | |
- name: Run e2e tests | |
run: make e2e-test | |
- name: Upload codecov | |
uses: codecov/codecov-action@v5 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
checks: | |
name: CI Checks | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install nix | |
uses: cachix/install-nix-action@v30 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable | |
- name: Run ci-checks.sh | |
run: nix-shell --run 'make ci-checks' | |
# We preemptively build the binaries for efficiency instead of waiting on unit tests to pass | |
# hence this doesn't depend on anything. | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platform: [amd64, arm64] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "${{ env.GO_VERSION }}" | |
- name: Build linux/${{ matrix.platform }} | |
run: make build -j$(nproc) GOOS=linux GOARCH=${{ matrix.platform }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.platform }}-binaries | |
path: bin/* | |
package: | |
name: Package | |
runs-on: ubuntu-latest | |
needs: | |
- verify | |
- test | |
- checks | |
- build | |
strategy: | |
matrix: | |
include: | |
- repository: quay.io/tinkerbell/tink | |
binary: tink-server | |
- repository: quay.io/tinkerbell/tink-worker | |
binary: tink-worker | |
- repository: quay.io/tinkerbell/tink-controller | |
binary: tink-controller | |
steps: | |
- name: Create docker image tags | |
id: docker-image-tag | |
run: echo ::set-output name=tags::${{ matrix.repository }}:latest,${{ matrix.repository }}:sha-${GITHUB_SHA::8} | |
- uses: actions/checkout@v4 | |
- name: Login to quay.io | |
uses: docker/login-action@v3 | |
if: ${{ startsWith(github.ref, 'refs/heads/main') }} | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Download all binaries | |
uses: actions/download-artifact@v4 | |
with: | |
path: ./bin | |
merge-multiple: true | |
# Artifact upload doesn't preserve permissions so we need to fix them before use in | |
# the Dockerfiles. | |
- name: Fix permissions | |
run: chmod +x bin/* | |
- name: Build ${{ matrix.repository }} and push | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: cmd/${{ matrix.binary }}/Dockerfile | |
cache-from: type=registry,ref=${{ matrix.repository }}:latest | |
push: ${{ startsWith(github.ref, 'refs/heads/main') }} | |
tags: ${{ steps.docker-image-tag.outputs.tags }} | |
platforms: linux/amd64,linux/arm64 |