Skip to content

build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 in the go_modules group across 1 directory #1257

build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 in the go_modules group across 1 directory

build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 in the go_modules group across 1 directory #1257

Workflow file for this run

# Copyright 2023 The Authors (see AUTHORS file)
#
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an 'AS IS' BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: 'ci'
on:
push:
branches:
- 'main'
pull_request:
branches:
- 'main'
workflow_dispatch:
env:
DOCKER_REGISTRY: 'us-docker.pkg.dev'
DOCKER_REPO: 'us-docker.pkg.dev/github-metrics-aggreg-i-64d426/ci-images'
DOCKER_TAG: '${{ github.sha }}'
TAG_ID: 'ci-${{ github.run_id }}-${{ github.run_number }}'
INTEGRATION_PROJECT_ID: 'github-metrics-aggreg-i-64d426'
INTEGRATION_REGION: 'us-central1'
INTEGRATION_WEBHOOK_SERVICE_NAME: 'github-metrics-webhook-c764'
INTEGRATION_WEBHOOK_SERVICE_AUDIENCE: 'https://github-metrics-webhook-c764-u4iwdc42oa-uc.a.run.app'
INTEGRATION_WEBHOOK_URL: 'https://ci-${{ github.run_id }}-${{ github.run_number }}---github-metrics-webhook-c764-u4iwdc42oa-uc.a.run.app'
INTEGRATION_RETRY_SERVICE_NAME: 'github-metrics-retry-4d31'
INTEGRATION_RETRY_SERVICE_AUDIENCE: 'https://github-metrics-retry-4d31-u4iwdc42oa-uc.a.run.app'
INTEGRATION_RETRY_URL: 'https://ci-${{ github.run_id }}-${{ github.run_number }}---github-metrics-retry-4d31-u4iwdc42oa-uc.a.run.app'
INTEGRATION_ARTIFACTS_JOB_NAME: 'gma-artifacts'
INTEGRATION_COMMIT_REVIEW_STATUS_JOB_NAME: 'commit-review-status-job'
AUTOPUSH_PROJECT_ID: 'github-metrics-aggreg-a-997e5e'
AUTOPUSH_REGION: 'us-central1'
AUTOPUSH_WEBHOOK_SERVICE_NAME: 'github-metrics-webhook-d2e4'
AUTOPUSH_RETRY_SERVICE_NAME: 'github-metrics-retry-d4e3'
AUTOPUSH_ARTIFACTS_JOB_NAME: 'gma-artifacts'
AUTOPUSH_COMMIT_REVIEW_STATUS_JOB_NAME: 'commit-review-status-job'
concurrency:
group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}'
cancel-in-progress: true
jobs:
terraform_lint:
uses: 'abcxyz/pkg/.github/workflows/terraform-lint.yml@main' # ratchet:exclude
with:
directory: 'terraform'
terraform_version: '1.7.4'
yaml_lint:
uses: 'abcxyz/pkg/.github/workflows/yaml-lint.yml@main' # ratchet:exclude
go_lint:
uses: 'abcxyz/pkg/.github/workflows/go-lint.yml@main' # ratchet:exclude
go_test:
uses: 'abcxyz/pkg/.github/workflows/go-test.yml@main' # ratchet:exclude
lint_and_unit:
runs-on: 'ubuntu-latest'
needs:
- 'terraform_lint'
- 'go_lint'
- 'go_test'
steps:
- run: 'echo prechecks complete'
build:
runs-on:
labels: '8-core' # custom 8-core machine for faster tests
needs:
- 'lint_and_unit'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- name: 'Setup Go'
uses: 'actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7' # ratchet:actions/setup-go@v5
with:
go-version-file: 'go.mod'
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
token_format: 'access_token'
- name: 'Authenticate to Artifact Registry'
uses: 'docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20' # ratchet:docker/login-action@v3
with:
username: 'oauth2accesstoken'
password: '${{ steps.auth.outputs.access_token }}'
registry: '${{ env.DOCKER_REGISTRY }}'
# goreleaser requires a tag to publish images to container registry.
# We create a local tag to make it happy.
- run: |-
git config user.name "${GITHUB_ACTOR}"
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
git tag -f `date "+%Y%m%d%H%M%S"`
- name: 'Build the container and push to the registry with goreleaser'
uses: 'goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8' # ratchet:goreleaser/goreleaser-action@v5
with:
version: 'v1.12.3' # Manually pinned
args: 'release -f .goreleaser.docker.yaml --rm-dist --skip-validate'
deployment_webhook_integration:
runs-on: 'ubuntu-latest'
needs:
- 'build'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
- name: 'Setup gcloud'
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2
- name: 'Deploy to Cloud Run'
run: |-
gcloud run services update ${{ env.INTEGRATION_WEBHOOK_SERVICE_NAME }} \
--project="${{ env.INTEGRATION_PROJECT_ID }}" \
--region="${{ env.INTEGRATION_REGION }}" \
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" \
--tag="${{ env.TAG_ID }}"
deployment_retry_integration:
runs-on: 'ubuntu-latest'
needs:
- 'build'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
- name: 'Setup gcloud'
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2
- name: 'Deploy to Cloud Run'
run: |-
gcloud run services update ${{ env.INTEGRATION_RETRY_SERVICE_NAME }} \
--project="${{ env.INTEGRATION_PROJECT_ID }}" \
--region="${{ env.INTEGRATION_REGION }}" \
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" \
--tag="${{ env.TAG_ID }}"
deployment_artifacs_job_integration:
runs-on: 'ubuntu-latest'
needs:
- 'build'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
- name: 'Setup gcloud'
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2
- name: 'Deploy to Cloud Run Jobs'
run: |-
gcloud run jobs update ${{ env.INTEGRATION_ARTIFACTS_JOB_NAME }} \
--project="${{ env.INTEGRATION_PROJECT_ID }}" \
--region="${{ env.INTEGRATION_REGION }}" \
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64"
deployment_commit_review_status_job_integration:
runs-on: 'ubuntu-latest'
needs:
- 'build'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
- name: 'Setup gcloud'
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2
- name: 'Deploy to Cloud Run Jobs'
run: |-
gcloud run jobs update ${{ env.INTEGRATION_COMMIT_REVIEW_STATUS_JOB_NAME }} \
--project="${{ env.INTEGRATION_PROJECT_ID }}" \
--region="${{ env.INTEGRATION_REGION }}" \
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64"
integration:
runs-on: 'ubuntu-latest'
needs:
- 'deployment_webhook_integration'
- 'deployment_retry_integration'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- name: 'Setup Go'
uses: 'actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7' # ratchet:actions/setup-go@v5
with:
go-version-file: 'go.mod'
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
token_format: 'id_token'
id_token_audience: '${{ env.INTEGRATION_WEBHOOK_SERVICE_AUDIENCE }}'
- name: 'Run integration tests'
env:
TEST_INTEGRATION: 'true'
PROJECT_ID: '${{ env.INTEGRATION_PROJECT_ID }}'
DATASET_ID: 'github_metrics.events'
ID_TOKEN: '${{ steps.auth.outputs.id_token }}'
GITHUB_WEBHOOK_SECRET: '${{ secrets.INTEGRATION_WEBHOOK_SECRET }}'
ENDPOINT_URL: '${{ env.INTEGRATION_WEBHOOK_URL }}/webhook'
run: |-
go test github.com/abcxyz/github-metrics-aggregator/integration -timeout=15m
deployment_webhook_autopush:
if: |-
${{ github.event_name == 'push' }}
environment: 'autopush'
runs-on: 'ubuntu-latest'
needs:
- 'integration'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
- name: 'Setup gcloud'
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2
- name: 'Deploy to Cloud Run'
run: |-
gcloud run services update ${{ env.AUTOPUSH_WEBHOOK_SERVICE_NAME }} \
--project="${{ env.AUTOPUSH_PROJECT_ID }}" \
--region="${{ env.AUTOPUSH_REGION }}" \
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64"
deployment_retry_autopush:
if: |-
${{ github.event_name == 'push' }}
environment: 'autopush'
runs-on: 'ubuntu-latest'
needs:
- 'integration'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
- name: 'Setup gcloud'
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2
- name: 'Deploy to Cloud Run'
run: |-
gcloud run services update ${{ env.AUTOPUSH_RETRY_SERVICE_NAME }} \
--project="${{ env.AUTOPUSH_PROJECT_ID }}" \
--region="${{ env.AUTOPUSH_REGION }}" \
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64"
deployment_artifacts_job_autopush:
if: |-
${{ github.event_name == 'push' }}
environment: 'autopush'
runs-on: 'ubuntu-latest'
needs:
- 'integration'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
- name: 'Setup gcloud'
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2
- name: 'Deploy to Cloud Run Jobs'
run: |-
gcloud run jobs update "${{ env.AUTOPUSH_ARTIFACTS_JOB_NAME }}" \
--project="${{ env.AUTOPUSH_PROJECT_ID }}" \
--region="${{ env.AUTOPUSH_REGION }}" \
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64"
deployment_commit_review_status_job_autopush:
if: |-
${{ github.event_name == 'push' }}
environment: 'autopush'
runs-on: 'ubuntu-latest'
needs:
- 'integration'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER }}'
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}'
- name: 'Setup gcloud'
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2
- name: 'Deploy to Cloud Run Jobs'
run: |-
gcloud run jobs update "${{ env.AUTOPUSH_COMMIT_REVIEW_STATUS_JOB_NAME }}" \
--project="${{ env.AUTOPUSH_PROJECT_ID }}" \
--region="${{ env.AUTOPUSH_REGION }}" \
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64"