Skip to content

build(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 #944

build(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0

build(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 #944

Workflow file for this run

name: Build wonderwall
on: [push]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
GOOGLE_REGISTRY: europe-north1-docker.pkg.dev
GITHUB_REGISTRY: ghcr.io
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout latest code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # ratchet:actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # ratchet:actions/setup-go@v5
with:
go-version: "1.23"
check-latest: true
- name: Test Go
run: |
make test
make check
build:
needs: test
name: Publish to Google and GitHub registries
if: github.ref == 'refs/heads/master'
permissions:
contents: "read"
id-token: "write"
packages: "write"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # ratchet:actions/checkout@v4
- name: Install cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # ratchet:sigstore/cosign-installer@main
with:
cosign-release: 'v2.2.3'
- name: Verify runner image
run: cosign verify --certificate-oidc-issuer https://accounts.google.com --certificate-identity keyless@distroless.iam.gserviceaccount.com gcr.io/distroless/static-debian12:nonroot
- uses: nais/platform-build-push-sign@main # ratchet:exclude
id: build_push_sign
with:
name: wonderwall
dockerfile: Dockerfile
google_service_account: gh-wonderwall
multi-platform: true
push: true
push_ghcr: true
workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }}
- uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # ratchet:azure/setup-helm@v4
name: 'Setup Helm'
with:
version: '3.13.2'
- name: Package chart
id: package_chart
env:
CHART_PATH: ./charts/wonderwall
run: |
base_version="$(yq '.version' < "${{ env.CHART_PATH }}/Chart.yaml")"
chart_version="${base_version}-${{ steps.build_push_sign.outputs.version }}"
yq eval \
'.version="'"$chart_version"'"' \
"${{ env.CHART_PATH }}/Chart.yaml" --inplace
yq eval \
'.image.tag="${{ steps.build_push_sign.outputs.version }}"' \
"${{ env.CHART_PATH }}/values.yaml" --inplace
# helm dependency update "${{ env.CHART_PATH }}"
helm package "${{ env.CHART_PATH }}" --destination .
name=$(yq '.name' < "${{ env.CHART_PATH }}/Chart.yaml")
echo "name=$name" >> $GITHUB_OUTPUT
echo "version=$chart_version" >> $GITHUB_OUTPUT
echo "archive=$name-$chart_version.tgz" >> $GITHUB_OUTPUT
- name: Push Chart
run: |-
chart="${{ steps.package_chart.outputs.archive }}"
echo "Pushing: $chart"
helm push "$chart" oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature
outputs:
chart_name: ${{ steps.package_chart.outputs.name }}
chart_version: ${{ steps.package_chart.outputs.version }}
chart_archive: ${{ steps.package_chart.outputs.archive }}
rollout:
name: Rollout
if: github.actor != 'dependabot[bot]' && github.ref == 'refs/heads/master'
needs: build
runs-on: fasit-deploy
permissions:
id-token: write
steps:
- uses: nais/fasit-deploy@v2 # ratchet:exclude
with:
chart: oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature/${{ needs.build.outputs.chart_name }}
version: ${{ needs.build.outputs.chart_version }}