Redesign CI

Signed-off-by: Mateusz Dymiński <dyminski@gmail.com>
rad-security · Sep 18, 2023 · a193f96 · a193f96
1 parent cb2b477
commit a193f96
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 18 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -2,27 +2,54 @@ name: build
 
 on:
   pull_request:
-  workflow_call:
-    secrets:
-      PERSONAL_ACCESS_TOKEN:
-        required: true
-
 
 jobs:
+  version:
+    runs-on: ubuntu-latest
+    if: startsWith(github.head_ref, 'renovate') == false
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Detect Version for Docker
+        id: docker-version
+        run: echo "VERSION=$(SEP="-" scripts/version)" >> $GITHUB_OUTPUT
+      - name: Detect Version
+        id: version
+        run: echo "VERSION=$(scripts/version)" >> $GITHUB_OUTPUT
+    outputs:
+      docker-version: ${{ steps.docker-version.outputs.VERSION }}
+      version: ${{ steps.version.outputs.VERSION }}
+
   build:
     runs-on: ubuntu-latest
+    needs:
+      - version
     steps:
       - uses: actions/checkout@v4
 
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.21'
           check-latest: true # https://github.com/actions/setup-go#check-latest-version
           cache: true # https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs
 
       - name: Build
         run: go build -race ./...
 
+      - name: Install GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: latest
+          install-only: true
+
+      - name: Snapshot
+        if: startsWith(github.ref , 'refs/tags/v') == false
+        run: make snapshot
+        env:
+          GORELEASER_CURRENT_TAG: ${{ needs.version.outputs.docker-version }}
+
       - name: Grype scan
         id: scan
         uses: anchore/scan-action@v3

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,7 +4,6 @@ on:
   push:
     tags:
       - "v*"
-  pull_request:
   workflow_call:
     secrets:
       PERSONAL_ACCESS_TOKEN:
@@ -52,22 +51,22 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.21'
           check-latest: true # https://github.com/actions/setup-go#check-latest-version
           cache: true # https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs
 
-      - uses: sigstore/cosign-installer@v3.1.1          # installs cosign
+      - uses: sigstore/cosign-installer@v3.1.2          # installs cosign
       - uses: anchore/sbom-action/download-syft@v0.14.3 # installs syft
 
       - name: Login to GCR
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: us.gcr.io
           username: _json_key
           password: ${{ secrets.PUBLIC_GCR_JSON_KEY }}
 
       - name: Install GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
         with:
           version: latest
           install-only: true

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -20,9 +20,7 @@ jobs:
       - name: Run FOSSA scan and upload build data
         uses: fossa-contrib/fossa-action@v2.0.0
         with:
-          # FOSSA Push-Only API Token
           fossa-api-key: 0580abfd8ed19432331e14f6e9eaa7ff
-          github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
 
   scan-codeql:
     runs-on: ubuntu-latest
@@ -39,10 +37,10 @@ jobs:
             **/go.sum
             **/go.mod
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2.21.5
+        uses: github/codeql-action/init@v2.21.7
         with:
           languages: go
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2.21.5
+        uses: github/codeql-action/autobuild@v2.21.7
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2.21.5
+        uses: github/codeql-action/analyze@v2.21.7
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -11,7 +11,7 @@ jobs:
 
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.21'
           check-latest: true # https://github.com/actions/setup-go#check-latest-version
           cache: true # https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs
 

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -71,7 +71,7 @@ signs:
     output: true
 
 brews:
-  - tap:
+  - repository:
       owner: ksoclabs
       name: homebrew-kbom
     homepage: "https://github.com/ksoclabs/kbom"