Update deps (#305) #67

Workflow file for this run

	name: Build and publish xk6-kafka

	on:
	push:
	tags:
	- "v*"

	jobs:
	build:
	name: Build xk6-kafka
	runs-on: ubuntu-latest
	steps:
	- name: Checkout 🛎️
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Install Go 🧑‍💻
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	uses: actions/setup-go@v5
	with:
	go-version: "1.23"

	- name: Install xk6 and build xk6-kafka for different platforms 🏗️
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	run: \|
	mkdir dist
	go install go.k6.io/xk6/cmd/xk6@latest
	# ------------------------- Linux amd64 -------------------------
	GOOS=linux GOARCH=amd64 xk6 build --output dist/xk6-kafka_${{ github.ref_name }}_linux_amd64 --with github.com/mostafa/xk6-kafka@${{ github.ref_name }}
	tar cvzf dist/xk6-kafka_${{ github.ref_name }}_linux_amd64.tar.gz dist/xk6-kafka_${{ github.ref_name }}_linux_amd64
	# ------------------------- Linux arm64 -------------------------
	GOOS=linux GOARCH=arm64 xk6 build --output dist/xk6-kafka_${{ github.ref_name }}_linux_arm64 --with github.com/mostafa/xk6-kafka@${{ github.ref_name }}
	tar cvzf dist/xk6-kafka_${{ github.ref_name }}_linux_arm64.tar.gz dist/xk6-kafka_${{ github.ref_name }}_linux_arm64
	# ------------------------- macOS amd64 -------------------------
	GOOS=darwin GOARCH=amd64 xk6 build --output dist/xk6-kafka_${{ github.ref_name }}_darwin_amd64 --with github.com/mostafa/xk6-kafka@${{ github.ref_name }}
	tar cvzf dist/xk6-kafka_${{ github.ref_name }}_darwin_amd64.tar.gz dist/xk6-kafka_${{ github.ref_name }}_darwin_amd64
	# ------------------------- macOS arm64 -------------------------
	GOOS=darwin GOARCH=arm64 xk6 build --output dist/xk6-kafka_${{ github.ref_name }}_darwin_arm64 --with github.com/mostafa/xk6-kafka@${{ github.ref_name }}
	tar cvzf dist/xk6-kafka_${{ github.ref_name }}_darwin_arm64.tar.gz dist/xk6-kafka_${{ github.ref_name }}_darwin_arm64
	# ------------------------- Windows amd64 -------------------------
	GOOS=windows GOARCH=amd64 xk6 build --output dist/xk6-kafka_${{ github.ref_name }}_windows_amd64.exe --with github.com/mostafa/xk6-kafka@${{ github.ref_name }}
	tar cvzf dist/xk6-kafka_${{ github.ref_name }}_windows_amd64.tar.gz dist/xk6-kafka_${{ github.ref_name }}_windows_amd64.exe
	# ------------------------- Windows arm64 -------------------------
	GOOS=windows GOARCH=arm64 xk6 build --output dist/xk6-kafka_${{ github.ref_name }}_windows_arm64.exe --with github.com/mostafa/xk6-kafka@${{ github.ref_name }}
	tar cvzf dist/xk6-kafka_${{ github.ref_name }}_windows_arm64.tar.gz dist/xk6-kafka_${{ github.ref_name }}_windows_arm64.exe

	- name: Generate CycloneDX SBOM artifacts 📃
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	run: \|
	go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
	cyclonedx-gomod mod -json -licenses -output code-cyclonedx-xk6-kafka-${{ github.ref_name }}.json

	- name: Docker meta 📝
	id: meta
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	uses: docker/metadata-action@v4
	with:
	images: mostafamoradian/xk6-kafka
	tags: \|
	type=semver,pattern={{version}}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to DockerHub 🔒
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build and push Docker image 🛳️
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	uses: docker/build-push-action@v5
	with:
	context: .
	push: true
	platforms: linux/amd64,linux/arm64
	build-args: VERSION_TAG=${{ github.ref_name }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Install cosign ⬇️
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	uses: sigstore/cosign-installer@main

	- name: Sign the Docker image ✍️
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	run: echo "${{ steps.meta.outputs.tags }}" \| xargs -I {} cosign sign -y docker.io/{}

	- name: Verify the Docker image signature ✅
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	run: \|
	echo "${{ steps.meta.outputs.tags }}" \| xargs -I {} cosign verify --certificate-identity ${IDENTITY} --certificate-oidc-issuer ${OIDC_ISSUER_URL} docker.io/{}
	env:
	IDENTITY: ${{ secrets.IDENTITY }}
	OIDC_ISSUER_URL: ${{ secrets.OIDC_ISSUER_URL }}

	- name: Scan code with Trivy vulnerability scanner 🔍
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: mostafamoradian/xk6-kafka:${{ github.ref_name }}
	scan-type: "fs"
	format: "sarif"
	output: "trivy-results.sarif"
	exit-code: 1
	ignore-unfixed: true
	severity: "CRITICAL,HIGH"
	skip-dirs: "fixtures"

	- name: Upload Trivy scan results to GitHub Security tab ⬆️
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	uses: github/codeql-action/upload-sarif@v1
	with:
	sarif_file: "trivy-results.sarif"

	- name: Scan Docker image with Syft and generate SBOM 🦉
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	uses: anchore/sbom-action@v0
	with:
	artifact-name: docker-image-cyclonedx-xk6-kafka-${{ github.ref_name }}.json
	format: cyclonedx-json
	dependency-snapshot: true

	- name: Create Release 📦 and add binaries and SBOM files 💾
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
	uses: softprops/action-gh-release@v1
	with:
	files: \|
	dist/*.tar.gz
	code-cyclonedx-xk6-kafka-${{ github.ref_name }}.json
	docker-image-cyclonedx-xk6-kafka-${{ github.ref_name }}.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update deps (#305) #67

Workflow file

Update deps (#305) #67

Jobs

Run details

Workflow file for this run