Skip to content
This repository has been archived by the owner on Oct 9, 2024. It is now read-only.

fix(deps): update module github.com/overmindtech/sdp-go to v0.95.0 #417

fix(deps): update module github.com/overmindtech/sdp-go to v0.95.0

fix(deps): update module github.com/overmindtech/sdp-go to v0.95.0 #417

Workflow file for this run

name: Test & Build
on: push
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 1.x
check-latest: true
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Vet
run: go vet ./...
# get .golangci.yml from github.com/overmindtech/golangci-lint_config
- name: Get .golangci.yml from github.com/overmindtech/golangci-lint_configs
run: |
curl -sfL https://raw.githubusercontent.com/overmindtech/golangci-lint_config/main/.golangci.yml -o .golangci.yml
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: v1.60.1
args: --timeout 3m
skip-cache: true # the linters require all code generation and dependecies to be present, but the cache implementation completely falls over when there is already existing content. See https://github.com/golangci/golangci-lint-action/issues/23, https://github.com/golangci/golangci-lint-action/issues/863, https://github.com/golangci/golangci-lint-action/issues/984
- name: Test
run: go test ./...
scan-container:
name: Scan Container
runs-on: depot-ubuntu-24.04
# this is for container scanning with aws inspector
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout@v2
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # also fetch tags and branches for `git describe`
- uses: depot/setup-action@v1
- name: Build Docker image
uses: depot/build-push-action@v1
with:
project: xnsnw3m20t
context: .
file: "build/package/Dockerfile"
push: false
tags: app:latest
load: true
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: "eu-west-2"
role-to-assume: "${{ secrets.AWS_INSPECTOR_ROLE }}"
- name: Invoke Amazon Inspector Scan
id: inspector
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@main
with:
artifact_type: 'container'
artifact_path: 'app:latest'
display_vulnerability_findings: "enabled"
sbomgen_version: "latest"
build:
name: Build
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
needs:
- test
- scan-container
permissions:
contents: read # required for checkout
id-token: write # mint AWS credentials through OIDC
packages: write
strategy:
fail-fast: false
matrix:
include:
- dockerfile: Dockerfile
image_name: source-template
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/overmindtech/${{ matrix.image_name }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
id: setup-builder
uses: docker/setup-buildx-action@v3
- name: Build and push
id: push
uses: docker/build-push-action@v5
with:
builder: ${{ steps.setup-builder.outputs.name }}
context: .
sbom: true
cache-from: type=gha
cache-to: type=gha,mode=max
file: build/package/${{ matrix.dockerfile }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}