mirror of
https://github.com/gopasspw/gopass.git
synced 2026-02-01 17:37:29 +00:00
5c56885ade
If they build successfully we end up merging them anyway. Based on https://carlosbecker.com/posts/dependabot-automerge/ Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
178 lines
4.9 KiB
YAML
178 lines
4.9 KiB
YAML
name: Build gopass
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
linux:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
with:
|
|
egress-policy: block
|
|
allowed-endpoints: >
|
|
github.com:443
|
|
objects.githubusercontent.com:443
|
|
proxy.golang.org:443
|
|
raw.githubusercontent.com:443
|
|
release-assets.githubusercontent.com:443
|
|
storage.googleapis.com:443
|
|
sum.golang.org:443
|
|
golang.org:443
|
|
go.dev:443
|
|
azure.archive.ubuntu.com:443
|
|
archive.ubuntu.com:443
|
|
security.ubuntu.com:443
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
|
with:
|
|
go-version: '1.24'
|
|
- uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
|
|
with:
|
|
path: ~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Ubuntu Dependencies
|
|
run: sudo apt-get install --yes git gnupg
|
|
- run: git config --global user.name nobody
|
|
- run: git config --global user.email foo.bar@example.org
|
|
|
|
-
|
|
name: Debug
|
|
run: |
|
|
echo "Go env ------------------"
|
|
pwd
|
|
echo ${HOME}
|
|
echo ${GITHUB_WORKSPACE}
|
|
echo ${GOPATH}
|
|
echo ${GOROOT}
|
|
env
|
|
|
|
- name: Build and Unit Test
|
|
run: make gha-linux
|
|
- name: Integration Test
|
|
run: make test-integration
|
|
|
|
container:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Extract metadata (tags, labels) for Docker
|
|
id: meta
|
|
uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
|
|
env:
|
|
IMAGE_NAME: ${{ github.repository }}
|
|
with:
|
|
images: ${{ env.IMAGE_NAME }}
|
|
|
|
- name: Build container image
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
|
|
with:
|
|
context: .
|
|
push: false
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
|
|
# windows:
|
|
# runs-on: windows-latest
|
|
# defaults:
|
|
# run:
|
|
# shell: msys2 {0}
|
|
# steps:
|
|
# - name: Harden Runner
|
|
# uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
# with:
|
|
# egress-policy: audit
|
|
|
|
# - uses: msys2/setup-msys2@40677d36a502eb2cf0fb808cc9dec31bf6152638 # v2.28.0
|
|
# with:
|
|
# release: false
|
|
# path-type: inherit
|
|
# install: >-
|
|
# base-devel
|
|
# git
|
|
|
|
# - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
# with:
|
|
# fetch-depth: 0
|
|
|
|
# - name: Set up Go
|
|
# uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
|
# with:
|
|
# go-version: '1.24'
|
|
|
|
# - run: git config --global user.name nobody
|
|
# - run: git config --global user.email foo.bar@example.org
|
|
|
|
# - name: Build and Unit Test
|
|
# run: make gha-windows
|
|
|
|
macos:
|
|
runs-on: macos-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
|
with:
|
|
go-version: '1.24'
|
|
|
|
- run: git config --global user.name nobody
|
|
- run: git config --global user.email foo.bar@example.org
|
|
|
|
- name: Build and Unit Test
|
|
run: make gha-osx
|
|
env:
|
|
SLOW_TEST_FACTOR: 100
|
|
|
|
dependabot:
|
|
needs: [linux]
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
pull-requests: write
|
|
contents: write
|
|
if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
|
|
steps:
|
|
- id: metadata
|
|
uses: dependabot/fetch-metadata@v2
|
|
with:
|
|
github-token: "${{ secrets.GITHUB_TOKEN }}"
|
|
- run: |
|
|
gh pr review --approve "$PR_URL"
|
|
gh pr merge --squash --auto "$PR_URL"
|
|
env:
|
|
PR_URL: ${{github.event.pull_request.html_url}}
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|