Skip to content

fix: dependabot

fix: dependabot #79

Workflow file for this run

name: Nolus-Core
on:
workflow_dispatch:
push:
branches:
- "**" # any branch
tags:
# triggers the final 'release' job
- "v*.*.*" # this is protected tag pattern
env:
VERSION_TAG: ${{ github.ref_name }}
ARTIFACT_BIN: "nolus.tar.gz"
CHECKSUM_FILE: "sha256sum.txt"
METADATA_FILE: "${{ github.ref_name }}_binaries.json"
# docker images
CONTAINER_REGISTRY: ghcr.io
BUILDER_IMAGE_TAG: "1.23.0"
BUILDER_IMAGE_NAME: "builder"
BUILDER_DOCKERFILE: ".github/images/builder.Dockerfile"
PROTOGEN_IMAGE_TAG: "0.2.0"
PROTOGEN_IMAGE_NAME: "protogen"
PROTOGEN_DOCKERFILE: ".github/images/protogen.Dockerfile"
permissions:
contents: read
jobs:
protogen-image:
name: Ensure protogen image exists
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
tag: ${{ steps.ensure.outputs.tag }}
steps:
- uses: actions/checkout@v4
- uses: "./.github/actions/ensure-docker-image"
id: ensure
with:
gh-token: ${{ secrets.GITHUB_TOKEN }}
dockerfile: ${{ env.PROTOGEN_DOCKERFILE }}
image-name: ${{ env.PROTOGEN_IMAGE_NAME }}
image-tag: ${{ env.PROTOGEN_IMAGE_TAG }}
proto-lint:
name: Lint protobuf files
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: bufbuild/buf-setup-action@v1.39.0
- uses: bufbuild/buf-lint-action@v1
with:
input: "proto"
proto-break-check:
name: Detect protobuf breaking changes
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: bufbuild/buf-setup-action@v1.39.0
- uses: bufbuild/buf-breaking-action@v1.1.4
with:
input: "proto"
against: "https://github.com/${{ github.repository }}.git#branch=main,ref=HEAD~1,subdir=proto"
builder-image:
name: Ensure builder image exists
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
tag: ${{ steps.ensure.outputs.tag }}
steps:
- uses: actions/checkout@v4
- uses: "./.github/actions/ensure-docker-image"
id: ensure
with:
gh-token: ${{ secrets.GITHUB_TOKEN }}
dockerfile: ${{ env.BUILDER_DOCKERFILE }}
image-name: ${{ env.BUILDER_IMAGE_NAME }}
image-tag: ${{ env.BUILDER_IMAGE_TAG }}
golang-lint:
name: Lint Go files
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v5
with:
go-version: 1.23
cache: false
- uses: actions/checkout@v4
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: v1.61.0
# Optional: if set to true, then all caching functionality will be completely disabled,
# takes precedence over all other caching options.
skip-cache: true
# Optional: The mode to install golangci-lint. It can be 'binary' or 'goinstall'.
install-mode: "goinstall"
test-unit:
name: Run unit tests
runs-on: ubuntu-latest
needs: [golang-lint, builder-image, protogen-image, proto-lint, proto-break-check]
steps:
- uses: actions/setup-go@v5
with:
go-version: 1.23
cache: false
- uses: actions/checkout@v4
- run: |
make test-unit
- name: Archive code coverage results
uses: actions/upload-artifact@v4
with:
name: coverage-results-out
path: |
cover.out
retention-days: 1
test-unit-coverage:
name: Code coverage reports
needs: test-unit
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v5
with:
go-version: 1.23
cache: false
- uses: actions/checkout@v4
- name: Download coverage result
uses: actions/download-artifact@v4
with:
name: coverage-results-out
- run: |
make test-unit-coverage
make test-unit-coverage-report
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: coverage-reports
path: |
coverage.xml
coverage.html
build-binary:
name: Build binary
runs-on: ubuntu-latest
needs: [test-unit-coverage, builder-image]
container:
# image name needs to be hardcoded: https://github.com/orgs/community/discussions/26324
image: "ghcr.io/nolus-protocol/nolus-core/builder:1.23.0"
steps:
- uses: actions/checkout@v4
# This is to fix GIT not liking owner of the checkout dir
# Happens when executing not into the default container
- name: Set ownership
run: |
chown -R $(id -u):$(id -g) $PWD
- name: Run build binary
run: |
make build
echo "Ensuring binary is statically linked ..."
file target/release/nolusd | grep "statically linked"
- name: Prepare binary tar
run: |
tar -C target/release/ -czvf $ARTIFACT_BIN .
- name: Upload binary tar
uses: actions/upload-artifact@v4
with:
name: nolusd-tar-${{ env.VERSION_TAG }}
path: ${{ env.ARTIFACT_BIN }}
- name: Upload binary
uses: actions/upload-artifact@v4
with:
name: nolusd-${{ env.VERSION_TAG }}
path: target/release/nolusd
# Add metadata for cosmovisor
add-meta:
name: Add metadata
runs-on: ubuntu-latest
needs: build-binary
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
- name: Get binary checksum
run: |
CHECKSUM=$(shasum -a 256 nolusd-"${VERSION_TAG}"/nolusd)
echo "$CHECKSUM" > $CHECKSUM_FILE
HASH=$(echo "$CHECKSUM" | cut -d' ' -f1)
JSON="{\"binaries\": {\"linux/amd64\": \"https://github.com/nolus-protocol/nolus-core/releases/download/${VERSION_TAG}/nolusd?checksum=sha256:$HASH\"}}"
echo $JSON > $METADATA_FILE
- name: Upload metadata
uses: actions/upload-artifact@v4
with:
name: metadata
path: |
${{ env.METADATA_FILE }}
${{ env.CHECKSUM_FILE }}
# Drafts a Github release
# Only tags which match the protected tag pattern will trigger this job
# Tag pattern: v*.*.*
release:
name: Draft release
if: github.ref_type == 'tag'
runs-on: ubuntu-latest
needs: add-meta
permissions: write-all
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
- name: Display structure of downloaded files
run: ls -R
# temporary using commit as version until it is merged. Updates node version v12 -> v16
- uses: "marvinpinto/action-automatic-releases@6273874b61ebc8c71f1a61b2d98e234cf389b303"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
prerelease: false
draft: true
files: |
nolusd-tar-${{ env.VERSION_TAG }}
nolusd-${{ env.VERSION_TAG }}
metadata