build(deps): bump actions/checkout from 4.1.2 to 4.1.3 #1617
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| jobs: | |
| build-melange: | |
| name: Build melange and add to artifact cache | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version: '1.21' | |
| check-latest: true | |
| - name: build | |
| run: | | |
| make melange | |
| - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 | |
| with: | |
| name: melange-${{ github.run_id }} | |
| path: ${{ github.workspace }}/melange | |
| retention-days: 1 | |
| build-packages: | |
| name: Build packages | |
| needs: | |
| - build-melange | |
| # TODO: Set up a larger runner for this. | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| # This is a list of packages which covers basic and exotic uses of | |
| # the built-in pipelines. Goal is to balance efficiency while also | |
| # exercising Melange with real-world package builds. | |
| # Feel free to add additional packages to this matrix which exercise | |
| # Melange in new ways (e.g. new pipelines, etc.) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| package: | |
| - hello-wolfi | |
| - glibc | |
| - tini | |
| - lzo | |
| - bubblewrap | |
| - gdk-pixbuf | |
| - gitsign | |
| - guac | |
| - mdbook | |
| - s3cmd | |
| - perl-yaml-syck | |
| - xmlto | |
| - ncurses | |
| steps: | |
| - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 | |
| with: | |
| repository: wolfi-dev/os | |
| - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 | |
| with: | |
| name: melange-${{ github.run_id }} | |
| path: ${{ github.workspace }}/.melange-dir | |
| run-id: ${{ github.run_id }} | |
| - run: | | |
| sudo mv ${{ github.workspace }}/.melange-dir/melange /usr/bin/melange | |
| sudo chmod a+x /usr/bin/melange | |
| melange version | |
| - run: | | |
| sudo apt-get -y install bubblewrap | |
| - run: | | |
| make SHELL="/bin/bash" MELANGE="sudo melange" package/${{ matrix.package }} | |
| - run: | | |
| for f in packages/x86_64/${{ matrix.package }}-*.apk; do | |
| docker run --rm -v $(pwd):/work cgr.dev/chainguard/wolfi-base apk add --allow-untrusted /work/$f | |
| done |