Skip to content

chore(deps): update github/codeql-action action to v3.26.3 #2833

chore(deps): update github/codeql-action action to v3.26.3

chore(deps): update github/codeql-action action to v3.26.3 #2833

Workflow file for this run

name: build
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
CGO_ENABLED: '0'
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 2
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: .go-version
- name: Test
run: go test -v ./...
lint:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 2
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: .go-version
- name: Run golangci-lint
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
# renovate: datasource=go depName=github.com/golangci/golangci-lint
version: v1.59.1
codeql-analyze:
runs-on: ubuntu-latest
permissions:
security-events: write
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 2
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: .go-version
- name: Initialize CodeQL
uses: github/codeql-action/init@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
build:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 2
- name: Build container image
run: podman build --tag 'ghcr.io/maxbrunet/prometheus-elasticache-sd:latest' .
semantic-release:
needs: [codeql-analyze, build, lint, test]
runs-on: ubuntu-latest
container:
# https://github.com/containers/podman/tree/main/contrib/podmanimage
image: quay.io/containers/podman:v5.2.0
options: >-
--device /dev/fuse:rw
--privileged
--security-opt label=disable
--security-opt seccomp=unconfined
permissions:
contents: write
issues: write
packages: write
pull-requests: write
timeout-minutes: 30
steps:
- name: Install dependencies
run: dnf install --assumeyes --repo fedora git
# full checkout for semantic-release
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
# Use Deploy key with write access to push changelog to main branch (protected branch)
ssh-key: ${{ secrets.SEMANTIC_RELEASE_SSH_KEY }}
# The checkout action is supposed to take of it, but it is not enough :/
- name: Add repository directory to the git global config as a safe directory
run: git config --global --add safe.directory "${GITHUB_WORKSPACE}"
- name: Set up Node.js
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: lts/*
- name: Login to GitHub Container Registry
run: podman login --username "${USERNAME}" --password "${PASSWORD}" "${REGISTRY}"
if: github.event_name != 'pull_request'
env:
USERNAME: ${{ github.actor }}
PASSWORD: ${{ secrets.GITHUB_TOKEN }}
REGISTRY: ghcr.io
- name: Semantic Release
uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d # v3.4.2
with:
# renovate: datasource=npm depName=semantic-release
semantic_version: 19.0.5
dry_run: ${{ github.event_name == 'pull_request' }}
extra_plugins: |
conventional-changelog-conventionalcommits@7.0.2
@semantic-release/changelog@6.0.3
@semantic-release/exec@6.0.3
@semantic-release/git@10.0.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Post Login to GitHub Container Registry
run: |
if podman login --get-login "${REGISTRY}" >/dev/null; then
podman logout "${REGISTRY}"
fi
if: always()
env:
REGISTRY: ghcr.io