bump crypto to 0.31 (#137) #426
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| GOPRIVATE: github.com/observiq | |
| concurrency: | |
| group: ${{ github.head_ref || github.ref_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| setup-environment: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Install Tools | |
| if: steps.tool-cache.outputs.cache-hit != 'true' | |
| run: make install-tools | |
| vet: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: Configure GIT SSH | |
| run: git config --global [email protected]:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| - name: Vet | |
| run: go vet ./... | |
| secure: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: Configure GIT SSH | |
| run: git config --global [email protected]:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Gosec | |
| run: make gosec | |
| check-license: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: Configure GIT SSH | |
| run: git config --global [email protected]:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Check License Headers | |
| run: make check-license | |
| lint: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: Configure GIT SSH | |
| run: git config --global [email protected]:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Lint | |
| run: make lint | |
| misspell: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: Configure GIT SSH | |
| run: git config --global [email protected]:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Misspell | |
| run: make misspell | |
| test-end-to-end: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| bindplane_version: | |
| - "latest" | |
| - "module" # Use the current Go module version | |
| - "v1.84.0" | |
| - "v1.80.0" | |
| - "v1.77.0" | |
| - "v1.73.0" | |
| - "v1.71.0" | |
| - "v1.70.0" # Routes introduced. Older clients work against 1.70, but 1.70 client will not work against older bindplane | |
| - "v1.66.0" | |
| - "v1.50.0" | |
| - "v1.44.0" | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: Configure GIT SSH | |
| run: git config --global [email protected]:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - uses: KengoTODA/actions-setup-docker-compose@main | |
| with: | |
| version: '2.7.0' | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - run: make test-end-to-end | |
| env: | |
| BINDPLANE_VERSION: ${{ matrix.bindplane_version }} | |
| BINDPLANE_LICENSE: ${{ secrets.BINDPLANE_LICENSE }} | |
| - run: goreleaser --version | |
| if: always() | |
| - run: tree dist/ | |
| if: always() | |
| - name: list images (debug) | |
| if: always() | |
| run: docker images | |
| test-local: | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| strategy: | |
| matrix: | |
| bindplane_version: | |
| - "latest" | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: Configure GIT SSH | |
| run: git config --global [email protected]:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - uses: KengoTODA/actions-setup-docker-compose@main | |
| with: | |
| version: '2.7.0' | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| # https://observiq.com/download | |
| - name: Start BindPlane | |
| run: | | |
| cat <<EOF > docker-compose.yml | |
| version: "3" | |
| volumes: | |
| bindplane: | |
| services: | |
| transform: | |
| container_name: bindplane-transform-agent | |
| restart: always | |
| image: ghcr.io/observiq/bindplane-transform-agent:latest | |
| ports: | |
| - "4568:4568" | |
| bindplane: | |
| container_name: bindplane-server | |
| restart: always | |
| image: ghcr.io/observiq/bindplane-ee:${VERSION} | |
| ports: | |
| - "3001:3001" | |
| environment: | |
| - BINDPLANE_USERNAME=admin | |
| - BINDPLANE_PASSWORD=password | |
| - BINDPLANE_REMOTE_URL=http://localhost:3001 | |
| - BINDPLANE_SESSION_SECRET=2c23c9d3-850f-4062-a5c8-3f9b814ae144 | |
| - BINDPLANE_LOG_OUTPUT=stdout | |
| - BINDPLANE_ACCEPT_EULA=true | |
| - BINDPLANE_TRANSFORM_AGENT_ENABLE_REMOTE=true | |
| - BINDPLANE_TRANSFORM_AGENT_REMOTE_AGENTS=transform:4568 | |
| - BINDPLANE_LICENSE=${BINDPLANE_LICENSE} | |
| volumes: | |
| - bindplane:/data | |
| depends_on: | |
| - transform | |
| EOF | |
| docker-compose up -d | |
| env: | |
| BINDPLANE_LICENSE: ${{ secrets.BINDPLANE_LICENSE }} | |
| VERSION: ${{ matrix.bindplane_version }} | |
| - name: Init BindPlane Organization | |
| uses: nick-fields/retry@v3 | |
| with: | |
| timeout_minutes: 1 | |
| polling_interval_seconds: 2 | |
| max_attempts: 3 | |
| shell: bash | |
| command: | | |
| curl \ | |
| -u admin:password http://localhost:3001/v1/organizations \ | |
| -X POST -d '{"organizationName": "init", "accountName": "project", "eulaAccepted":true}' -v | |
| - name: Get docker compose config (debug) | |
| if: always() | |
| run: cat docker-compose.yml | grep -v BINDPLANE_LICENSE | |
| - name: Build provider for local testing | |
| run: make test-local | |
| - name: run local tests | |
| run: TF_CLI_CONFIG_FILE=./dev.tfrc terraform apply -auto-approve | |
| working-directory: test/local | |
| - name: cleanup local tests | |
| run: TF_CLI_CONFIG_FILE=./dev.tfrc terraform destroy -auto-approve | |
| working-directory: test/local | |
| - name: prep example/ | |
| run: | | |
| cp test/local/dev.tfrc example/ | |
| cp -r test/local/providers example/ | |
| - name: apply example resources | |
| run: TF_CLI_CONFIG_FILE=./dev.tfrc terraform apply -auto-approve | |
| working-directory: example/ | |
| - name: cleanup example resources | |
| run: TF_CLI_CONFIG_FILE=./dev.tfrc terraform destroy -auto-approve | |
| working-directory: example/ | |
| - run: goreleaser --version | |
| if: always() | |
| - run: tree dist/ | |
| if: always() | |
| - name: list images (debug) | |
| if: always() | |
| run: docker images | |
| - name: list containers (debug) | |
| if: always() | |
| run: docker ps | |
| - name: bindplane logs (debug) | |
| if: always() | |
| run: docker logs bindplane-server | |
| build: | |
| # Skip build for dependabot. It takes long and requires our GPG | |
| # key. The `test-end-to-end` job will test building the binary. | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| runs-on: "ubuntu-22.04" | |
| needs: | |
| - setup-environment | |
| steps: | |
| - name: Check out source code | |
| uses: actions/checkout@v4 | |
| - name: Configure GIT SSH | |
| run: git config --global [email protected]:.insteadOf https://github.com/ | |
| - name: Configure SSH Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.BINDPLANE_ENTERPRISE_SSH_PRIVATE_KEY }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| - name: Cache Tools | |
| id: tool-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /home/runner/go/bin | |
| key: tooling-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
| - name: Import GPG key | |
| id: import_gpg | |
| uses: paultyng/[email protected] | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} | |
| - name: Test GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| version: v2.1.0 | |
| args: release --snapshot --skip=publish --clean --parallelism 2 --config release/goreleaser.yml | |
| env: | |
| GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} | |
| - name: Scan Binaries | |
| run: lichen --config=./license.yaml $(find dist/provider_* -type f | grep terraform-provider-bindplane | xargs) |