🧹 Bump cnspec to v11.41.0 (#371) #401
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Packer Plugin | |
| ## Only trigger tests if source is changing | |
| on: | |
| push: | |
| paths: | |
| - "**.go" | |
| - "**.mod" | |
| - "go.sum" | |
| jobs: | |
| license-check: | |
| name: License Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4.1.1 | |
| - name: Setup Copywrite | |
| uses: hashicorp/setup-copywrite@v1.1.3 | |
| - name: Check Header Compliance | |
| run: copywrite headers --plan | |
| goreleaser: | |
| name: GoReleaser | |
| runs-on: self-hosted | |
| env: | |
| RUNNER_TYPE: "self-hosted" | |
| timeout-minutes: 120 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.1 | |
| - name: Unshallow | |
| run: git fetch --prune --unshallow | |
| - name: Import environment variables from file | |
| run: cat ".github/env" >> $GITHUB_ENV | |
| - name: Set up Go | |
| uses: actions/setup-go@v5.3.0 | |
| with: | |
| go-version: ">=${{ env.golang-version }}" | |
| cache: false | |
| - name: Check go mod | |
| run: | | |
| go mod tidy | |
| git diff --exit-code go.mod | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v6.3.2 | |
| with: | |
| version: latest | |
| skip-cache: true | |
| - name: "Install required tooling" | |
| if: ${{ env.RUNNER_TYPE != 'self-hosted' }} | |
| run: | | |
| # Only use sudo on self-hosted runners | |
| sudo apt install -y zip | |
| - name: Set cnspec version | |
| run: echo "CNSPEC_VERSION=$(go list -json -m go.mondoo.com/cnspec/v11 | jq -r '.Version')" >> $GITHUB_ENV | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| version: latest | |
| args: release --snapshot --skip=publish --clean | |
| env: | |
| API_VERSION: x5.0 | |
| CNSPEC_VERSION: ${{ env.CNSPEC_VERSION }} | |
| go-auto-approve: | |
| runs-on: ubuntu-latest | |
| needs: [goreleaser, license-check] | |
| # For now, we only auto approve and merge cnspec bump PRs created by mondoo-tools. | |
| # We have to check the commit author, because the PR is created by "github-actions[bot]" | |
| # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#startswith | |
| if: ${{ startsWith(github.ref, 'refs/heads/version/cnspec_update_v') && github.event.commits[0].author.username == 'mondoo-tools' }} | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # figure out the PR for this commit | |
| - uses: cloudposse-github-actions/get-pr@v2.0.0 | |
| id: pr | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| filterOutClosed: true | |
| filterOutDraft: true | |
| # fetch a token for the mondoo-mergebot app | |
| - name: Generate token | |
| id: generate-token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ secrets.MONDOO_MERGEBOT_APP_ID }} | |
| private-key: ${{ secrets.MONDOO_MERGEBOT_APP_PRIVATE_KEY }} | |
| # automerge using bot token | |
| - name: Approve and merge a PR | |
| run: | | |
| gh pr review ${{ steps.pr.outputs.number }} --approve | |
| gh pr merge ${{ steps.pr.outputs.number }} --squash | |
| env: | |
| GH_TOKEN: ${{ steps.generate-token.outputs.token }} |