Skip to content

Bump actions/checkout from 3 to 4 #46

Bump actions/checkout from 3 to 4

Bump actions/checkout from 3 to 4 #46

Workflow file for this run

name: Build
on:
workflow_dispatch:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
pull_request_target:
types: [opened, synchronize, reopened, ready_for_review]
push:
env:
CONTAINER_REGISTRY: ghcr.io
CONTAINER_IMAGE: ghcr.io/${{ github.repository }}
PLATFORMS: linux/amd64,linux/arm64
jobs:
binaries:
name: Binaries
# pull_request_target: Only "dependabot[bot]" is allowed to access secrets.
# pull_request: All other forks are running without access to secrets.
runs-on: ubuntu-latest
if: |
(github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]') ||
(github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]')
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64
- linux/arm
- darwin/amd64
- darwin/arm64
- windows/amd64
steps:
- name: Clone repository
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@v4
# Allow "dependabot[bot]" to verify its changes with access to secrets and modified code.
- name: Clone repository for Dependabot
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up Go compiler
uses: actions/setup-go@v3
with:
go-version-file: go.mod
check-latest: true
- name: Fetch version from git history
if: github.ref_protected == true
uses: docker://ghcr.io/codfish/semantic-release-action:v1
id: semantic
with:
dry_run: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build binary
if: github.ref_protected == true
run: VERSION=v${{ steps.semantic.outputs.release-version }} UPX=-9 PLATFORM=${{ matrix.platform }} make build
- name: Build binary
if: github.ref_protected == false
run: UPX=-9 PLATFORM=${{ matrix.platform }} make build
- name: Upload binary
uses: actions/upload-artifact@v3
with:
name: binaries
path: bin/*
container:
name: Container
runs-on: ubuntu-latest
if: |
(github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]') ||
(github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]')
steps:
- name: Clone repository
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@v4
# Allow "dependabot[bot]" to verify its changes with access to secrets and modified code.
- name: Clone repository for Dependabot
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Fetch version from git history
uses: codfish/semantic-release-action@v2
id: semantic
with:
dry_run: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Generate container metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.CONTAINER_IMAGE }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=v${{ steps.semantic.outputs.release-version }},enable=${{ steps.semantic.outputs.new-release-published }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ${{ env.CONTAINER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push container image
uses: docker/build-push-action@v3
with:
file: build/package/Dockerfile
cache-from: type=registry,ref=${{ env.CONTAINER_IMAGE }}:main
cache-to: type=inline
platforms: ${{ env.PLATFORMS }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: ${{ steps.semantic.outputs.new-release-published }}
build-args: |
VERSION=v${{ steps.semantic.outputs.release-version }}
auto-merge:
name: Auto-merge
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
needs: [binaries, container]
steps:
- uses: ahmadnassri/action-dependabot-auto-merge@v2
with:
github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
target: all
release:
name: Release
if: github.ref_protected == true && github.event_name == 'push'
needs: [binaries, container]
runs-on: ubuntu-latest
steps:
- name: Clone repository
uses: actions/checkout@v4
- name: Download release artifacts
uses: actions/download-artifact@v3
with:
name: binaries
path: release
- name: Create release
uses: docker://ghcr.io/codfish/semantic-release-action:v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}