siderolabs/kres
1
0
Fork 0
mirror of https://github.com/siderolabs/kres.git synced 2026-02-05 09:45:35 +01:00
Code Issues Activity

feat: update dependencies, pin actions

Browse Source 
Pin actions to the specific hash matching a release.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit is contained in:
Andrey Smirnov
2025-12-01 13:43:40 +04:00
parent e1d6dac313
commit a1a34ff9f1
25 changed files with 264 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
.github/workflows/ci.yaml vendored
View File

@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-10-07T11:13:28Z by kres e329305-dirty.
# Generated on 2025-12-01T10:10:22Z by kres 848c8fd-dirty.
concurrency:
group: ${{ github.head_ref || github.run_id }}
@@ -32,7 +32,7 @@ jobs:
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@v1.4.0
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
@@ -56,13 +56,13 @@ jobs:
done
continue-on-error: true
- name: checkout
uses: actions/checkout@v5
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # version: v6.0.0
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # version: v3.11.1
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -75,7 +75,7 @@ jobs:
make kres
- name: Login to registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # version: v3.6.0
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
@@ -99,7 +99,7 @@ jobs:
make image-kres IMAGE_TAG=latest
- name: Install Cosign
if: startsWith(github.ref, 'refs/tags/')
uses: sigstore/cosign-installer@v3
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # version: v4.0.0
- name: Sign artifacts
if: startsWith(github.ref, 'refs/tags/')
run: |
@@ -116,7 +116,7 @@ jobs:
make release-notes
- name: Release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v2
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # version: v2.5.0
with:
body_path: _out/RELEASE_NOTES.md
draft: "true"
@@ -133,7 +133,7 @@ jobs:
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@v1.4.0
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
@@ -157,13 +157,13 @@ jobs:
done
continue-on-error: true
- name: checkout
uses: actions/checkout@v5
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # version: v6.0.0
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # version: v3.11.1
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -180,7 +180,7 @@ jobs:
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@v1.4.0
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
@@ -204,13 +204,13 @@ jobs:
done
continue-on-error: true
- name: checkout
uses: actions/checkout@v5
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # version: v6.0.0
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # version: v3.11.1
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -222,7 +222,7 @@ jobs:
run: |
make unit-tests-race
- name: coverage
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # version: v5.5.1
with:
files: _out/coverage-unit-tests.txt
flags: unit-tests

4
.github/workflows/lock.yml vendored
View File

@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-07-11T14:48:24Z by kres 17000452-dirty.
# Generated on 2025-12-01T10:10:22Z by kres 848c8fd-dirty.
"on":
schedule:
@@ -14,7 +14,7 @@ jobs:
- ubuntu-latest
steps:
- name: Lock old issues
uses: dessant/lock-threads@v5.0.1
uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # version: v5.0.1
with:
issue-inactive-days: "60"
log-output: "true"

4
.github/workflows/slack-notify-ci-failure.yaml vendored
View File

@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-09-11T08:31:52Z by kres cb448bc-dirty.
# Generated on 2025-12-01T10:10:22Z by kres 848c8fd-dirty.
"on":
workflow_run:
@@ -18,7 +18,7 @@ jobs:
if: github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.event != 'pull_request'
steps:
- name: Slack Notify
uses: slackapi/slack-github-action@v2
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # version: v2.1.1
with:
method: chat.postMessage
payload: |

4
.github/workflows/slack-notify.yaml vendored
View File

@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-09-11T08:31:52Z by kres cb448bc-dirty.
# Generated on 2025-12-01T10:10:22Z by kres 848c8fd-dirty.
"on":
workflow_run:
@@ -23,7 +23,7 @@ jobs:
run: |
echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT
- name: Slack Notify
uses: slackapi/slack-github-action@v2
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # version: v2.1.1
with:
method: chat.postMessage
payload: |

4
.github/workflows/stale.yml vendored
View File

@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-10-07T10:53:14Z by kres bc281a9-dirty.
# Generated on 2025-12-01T10:10:22Z by kres 848c8fd-dirty.
"on":
schedule:
@@ -15,7 +15,7 @@ jobs:
- ubuntu-latest
steps:
- name: Close stale issues and PRs
uses: actions/stale@v10.1.0
uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # version: v10.1.0
with:
close-issue-message: This issue was closed because it has been stalled for 7 days with no activity.
days-before-issue-close: "5"

10
Dockerfile
View File

@@ -1,19 +1,19 @@
# syntax = docker/dockerfile-upstream:1.19.0-labs
# syntax = docker/dockerfile-upstream:1.20.0-labs
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-11-13T12:17:44Z by kres 1ad287b.
# Generated on 2025-12-01T09:43:28Z by kres e1d6dac-dirty.
ARG TOOLCHAIN=scratch
FROM ghcr.io/siderolabs/ca-certificates:v1.11.0 AS image-ca-certificates
FROM ghcr.io/siderolabs/ca-certificates:v1.12.0 AS image-ca-certificates
FROM ghcr.io/siderolabs/fhs:v1.11.0 AS image-fhs
FROM ghcr.io/siderolabs/fhs:v1.12.0 AS image-fhs
# runs markdownlint
FROM docker.io/oven/bun:1.3.1-alpine AS lint-markdown
WORKDIR /src
RUN bun i markdownlint-cli@0.45.0 sentences-per-line@0.3.0
RUN bun i markdownlint-cli@0.46.0 sentences-per-line@0.3.0
COPY .markdownlint.json .
COPY ./README.md ./README.md
RUN bunx markdownlint --ignore "CHANGELOG.md" --ignore "**/node_modules/**" --ignore '**/hack/chglog/**' --rules sentences-per-line .

8
Makefile
View File

@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-11-13T12:17:44Z by kres 1ad287b.
# Generated on 2025-12-01T09:45:58Z by kres fc94e6b-dirty.
# common variables
@@ -18,13 +18,13 @@ REGISTRY ?= ghcr.io
USERNAME ?= siderolabs
REGISTRY_AND_USERNAME ?= $(REGISTRY)/$(USERNAME)
PROTOBUF_GO_VERSION ?= 1.36.10
GRPC_GO_VERSION ?= 1.5.1
GRPC_GO_VERSION ?= 1.6.0
GRPC_GATEWAY_VERSION ?= 2.27.3
VTPROTOBUF_VERSION ?= 0.6.0
GOIMPORTS_VERSION ?= 0.38.0
GOIMPORTS_VERSION ?= 0.39.0
GOMOCK_VERSION ?= 0.6.0
DEEPCOPY_VERSION ?= v0.5.8
GOLANGCILINT_VERSION ?= v2.6.1
GOLANGCILINT_VERSION ?= v2.6.2
GOFUMPT_VERSION ?= v0.9.2
GO_VERSION ?= 1.25.4
GO_BUILDFLAGS ?=

11
go.mod
View File

@@ -4,15 +4,15 @@ go 1.25.3
require (
github.com/drone/drone-yaml v1.2.3
github.com/go-git/go-git/v5 v5.16.3
github.com/google/go-github/v77 v77.0.0
github.com/go-git/go-git/v5 v5.16.4
github.com/google/go-github/v79 v79.0.0
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
github.com/siderolabs/gen v0.8.6
github.com/spf13/cobra v1.10.1
github.com/stretchr/testify v1.11.1
golang.org/x/mod v0.29.0
golang.org/x/oauth2 v0.32.0
gopkg.in/yaml.v3 v3.0.1
go.yaml.in/yaml/v4 v4.0.0-rc.3
golang.org/x/mod v0.30.0
golang.org/x/oauth2 v0.33.0
)
require (
@@ -44,4 +44,5 @@ require (
golang.org/x/net v0.46.0 // indirect
golang.org/x/sys v0.37.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

18
go.sum
View File

@@ -49,8 +49,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN
github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
github.com/go-git/go-git/v5 v5.16.3 h1:Z8BtvxZ09bYm/yYNgPKCzgWtaRqDTgIKRgIRHBfU6Z8=
github.com/go-git/go-git/v5 v5.16.3/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
github.com/go-git/go-git/v5 v5.16.4 h1:7ajIEZHZJULcyJebDLo99bGgS0jRrOxzZG4uCk2Yb2Y=
github.com/go-git/go-git/v5 v5.16.4/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
github.com/gogo/protobuf v0.0.0-20170307180453-100ba4e88506/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
@@ -62,8 +62,8 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/go-github/v77 v77.0.0 h1:9DsKKbZqil5y/4Z9mNpZDQnpli6PJbqipSuuNdcbjwI=
github.com/google/go-github/v77 v77.0.0/go.mod h1:c8VmGXRUmaZUqbctUcGEDWYnMrtzZfJhDSylEf1wfmA=
github.com/google/go-github/v79 v79.0.0 h1:MdodQojuFPBhmtwHiBcIGLw/e/wei2PvFX9ndxK0X4Y=
github.com/google/go-github/v79 v79.0.0/go.mod h1:OAFbNhq7fQwohojb06iIIQAB9CBGYLq999myfUFnrS4=
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
@@ -132,22 +132,24 @@ github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD
github.com/vinzenz/yaml v0.0.0-20170920082545-91409cdd725d/go.mod h1:mb5taDqMnJiZNRQ3+02W2IFG+oEz1+dTuCXkp4jpkfo=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
go.yaml.in/yaml/v4 v4.0.0-rc.3 h1:3h1fjsh1CTAPjW7q/EMe+C8shx5d8ctzZTrLcs/j8Go=
go.yaml.in/yaml/v4 v4.0.0-rc.3/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo=
golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20181005133103-4497e2df6f9e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

2
internal/config/config.go
View File

@@ -13,7 +13,7 @@ import (
"path"
"reflect"
"gopkg.in/yaml.v3"
"go.yaml.in/yaml/v4"
)
// Document is a part of config.

87
internal/config/constants.go
View File

@@ -19,41 +19,46 @@ const (
BldrImageVersion = "v0.5.5"
// CheckOutActionVersion is the version of checkout github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=actions/checkout
CheckOutActionVersion = "v5"
// renovate: datasource=github-tags depName=actions/checkout
CheckOutActionVersion = "v6.0.0"
CheckOutActionRef = "1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"
// CodeCovActionVersion is the version of codecov github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=codecov/codecov-action
CodeCovActionVersion = "v5"
// CosignInstallActionVerson is the version of cosign install github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=sigstore/cosign-installer
CosignInstallActionVerson = "v3"
// renovate: datasource=github-tags depName=codecov/codecov-action
CodeCovActionVersion = "v5.5.1"
CodeCovActionRef = "5a1091511ad55cbe89839c7260b706298ca349f7"
// CosignInstallActionVersion is the version of cosign install github action.
// renovate: datasource=github-tags depName=sigstore/cosign-installer
CosignInstallActionVersion = "v4.0.0"
CosignInstallActionRef = "faadad0cce49287aee09b3a48701e75088a2c6ad"
// DeepCopyVersion is the version of deepcopy.
// renovate: datasource=go depName=github.com/siderolabs/deep-copy
DeepCopyVersion = "v0.5.8"
// DindContainerImageVersion is the version of the dind container image.
// renovate: datasource=docker versioning=docker depName=docker
DindContainerImageVersion = "28.5-dind"
DindContainerImageVersion = "29.0-dind"
// DockerfileFrontendImageVersion is the version of the dockerfile frontend image.
// renovate: datasource=docker versioning=docker depName=docker/dockerfile-upstream
DockerfileFrontendImageVersion = "1.19.0-labs"
DockerfileFrontendImageVersion = "1.20.0-labs"
// DownloadArtifactActionVersion is the version of download artifact github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=actions/download-artifact
DownloadArtifactActionVersion = "v4"
// renovate: datasource=github-tags depName=actions/download-artifact
DownloadArtifactActionVersion = "v6.0.0"
DownloadArtifactActionRef = "018cc2cf5baa6db3ef3c5f8a56943fffe632ef53"
// GitHubScriptActionVersion is the version of github script action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=actions/github-script
GitHubScriptActionVersion = "v7"
// renovate: datasource=github-tags depName=actions/github-script
GitHubScriptActionVersion = "v8.0.0"
GitHubScriptActionRef = "ed597411d8f924073f98dfc5c65a23a2325f34cd"
// GoFmtVersion is the version of gofmt.
// renovate: datasource=go depName=github.com/mvdan/gofumpt
GoFmtVersion = "v0.9.2"
// GoImportsVersion is the version of goimports.
// renovate: datasource=go depName=golang.org/x/tools
GoImportsVersion = "v0.38.0"
GoImportsVersion = "v0.39.0"
// GoMockVersion is the version of gomock.
// renovate: datasource=go depName=github.com/uber-go/mock
GoMockVersion = "v0.6.0"
// GolangCIlintVersion is the version of golangci-lint.
// renovate: datasource=go depName=github.com/golangci/golangci-lint
GolangCIlintVersion = "v2.6.1"
GolangCIlintVersion = "v2.6.2"
// GolangContainerImageVersion is the default golang container image.
// renovate: datasource=docker versioning=docker depName=golang
GolangContainerImageVersion = "1.25-alpine"
@@ -65,16 +70,18 @@ const (
GrpcGatewayVersion = "v2.27.3"
// GrpcGoVersion is the version of grpc.
// renovate: datasource=go depName=google.golang.org/grpc/cmd/protoc-gen-go-grpc
GrpcGoVersion = "v1.5.1"
GrpcGoVersion = "v1.6.0"
// HelmSetupActionVersion is the version of helm setup github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=azure/setup-helm
HelmSetupActionVersion = "v4"
// renovate: datasource=github-tags depName=Azure/setup-helm
HelmSetupActionVersion = "v4.3.1"
HelmSetupActionRef = "1a275c3b69536ee54be43f2070a358922e12c8d4"
// LoginActionVersion is the version of login github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=docker/login-action
LoginActionVersion = "v3"
// renovate: datasource=github-tags depName=docker/login-action
LoginActionVersion = "v3.6.0"
LoginActionRef = "5e57cd118135c172c3672efd75eb46360885c0ef"
// MarkdownLintCLIVersion is the version of markdownlint.
// renovate: datasource=npm depName=markdownlint-cli
MarkdownLintCLIVersion = "0.45.0"
MarkdownLintCLIVersion = "0.46.0"
// BunContainerImageVersion is the default bun container image.
// renovate: datasource=docker versioning=docker depName=oven/bun
BunContainerImageVersion = "1.3.1-alpine"
@@ -84,10 +91,10 @@ const (
// As a rule of thumb, we bump only to the versions promoted to be LTS (even [not odd] major versions get promoted after a while, always check).
//
// renovate: datasource=docker versioning=docker depName=node
NodeContainerImageVersion = "24.11.0-alpine"
NodeContainerImageVersion = "24.11.1-alpine"
// PkgsVersion is the version of pkgs.
// renovate: datasource=github-tags depName=siderolabs/pkgs
PkgsVersion = "v1.11.0"
PkgsVersion = "v1.12.0"
// ProtobufGoVersion is the version of protobuf.
// renovate: datasource=go depName=google.golang.org/protobuf/cmd/protoc-gen-go
ProtobufGoVersion = "v1.36.10"
@@ -95,33 +102,41 @@ const (
// renovate: datasource=go depName=github.com/siderolabs/protoc-gen-grpc-gateway-ts
ProtobufTSGatewayVersion = "v1.2.1"
// ReleaseActionVersion is the version of release github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=softprops/action-gh-release
ReleaseActionVersion = "v2"
// renovate: datasource=github-tags depName=softprops/action-gh-release
ReleaseActionVersion = "v2.5.0"
ReleaseActionRef = "a06a81a03ee405af7f2048a818ed3f03bbf83c7b"
// SentencesPerLineVersion is the version of sentences-per-line.
// renovate: datasource=npm depName=sentences-per-line
SentencesPerLineVersion = "0.3.0"
// SetupBuildxActionVersion is the version of setup-buildx github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=docker/setup-buildx-action
SetupBuildxActionVersion = "v3"
// renovate: datasource=github-tags depName=docker/setup-buildx-action
SetupBuildxActionVersion = "v3.11.1"
SetupBuildxActionRef = "e468171a9de216ec08956ac3ada2f0791b6bd435"
// SetupTerraformActionVersion is the version of setup terraform github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=hashicorp/setup-terraform
SetupTerraformActionVersion = "v3"
// renovate: datasource=github-tags depName=hashicorp/setup-terraform
SetupTerraformActionVersion = "v3.1.2"
SetupTerraformActionRef = "b9cd54a3c349d3f38e8881555d616ced269862dd"
// SlackNotifyActionVersion is the version of slack notify github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=slackapi/slack-github-action
SlackNotifyActionVersion = "v2"
// renovate: datasource=github-tags depName=slackapi/slack-github-action
SlackNotifyActionVersion = "v2.1.1"
SlackNotifyActionRef = "91efab103c0de0a537f72a35f6b8cda0ee76bf0a"
// SystemInfoActionVersion is the version of system info github action.
// renovate: datasource=github-releases depName=kenchan0130/actions-system-info
// renovate: datasource=github-tags depName=kenchan0130/actions-system-info
SystemInfoActionVersion = "v1.4.0"
SystemInfoActionRef = "59699597e84e80085a750998045983daa49274c4"
// UploadArtifactActionVersion is the version of upload artifact github action.
// renovate: datasource=github-releases extractVersion=^(?<version>v\d+)\.\d+\.\d+$ depName=actions/upload-artifact
UploadArtifactActionVersion = "v4"
// renovate: datasource=github-tags depName=actions/upload-artifact
UploadArtifactActionVersion = "v5.0.0"
UploadArtifactActionRef = "330a01c490aca151604b8cf639adc76d48f6c5d4"
// VTProtobufVersion is the version of vtprotobuf.
// renovate: datasource=go depName=github.com/planetscale/vtprotobuf
VTProtobufVersion = "v0.6.0"
// StaleActionVersion is the version of stale github action.
// renovate: datasource=github-releases depName=actions/stale
// renovate: datasource=github-tags depName=actions/stale
StaleActionVersion = "v10.1.0"
StaleActionRef = "5f858e3efba33a5ca4407a664cc011ad407f2008"
// LockThreadsActionVersion is the version of lock threads github action.
// renovate: datasource=github-releases depName=dessant/lock-threads
// renovate: datasource=github-tags depName=dessant/lock-threads
LockThreadsActionVersion = "v5.0.1"
LockThreadsActionRef = "1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771"
)

2
internal/output/conform/conform.go
View File

@@ -9,7 +9,7 @@ import (
"fmt"
"io"
"gopkg.in/yaml.v3"
"go.yaml.in/yaml/v4"
"github.com/siderolabs/kres/internal/output"
"github.com/siderolabs/kres/internal/output/conform/commitpolicy"

48
internal/output/ghworkflow/gh_workflow.go
View File

@@ -15,7 +15,7 @@ import (
"strings"
"github.com/siderolabs/gen/maps"
"gopkg.in/yaml.v3"
"go.yaml.in/yaml/v4"
"github.com/siderolabs/kres/internal/config"
"github.com/siderolabs/kres/internal/output"
@@ -142,7 +142,10 @@ func NewOutput(mainBranch string, withDefaultJob, withStaleJob bool, slackChanne
SetCommand("echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT"). //nolint:lll
SetCustomCondition("github.event.workflow_run.event == 'pull_request'"),
Step("Slack Notify").
SetUses("slackapi/slack-github-action@"+config.SlackNotifyActionVersion).
SetUsesWithComment(
"slackapi/slack-github-action@"+config.SlackNotifyActionRef,
"version: "+config.SlackNotifyActionVersion,
).
SetWith("token", "${{ secrets.SLACK_BOT_TOKEN_V2 }}").
SetWith("method", "chat.postMessage").
SetWith("payload", DefaultSlackNotifyPayload("")),
@@ -167,7 +170,10 @@ func NewOutput(mainBranch string, withDefaultJob, withStaleJob bool, slackChanne
If: "github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.event != 'pull_request'",
Steps: []*JobStep{
Step("Slack Notify").
SetUses("slackapi/slack-github-action@"+config.SlackNotifyActionVersion).
SetUsesWithComment(
"slackapi/slack-github-action@"+config.SlackNotifyActionRef,
"version: "+config.SlackNotifyActionVersion,
).
SetWith("token", "${{ secrets.SLACK_BOT_TOKEN_V2 }}").
SetWith("method", "chat.postMessage").
SetWith("payload", DefaultSlackNotifyPayload(slackChannel)),
@@ -196,7 +202,10 @@ func NewOutput(mainBranch string, withDefaultJob, withStaleJob bool, slackChanne
Steps: []*JobStep{
{
Name: "Lock old issues",
Uses: "dessant/lock-threads@" + config.LockThreadsActionVersion,
Uses: ActionRef{
Image: "dessant/lock-threads@" + config.LockThreadsActionRef,
Comment: "version: " + config.LockThreadsActionVersion,
},
With: map[string]string{
"issue-inactive-days": "60",
"process-only": "issues",
@@ -227,7 +236,10 @@ func NewOutput(mainBranch string, withDefaultJob, withStaleJob bool, slackChanne
Steps: []*JobStep{
{
Name: "Close stale issues and PRs",
Uses: "actions/stale@" + config.StaleActionVersion,
Uses: ActionRef{
Image: "actions/stale@" + config.StaleActionRef,
Comment: "version: " + config.StaleActionVersion,
},
With: map[string]string{
"stale-issue-message": "This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days.",
"stale-pr-message": "This PR is stale because it has been open 45 days with no activity.",
@@ -442,14 +454,17 @@ func (o *Output) SetWorkflowOn(on On) {
func CommonSteps() []*JobStep {
return []*JobStep{
Step("gather-system-info").
SetUses("kenchan0130/actions-system-info@" + config.SystemInfoActionVersion).
SetUsesWithComment(
"kenchan0130/actions-system-info@"+config.SystemInfoActionRef,
"version: "+config.SystemInfoActionVersion,
).
SetID("system-info").
SetContinueOnError(),
Step("print-system-info").
SetCommand(strings.Trim(SystemInfoPrintScript, "\n")).
SetContinueOnError(),
Step("checkout").
SetUses("actions/checkout@" + config.CheckOutActionVersion),
SetUsesWithComment("actions/checkout@"+config.CheckOutActionRef, "version: "+config.CheckOutActionVersion),
Step("Unshallow").
SetCommand("git fetch --prune --unshallow"),
}
@@ -473,7 +488,10 @@ func DefaultSteps() []*JobStep {
&JobStep{
Name: "Set up Docker Buildx",
ID: "setup-buildx",
Uses: "docker/setup-buildx-action@" + config.SetupBuildxActionVersion,
Uses: ActionRef{
Image: "docker/setup-buildx-action@" + config.SetupBuildxActionRef,
Comment: "version: " + config.SetupBuildxActionVersion,
},
With: map[string]string{
"driver": "remote",
"endpoint": "tcp://buildkit-amd64.ci.svc.cluster.local:1234",
@@ -490,7 +508,10 @@ func DefaultPkgsSteps() []*JobStep {
&JobStep{
Name: "Set up Docker Buildx",
ID: "setup-buildx",
Uses: "docker/setup-buildx-action@" + config.SetupBuildxActionVersion,
Uses: ActionRef{
Image: "docker/setup-buildx-action@" + config.SetupBuildxActionRef,
Comment: "version: " + config.SetupBuildxActionVersion,
},
With: map[string]string{
"driver": "remote",
"endpoint": "tcp://buildkit-amd64.ci.svc.cluster.local:1234",
@@ -548,9 +569,12 @@ func Step(name string) *JobStep {
}
}
// SetUses sets step to use action.
func (step *JobStep) SetUses(uses string) *JobStep {
step.Uses = uses
// SetUsesWithComment sets step to use action with comment.
func (step *JobStep) SetUsesWithComment(uses, comment string) *JobStep {
step.Uses = ActionRef{
Image: uses,
Comment: comment,
}
return step
}

6
internal/output/ghworkflow/gh_workflow_test.go
View File

@@ -79,7 +79,7 @@ jobs:
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@v1.4.0
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
@@ -103,13 +103,13 @@ jobs:
done
continue-on-error: true
- name: checkout
uses: actions/checkout@v5
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # version: v6.0.0
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # version: v3.11.1
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234

28
internal/output/ghworkflow/types.go
View File

@@ -4,7 +4,11 @@
package ghworkflow
import "fmt"
import (
"fmt"
"go.yaml.in/yaml/v4"
)
// Workflow represents Github Actions workflow.
//
@@ -188,7 +192,7 @@ type JobStep struct {
Name string `yaml:"name"`
ID string `yaml:"id,omitempty"`
If string `yaml:"if,omitempty"`
Uses string `yaml:"uses,omitempty"`
Uses ActionRef `yaml:"uses,omitempty"`
With map[string]string `yaml:"with,omitempty"`
Env map[string]string `yaml:"env,omitempty"`
Run string `yaml:"run,omitempty"`
@@ -203,3 +207,23 @@ type SlackNotifyPayload struct {
Username string `json:"username"`
Attachments []any `json:"attachments"`
}
// ActionRef represents a GitHub Action reference.
type ActionRef struct {
Image string
Comment string
}
// MarshalYAML implements yaml.Marshaler.
func (a ActionRef) MarshalYAML() (any, error) {
n := yaml.Node{}
n.Kind = yaml.ScalarNode
n.Tag = "!!str"
n.Value = a.Image
if a.Comment != "" {
n.LineComment = a.Comment
}
return &n, nil
}

2
internal/output/github/github.go
View File

@@ -10,7 +10,7 @@ import (
"fmt"
"os"
"github.com/google/go-github/v77/github"
"github.com/google/go-github/v79/github"
"golang.org/x/oauth2"
)

2
internal/output/golangci/golangci.go
View File

@@ -13,7 +13,7 @@ import (
"text/template"
"github.com/siderolabs/gen/xslices"
"gopkg.in/yaml.v3"
"go.yaml.in/yaml/v4"
"github.com/siderolabs/kres/internal/output"
)

45
internal/project/common/gh_workflow.go
View File

@@ -167,7 +167,10 @@ func (gh *GHWorkflow) CompileGitHubWorkflow(o *ghworkflow.Output) error {
switch step.ArtifactStep.Type {
case "upload":
saveArtifactsStep := ghworkflow.Step("save artifacts").
SetUses("actions/upload-artifact@"+config.UploadArtifactActionVersion).
SetUsesWithComment(
"actions/upload-artifact@"+config.UploadArtifactActionRef,
"version: "+config.UploadArtifactActionVersion,
).
SetWith("name", step.ArtifactStep.ArtifactName).
SetWith("path", step.ArtifactStep.ArtifactPath+"\n"+strings.Join(step.ArtifactStep.AdditionalArtifacts, "\n")).
SetWith("retention-days", "5")
@@ -198,7 +201,10 @@ func (gh *GHWorkflow) CompileGitHubWorkflow(o *ghworkflow.Output) error {
steps = append(steps, saveArtifactsStep)
case "download":
downloadArtifactsStep := ghworkflow.Step("Download artifacts").
SetUses("actions/download-artifact@"+config.DownloadArtifactActionVersion).
SetUsesWithComment(
"actions/download-artifact@"+config.DownloadArtifactActionRef,
"version: "+config.DownloadArtifactActionVersion,
).
SetWith("name", step.ArtifactStep.ArtifactName).
SetWith("path", step.ArtifactStep.ArtifactPath)
@@ -233,7 +239,10 @@ func (gh *GHWorkflow) CompileGitHubWorkflow(o *ghworkflow.Output) error {
if step.CheckoutStep != nil {
checkoutStep := ghworkflow.Step(step.Name).
SetUses("actions/checkout@"+config.CheckOutActionVersion).
SetUsesWithComment(
"actions/checkout@"+config.CheckOutActionRef,
"version: "+config.CheckOutActionVersion,
).
SetWith("repository", step.CheckoutStep.Repository).
SetWith("ref", step.CheckoutStep.Ref).
SetWith("path", step.CheckoutStep.Path)
@@ -245,7 +254,10 @@ func (gh *GHWorkflow) CompileGitHubWorkflow(o *ghworkflow.Output) error {
if step.CoverageStep != nil {
coverageStep := ghworkflow.Step(step.Name).
SetUses("codecov/codecov-action@"+config.CodeCovActionVersion).
SetUsesWithComment(
"codecov/codecov-action@"+config.CodeCovActionRef,
"version: "+config.CodeCovActionVersion,
).
SetWith("files", strings.Join(step.CoverageStep.Files, ",")).
SetWith("token", "${{ secrets.CODECOV_TOKEN }}").
SetTimeoutMinutes(step.TimeoutMinutes)
@@ -257,7 +269,10 @@ func (gh *GHWorkflow) CompileGitHubWorkflow(o *ghworkflow.Output) error {
if step.TerraformStep {
terraformStep := ghworkflow.Step(step.Name).
SetUses("hashicorp/setup-terraform@"+config.SetupTerraformActionVersion).
SetUsesWithComment(
"hashicorp/setup-terraform@"+config.SetupTerraformActionRef,
"version: "+config.SetupTerraformActionVersion,
).
SetWith("terraform_wrapper", "false")
jobDef.Steps = append(jobDef.Steps, terraformStep)
@@ -267,7 +282,10 @@ func (gh *GHWorkflow) CompileGitHubWorkflow(o *ghworkflow.Output) error {
if step.RegistryLoginStep != nil {
registryLoginStep := ghworkflow.Step(step.Name).
SetUses("docker/login-action@"+config.LoginActionVersion).
SetUsesWithComment(
"docker/login-action@"+config.LoginActionRef,
"version: "+config.LoginActionVersion,
).
SetWith("registry", step.RegistryLoginStep.Registry)
if step.RegistryLoginStep.Registry == "ghcr.io" {
@@ -290,7 +308,10 @@ func (gh *GHWorkflow) CompileGitHubWorkflow(o *ghworkflow.Output) error {
})
releaseStep := ghworkflow.Step(step.Name).
SetUses("softprops/action-gh-release@"+config.ReleaseActionVersion).
SetUsesWithComment(
"softprops/action-gh-release@"+config.ReleaseActionRef,
"version: "+config.ReleaseActionVersion,
).
SetWith("body_path", filepath.Join(step.ReleaseStep.BaseDirectory, step.ReleaseStep.ReleaseNotes)).
SetWith("draft", "true").
SetWith("files", strings.Join(artifacts, "\n"))
@@ -299,7 +320,10 @@ func (gh *GHWorkflow) CompileGitHubWorkflow(o *ghworkflow.Output) error {
jobDef.Permissions["id-token"] = "write"
cosignStep := ghworkflow.Step("Install Cosign").
SetUses("sigstore/cosign-installer@" + config.CosignInstallActionVerson)
SetUsesWithComment(
"sigstore/cosign-installer@"+config.CosignInstallActionRef,
"version: "+config.CosignInstallActionVersion,
)
jobDef.Steps = append(jobDef.Steps, cosignStep)
@@ -411,7 +435,10 @@ func (gh *GHWorkflow) CompileGitHubWorkflow(o *ghworkflow.Output) error {
o.AddStep(dep,
ghworkflow.Step("Retrieve PR labels").
SetID("retrieve-pr-labels").
SetUses("actions/github-script@"+config.GitHubScriptActionVersion).
SetUsesWithComment(
"actions/github-script@"+config.GitHubScriptActionRef,
"version: "+config.GitHubScriptActionVersion,
).
SetWith("retries", "3").
SetWith("script", strings.TrimPrefix(ghworkflow.IssueLabelRetrieveScript, "\n")),
)

5
internal/project/common/image.go
View File

@@ -122,7 +122,10 @@ func (image *Image) CompileDrone(output *drone.Output) error {
// CompileGitHubWorkflow implements ghworkflow.Compiler.
func (image *Image) CompileGitHubWorkflow(output *ghworkflow.Output) error {
loginStep := ghworkflow.Step("Login to registry").
SetUses("docker/login-action@"+config.LoginActionVersion).
SetUsesWithComment(
"docker/login-action@"+config.LoginActionRef,
"version: "+config.LoginActionVersion,
).
SetWith("registry", "ghcr.io").
SetWith("username", "${{ github.repository_owner }}").
SetWith("password", "${{ secrets.GITHUB_TOKEN }}")

10
internal/project/common/release.go
View File

@@ -72,7 +72,10 @@ func (release *Release) CompileGitHubWorkflow(output *ghworkflow.Output) error {
steps := []*ghworkflow.JobStep{}
releaseStep := ghworkflow.Step("Release").
SetUses("softprops/action-gh-release@"+config.ReleaseActionVersion).
SetUsesWithComment(
"softprops/action-gh-release@"+config.ReleaseActionRef,
"version: "+config.ReleaseActionVersion,
).
SetWith("body_path", filepath.Join(release.meta.ArtifactsPath, "RELEASE_NOTES.md")).
SetWith("draft", "true")
@@ -96,7 +99,10 @@ func (release *Release) CompileGitHubWorkflow(output *ghworkflow.Output) error {
output.AddJobPermissions(ghworkflow.DefaultJobName, "id-token", "write")
cosignStep := ghworkflow.Step("Install Cosign").
SetUses("sigstore/cosign-installer@" + config.CosignInstallActionVerson)
SetUsesWithComment(
"sigstore/cosign-installer@"+config.CosignInstallActionRef,
"version: "+config.CosignInstallActionVersion,
)
if err := cosignStep.SetConditions("only-on-tag"); err != nil {
return err

2
internal/project/common/repository.go
View File

@@ -10,7 +10,7 @@ import (
"net/http"
"slices"
"github.com/google/go-github/v77/github"
"github.com/google/go-github/v79/github"
"github.com/siderolabs/gen/xslices"
"github.com/siderolabs/kres/internal/config"

30
internal/project/custom/custom.go
View File

@@ -372,7 +372,10 @@ func (step *Step) CompileGitHubWorkflow(output *ghworkflow.Output) error {
ghworkflow.DefaultJobName,
ghworkflow.Step("Retrieve PR labels").
SetID("retrieve-pr-labels").
SetUses("actions/github-script@"+config.GitHubScriptActionVersion).
SetUsesWithComment(
"actions/github-script@"+config.GitHubScriptActionRef,
"version: "+config.GitHubScriptActionVersion,
).
SetWith("retries", "3").
SetWith("script", strings.TrimPrefix(ghworkflow.IssueLabelRetrieveScript, "\n")),
)
@@ -387,7 +390,10 @@ func (step *Step) CompileGitHubWorkflow(output *ghworkflow.Output) error {
if step.GHAction.Artifacts.Enabled {
saveArtifactsStep := ghworkflow.Step("save-artifacts").
SetUses("actions/upload-artifact@"+config.UploadArtifactActionVersion).
SetUsesWithComment(
"actions/upload-artifact@"+config.UploadArtifactActionRef,
"version: "+config.UploadArtifactActionVersion,
).
SetWith("name", "artifacts").
SetWith("path", step.meta.ArtifactsPath+"\n"+strings.Join(step.GHAction.Artifacts.ExtraPaths, "\n")).
SetWith("retention-days", "5")
@@ -409,7 +415,10 @@ func (step *Step) CompileGitHubWorkflow(output *ghworkflow.Output) error {
for _, additionalArtifact := range step.GHAction.Artifacts.Additional {
artifactStep := ghworkflow.Step(fmt.Sprintf("save-%s-artifacts", additionalArtifact.Name)).
SetUses("actions/upload-artifact@"+config.UploadArtifactActionVersion).
SetUsesWithComment(
"actions/upload-artifact@"+config.UploadArtifactActionRef,
"version: "+config.UploadArtifactActionVersion,
).
SetWith("name", additionalArtifact.Name).
SetWith("path", strings.Join(additionalArtifact.Paths, "\n")).
SetWith("retention-days", "5")
@@ -461,7 +470,10 @@ func (step *Step) CompileGitHubWorkflow(output *ghworkflow.Output) error {
if step.GHAction.Artifacts.Enabled {
for _, additionalArtifact := range step.GHAction.Artifacts.Additional {
artifactStep := ghworkflow.Step(fmt.Sprintf("save-%s-artifacts", additionalArtifact.Name)).
SetUses("actions/upload-artifact@"+config.UploadArtifactActionVersion).
SetUsesWithComment(
"actions/upload-artifact@"+config.UploadArtifactActionRef,
"version: "+config.UploadArtifactActionVersion,
).
SetWith("name", additionalArtifact.Name+"-"+job.Name).
SetWith("path", strings.Join(additionalArtifact.Paths, "\n")).
SetWith("retention-days", "5")
@@ -487,7 +499,10 @@ func (step *Step) CompileGitHubWorkflow(output *ghworkflow.Output) error {
if job.Artifacts.Enabled {
for _, additionalArtifact := range job.Artifacts.Additional {
artifactStep := ghworkflow.Step(fmt.Sprintf("save-%s-artifacts", additionalArtifact.Name)).
SetUses("actions/upload-artifact@"+config.UploadArtifactActionVersion).
SetUsesWithComment(
"actions/upload-artifact@"+config.UploadArtifactActionRef,
"version: "+config.UploadArtifactActionVersion,
).
SetWith("name", additionalArtifact.Name+"-"+job.Name).
SetWith("path", strings.Join(additionalArtifact.Paths, "\n")).
SetWith("retention-days", "5")
@@ -538,7 +553,10 @@ func (step *Step) CompileGitHubWorkflow(output *ghworkflow.Output) error {
steps = append(
steps,
ghworkflow.Step("Download artifacts").
SetUses("actions/download-artifact@"+config.DownloadArtifactActionVersion).
SetUsesWithComment(
"actions/download-artifact@"+config.DownloadArtifactActionRef,
"version: "+config.DownloadArtifactActionVersion,
).
SetWith("name", "artifacts").
SetWith("path", step.meta.ArtifactsPath),
ghworkflow.Step("Fix artifact permissions").

15
internal/project/helm/build.go
View File

@@ -64,14 +64,20 @@ func (helm *Build) CompileMakefile(output *makefile.Output) error {
// CompileGitHubWorkflow implements ghworkflow.Compiler.
func (helm *Build) CompileGitHubWorkflow(output *ghworkflow.Output) error {
cosignInstallStep := ghworkflow.Step("Install cosign").
SetUses(fmt.Sprintf("sigstore/cosign-installer@%s", config.CosignInstallActionVerson))
SetUsesWithComment(
fmt.Sprintf("sigstore/cosign-installer@%s", config.CosignInstallActionRef),
"version: "+config.CosignInstallActionVersion,
)
if err := cosignInstallStep.SetConditions("except-pull-request"); err != nil {
return err
}
loginStep := ghworkflow.Step("Login to registry").
SetUses("docker/login-action@"+config.LoginActionVersion).
SetUsesWithComment(
"docker/login-action@"+config.LoginActionRef,
"version: "+config.LoginActionVersion,
).
SetWith("registry", "ghcr.io").
SetWith("username", "${{ github.repository_owner }}").
SetWith("password", "${{ secrets.GITHUB_TOKEN }}")
@@ -140,7 +146,10 @@ func (helm *Build) CompileGitHubWorkflow(output *ghworkflow.Output) error {
[]*ghworkflow.JobStep{
{
Name: "Install Helm",
Uses: fmt.Sprintf("azure/setup-helm@%s", config.HelmSetupActionVersion),
Uses: ghworkflow.ActionRef{
Image: fmt.Sprintf("azure/setup-helm@%s", config.HelmSetupActionRef),
Comment: "version: " + config.HelmSetupActionVersion,
},
},
cosignInstallStep,
loginStep,

10
internal/project/pkgfile/build.go
View File

@@ -196,7 +196,10 @@ func (pkgfile *Build) CompileGitHubWorkflow(output *ghworkflow.Output) error {
output.SetOptionsForPkgs()
loginStep := ghworkflow.Step("Login to registry").
SetUses("docker/login-action@"+config.LoginActionVersion).
SetUsesWithComment(
"docker/login-action@"+config.LoginActionRef,
"version: "+config.LoginActionVersion,
).
SetWith("registry", "ghcr.io").
SetWith("username", "${{ github.repository_owner }}").
SetWith("password", "${{ secrets.GITHUB_TOKEN }}")
@@ -258,7 +261,10 @@ func (pkgfile *Build) CompileGitHubWorkflow(output *ghworkflow.Output) error {
ghworkflow.DefaultJobName,
ghworkflow.Step("Retrieve PR labels").
SetID("retrieve-pr-labels").
SetUses("actions/github-script@"+config.GitHubScriptActionVersion).
SetUsesWithComment(
"actions/github-script@"+config.GitHubScriptActionRef,
"version: "+config.GitHubScriptActionVersion,
).
SetWith("retries", "3").
SetWith("script", strings.TrimPrefix(ghworkflow.IssueLabelRetrieveScript, "\n")),
)

5
internal/project/service/codecov.go
View File

@@ -80,7 +80,10 @@ func (coverage *CodeCov) CompileGitHubWorkflow(output *ghworkflow.Output) error
ghworkflow.GenericRunner,
nil,
ghworkflow.Step("coverage").
SetUses(fmt.Sprintf("codecov/codecov-action@%s", config.CodeCovActionVersion)).
SetUsesWithComment(
fmt.Sprintf("codecov/codecov-action@%s", config.CodeCovActionRef),
"version: "+config.CodeCovActionVersion,
).
SetWith("files",
strings.Join(
xslices.Map(paths,