build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 in the go_modules group across 1 directory #1257
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2023 The Authors (see AUTHORS file) | |
# | |
# Licensed under the Apache License, Version 2.0 (the 'License'); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an 'AS IS' BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
name: 'ci' | |
on: | |
push: | |
branches: | |
- 'main' | |
pull_request: | |
branches: | |
- 'main' | |
workflow_dispatch: | |
env: | |
DOCKER_REGISTRY: 'us-docker.pkg.dev' | |
DOCKER_REPO: 'us-docker.pkg.dev/github-metrics-aggreg-i-64d426/ci-images' | |
DOCKER_TAG: '${{ github.sha }}' | |
TAG_ID: 'ci-${{ github.run_id }}-${{ github.run_number }}' | |
INTEGRATION_PROJECT_ID: 'github-metrics-aggreg-i-64d426' | |
INTEGRATION_REGION: 'us-central1' | |
INTEGRATION_WEBHOOK_SERVICE_NAME: 'github-metrics-webhook-c764' | |
INTEGRATION_WEBHOOK_SERVICE_AUDIENCE: 'https://github-metrics-webhook-c764-u4iwdc42oa-uc.a.run.app' | |
INTEGRATION_WEBHOOK_URL: 'https://ci-${{ github.run_id }}-${{ github.run_number }}---github-metrics-webhook-c764-u4iwdc42oa-uc.a.run.app' | |
INTEGRATION_RETRY_SERVICE_NAME: 'github-metrics-retry-4d31' | |
INTEGRATION_RETRY_SERVICE_AUDIENCE: 'https://github-metrics-retry-4d31-u4iwdc42oa-uc.a.run.app' | |
INTEGRATION_RETRY_URL: 'https://ci-${{ github.run_id }}-${{ github.run_number }}---github-metrics-retry-4d31-u4iwdc42oa-uc.a.run.app' | |
INTEGRATION_ARTIFACTS_JOB_NAME: 'gma-artifacts' | |
INTEGRATION_COMMIT_REVIEW_STATUS_JOB_NAME: 'commit-review-status-job' | |
AUTOPUSH_PROJECT_ID: 'github-metrics-aggreg-a-997e5e' | |
AUTOPUSH_REGION: 'us-central1' | |
AUTOPUSH_WEBHOOK_SERVICE_NAME: 'github-metrics-webhook-d2e4' | |
AUTOPUSH_RETRY_SERVICE_NAME: 'github-metrics-retry-d4e3' | |
AUTOPUSH_ARTIFACTS_JOB_NAME: 'gma-artifacts' | |
AUTOPUSH_COMMIT_REVIEW_STATUS_JOB_NAME: 'commit-review-status-job' | |
concurrency: | |
group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}' | |
cancel-in-progress: true | |
jobs: | |
terraform_lint: | |
uses: 'abcxyz/pkg/.github/workflows/terraform-lint.yml@main' # ratchet:exclude | |
with: | |
directory: 'terraform' | |
terraform_version: '1.7.4' | |
yaml_lint: | |
uses: 'abcxyz/pkg/.github/workflows/yaml-lint.yml@main' # ratchet:exclude | |
go_lint: | |
uses: 'abcxyz/pkg/.github/workflows/go-lint.yml@main' # ratchet:exclude | |
go_test: | |
uses: 'abcxyz/pkg/.github/workflows/go-test.yml@main' # ratchet:exclude | |
lint_and_unit: | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'terraform_lint' | |
- 'go_lint' | |
- 'go_test' | |
steps: | |
- run: 'echo prechecks complete' | |
build: | |
runs-on: | |
labels: '8-core' # custom 8-core machine for faster tests | |
needs: | |
- 'lint_and_unit' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- name: 'Setup Go' | |
uses: 'actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7' # ratchet:actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
token_format: 'access_token' | |
- name: 'Authenticate to Artifact Registry' | |
uses: 'docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20' # ratchet:docker/login-action@v3 | |
with: | |
username: 'oauth2accesstoken' | |
password: '${{ steps.auth.outputs.access_token }}' | |
registry: '${{ env.DOCKER_REGISTRY }}' | |
# goreleaser requires a tag to publish images to container registry. | |
# We create a local tag to make it happy. | |
- run: |- | |
git config user.name "${GITHUB_ACTOR}" | |
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
git tag -f `date "+%Y%m%d%H%M%S"` | |
- name: 'Build the container and push to the registry with goreleaser' | |
uses: 'goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8' # ratchet:goreleaser/goreleaser-action@v5 | |
with: | |
version: 'v1.12.3' # Manually pinned | |
args: 'release -f .goreleaser.docker.yaml --rm-dist --skip-validate' | |
deployment_webhook_integration: | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'build' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
- name: 'Setup gcloud' | |
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2 | |
- name: 'Deploy to Cloud Run' | |
run: |- | |
gcloud run services update ${{ env.INTEGRATION_WEBHOOK_SERVICE_NAME }} \ | |
--project="${{ env.INTEGRATION_PROJECT_ID }}" \ | |
--region="${{ env.INTEGRATION_REGION }}" \ | |
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" \ | |
--tag="${{ env.TAG_ID }}" | |
deployment_retry_integration: | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'build' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
- name: 'Setup gcloud' | |
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2 | |
- name: 'Deploy to Cloud Run' | |
run: |- | |
gcloud run services update ${{ env.INTEGRATION_RETRY_SERVICE_NAME }} \ | |
--project="${{ env.INTEGRATION_PROJECT_ID }}" \ | |
--region="${{ env.INTEGRATION_REGION }}" \ | |
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" \ | |
--tag="${{ env.TAG_ID }}" | |
deployment_artifacs_job_integration: | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'build' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
- name: 'Setup gcloud' | |
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2 | |
- name: 'Deploy to Cloud Run Jobs' | |
run: |- | |
gcloud run jobs update ${{ env.INTEGRATION_ARTIFACTS_JOB_NAME }} \ | |
--project="${{ env.INTEGRATION_PROJECT_ID }}" \ | |
--region="${{ env.INTEGRATION_REGION }}" \ | |
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" | |
deployment_commit_review_status_job_integration: | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'build' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
- name: 'Setup gcloud' | |
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2 | |
- name: 'Deploy to Cloud Run Jobs' | |
run: |- | |
gcloud run jobs update ${{ env.INTEGRATION_COMMIT_REVIEW_STATUS_JOB_NAME }} \ | |
--project="${{ env.INTEGRATION_PROJECT_ID }}" \ | |
--region="${{ env.INTEGRATION_REGION }}" \ | |
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" | |
integration: | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'deployment_webhook_integration' | |
- 'deployment_retry_integration' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- name: 'Setup Go' | |
uses: 'actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7' # ratchet:actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
token_format: 'id_token' | |
id_token_audience: '${{ env.INTEGRATION_WEBHOOK_SERVICE_AUDIENCE }}' | |
- name: 'Run integration tests' | |
env: | |
TEST_INTEGRATION: 'true' | |
PROJECT_ID: '${{ env.INTEGRATION_PROJECT_ID }}' | |
DATASET_ID: 'github_metrics.events' | |
ID_TOKEN: '${{ steps.auth.outputs.id_token }}' | |
GITHUB_WEBHOOK_SECRET: '${{ secrets.INTEGRATION_WEBHOOK_SECRET }}' | |
ENDPOINT_URL: '${{ env.INTEGRATION_WEBHOOK_URL }}/webhook' | |
run: |- | |
go test github.com/abcxyz/github-metrics-aggregator/integration -timeout=15m | |
deployment_webhook_autopush: | |
if: |- | |
${{ github.event_name == 'push' }} | |
environment: 'autopush' | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'integration' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
- name: 'Setup gcloud' | |
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2 | |
- name: 'Deploy to Cloud Run' | |
run: |- | |
gcloud run services update ${{ env.AUTOPUSH_WEBHOOK_SERVICE_NAME }} \ | |
--project="${{ env.AUTOPUSH_PROJECT_ID }}" \ | |
--region="${{ env.AUTOPUSH_REGION }}" \ | |
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" | |
deployment_retry_autopush: | |
if: |- | |
${{ github.event_name == 'push' }} | |
environment: 'autopush' | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'integration' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
- name: 'Setup gcloud' | |
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2 | |
- name: 'Deploy to Cloud Run' | |
run: |- | |
gcloud run services update ${{ env.AUTOPUSH_RETRY_SERVICE_NAME }} \ | |
--project="${{ env.AUTOPUSH_PROJECT_ID }}" \ | |
--region="${{ env.AUTOPUSH_REGION }}" \ | |
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" | |
deployment_artifacts_job_autopush: | |
if: |- | |
${{ github.event_name == 'push' }} | |
environment: 'autopush' | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'integration' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
- name: 'Setup gcloud' | |
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2 | |
- name: 'Deploy to Cloud Run Jobs' | |
run: |- | |
gcloud run jobs update "${{ env.AUTOPUSH_ARTIFACTS_JOB_NAME }}" \ | |
--project="${{ env.AUTOPUSH_PROJECT_ID }}" \ | |
--region="${{ env.AUTOPUSH_REGION }}" \ | |
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" | |
deployment_commit_review_status_job_autopush: | |
if: |- | |
${{ github.event_name == 'push' }} | |
environment: 'autopush' | |
runs-on: 'ubuntu-latest' | |
needs: | |
- 'integration' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: 'Checkout' | |
uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4 | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER }}' | |
service_account: '${{ vars.WIF_SERVICE_ACCOUNT }}' | |
- name: 'Setup gcloud' | |
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2 | |
- name: 'Deploy to Cloud Run Jobs' | |
run: |- | |
gcloud run jobs update "${{ env.AUTOPUSH_COMMIT_REVIEW_STATUS_JOB_NAME }}" \ | |
--project="${{ env.AUTOPUSH_PROJECT_ID }}" \ | |
--region="${{ env.AUTOPUSH_REGION }}" \ | |
--image="${{ env.DOCKER_REPO }}/github-metrics-aggregator:${{ env.DOCKER_TAG }}-amd64" |