This repository has been archived by the owner on Sep 24, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 4c2e14e
Showing
26 changed files
with
13,136 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
name: main | ||
|
||
on: | ||
push: | ||
branches: | ||
- master | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
- name: Checkout | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
- name: Setup Go | ||
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version: 1.20.x | ||
- name: Restore Go cache | ||
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | ||
with: | ||
path: ~/go/pkg/mod | ||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | ||
restore-keys: | | ||
${{ runner.os }}-go- | ||
- name: Tests | ||
run: make test | ||
- name: Send go coverage report | ||
uses: shogo82148/actions-goveralls@7b1bd2871942af030d707d6574e5f684f9891fb2 # v1.8.0 | ||
with: | ||
path-to-profile: coverage.out |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
name: pr-build | ||
|
||
on: | ||
pull_request: | ||
types: | ||
- opened | ||
- synchronize | ||
- reopened | ||
|
||
jobs: | ||
fmt: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | ||
with: | ||
egress-policy: audit | ||
- name: Checkout | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | ||
- name: Setup Go | ||
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version: 1.20.x | ||
- name: Restore Go cache | ||
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | ||
with: | ||
path: ~/go/pkg/mod | ||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | ||
restore-keys: | | ||
${{ runner.os }}-go- | ||
- name: fmt | ||
run: make fmt | ||
- name: vet | ||
run: make vet | ||
- name: lint | ||
run: make lint | ||
- name: Check if working tree is dirty | ||
run: | | ||
if [[ $(git diff --stat) != '' ]]; then | ||
git --no-pager diff | ||
echo 'run <make test> and commit changes' | ||
exit 1 | ||
fi | ||
build: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
profiles: ${{ steps.profiles.outputs.matrix }} | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
- name: Checkout | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
- name: Setup Go | ||
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version: 1.20.x | ||
- name: Restore Go cache | ||
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | ||
with: | ||
path: ~/go/pkg/mod | ||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | ||
restore-keys: | | ||
${{ runner.os }}-go- | ||
- name: test | ||
run: make test | ||
- name: Send go coverage report | ||
uses: shogo82148/actions-goveralls@7b1bd2871942af030d707d6574e5f684f9891fb2 # v1.8.0 | ||
with: | ||
path-to-profile: coverage.out | ||
- name: Check if working tree is dirty | ||
run: | | ||
if [[ $(git diff --stat) != '' ]]; then | ||
git --no-pager diff | ||
echo 'run <make test> and commit changes' | ||
exit 1 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
name: pr-label | ||
|
||
on: | ||
pull_request: | ||
|
||
jobs: | ||
size-label: | ||
runs-on: ubuntu-latest | ||
if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }} | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
- name: size-label | ||
uses: "pascalgn/size-label-action@b1f4946f381d38d3b5960f76b514afdfef39b609" | ||
env: | ||
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
name: publish-release | ||
on: | ||
release: | ||
types: [published] | ||
|
||
jobs: | ||
publish-release: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
- uses: Actions-R-Us/actions-tagger@330ddfac760021349fef7ff62b372f2f691c20fb # v2.0.3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
name: rebase | ||
|
||
on: | ||
pull_request: | ||
types: [opened] | ||
issue_comment: | ||
types: [created] | ||
|
||
jobs: | ||
rebase: | ||
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') && (github.event.comment.author_association == 'CONTRIBUTOR' || github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER') | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
- name: Checkout the latest code | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Automatic Rebase | ||
uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 #1.8 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
name: release | ||
on: | ||
push: | ||
tags: | ||
- 'v*' | ||
|
||
permissions: | ||
contents: write # needed to write releases | ||
id-token: write # needed for keyless signing | ||
packages: write # needed for ghcr access | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
- name: Checkout code | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
with: | ||
fetch-depth: 0 | ||
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version: '1.20' | ||
- name: Docker Login | ||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Setup Cosign | ||
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 | ||
- uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3 | ||
- name: Create release and SBOM | ||
if: startsWith(github.ref, 'refs/tags/v') | ||
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 | ||
with: | ||
version: latest | ||
args: release --rm-dist --skip-validate | ||
env: | ||
RUNNER_TOKEN: ${{ github.token }} | ||
GITHUB_TOKEN: ${{ secrets.DOODLE_OSS_BOT}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
name: scan | ||
|
||
on: | ||
push: | ||
branches: [ master ] | ||
pull_request: | ||
schedule: | ||
- cron: '18 10 * * 3' | ||
|
||
permissions: | ||
contents: read # for actions/checkout to fetch code | ||
security-events: write # for codeQL to write security events | ||
|
||
jobs: | ||
fossa: | ||
name: fossa | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
- name: Run FOSSA scan and upload build data | ||
uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 #v2.0.0 | ||
with: | ||
# FOSSA Push-Only API Token | ||
fossa-api-key: 956b9b92c5b16eeca1467cebe104f2c3 | ||
github-token: ${{ github.token }} | ||
|
||
codeql: | ||
name: codeql | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
- name: Checkout repository | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@c73d8a69e18598d5de9d6bf5de3a374253cde261 #codeql-bundle-20221020 | ||
with: | ||
languages: go | ||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@c73d8a69e18598d5de9d6bf5de3a374253cde261 #codeql-bundle-20221020 | ||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@c73d8a69e18598d5de9d6bf5de3a374253cde261 #codeql-bundle-20221020 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
project_name: yakmv | ||
|
||
builds: | ||
- id: yakmv | ||
binary: yakmv | ||
goos: | ||
- linux | ||
- darwin | ||
- windows | ||
env: | ||
- CGO_ENABLED=0 | ||
|
||
archives: | ||
- id: yakmv | ||
name_template: "yakmv_{{ .Version }}_{{ .Os }}_{{ .Arch }}" | ||
builds: | ||
- yakmv | ||
|
||
checksum: | ||
name_template: 'checksums.txt' | ||
|
||
source: | ||
enabled: true | ||
name_template: "{{ .ProjectName }}_{{ .Version }}_source_code" | ||
|
||
changelog: | ||
use: github-native | ||
|
||
sboms: | ||
- id: source | ||
artifacts: source | ||
documents: | ||
- "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json" | ||
|
||
dockers: | ||
- image_templates: | ||
- ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64 | ||
dockerfile: Dockerfile | ||
use: buildx | ||
ids: | ||
- yakmv | ||
build_flag_templates: | ||
- --platform=linux/amd64 | ||
- --label=org.opencontainers.image.title={{ .ProjectName }} | ||
- --label=org.opencontainers.image.description={{ .ProjectName }} | ||
- --label=org.opencontainers.image.url=https://github.com/doodlescheduling/{{ .ProjectName }} | ||
- --label=org.opencontainers.image.source=https://github.com/doodlescheduling/{{ .ProjectName }} | ||
- --label=org.opencontainers.image.version={{ .Version }} | ||
- --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }} | ||
- --label=org.opencontainers.image.revision={{ .FullCommit }} | ||
- --label=org.opencontainers.image.licenses=Apache-2.0 | ||
- image_templates: | ||
- ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8 | ||
goarch: arm64 | ||
dockerfile: Dockerfile | ||
use: buildx | ||
ids: | ||
- yakmv | ||
build_flag_templates: | ||
- --platform=linux/arm64/v8 | ||
- --label=org.opencontainers.image.title={{ .ProjectName }} | ||
- --label=org.opencontainers.image.description={{ .ProjectName }} | ||
- --label=org.opencontainers.image.url=https://github.com/doodlescheduling/{{ .ProjectName }} | ||
- --label=org.opencontainers.image.source=https://github.com/doodlescheduling/{{ .ProjectName }} | ||
- --label=org.opencontainers.image.version={{ .Version }} | ||
- --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }} | ||
- --label=org.opencontainers.image.revision={{ .FullCommit }} | ||
- --label=org.opencontainers.image.licenses=Apache-2.0 | ||
|
||
docker_manifests: | ||
- name_template: ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }} | ||
image_templates: | ||
- ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64 | ||
- ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8 | ||
- name_template: ghcr.io/doodlescheduling/{{ .ProjectName }}:latest | ||
image_templates: | ||
- ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64 | ||
- ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8 | ||
- name_template: ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Major }} | ||
image_templates: | ||
- ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64 | ||
- ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8 | ||
|
||
brews: | ||
- ids: | ||
- yakmv | ||
tap: | ||
owner: doodlescheduling | ||
name: yakmv | ||
token: "{{ .Env.GITHUB_TOKEN }}" | ||
description: Kubernetes manifest validator | ||
homepage: https://github.com/doodlescheduling/yakmv | ||
folder: Formula | ||
test: | | ||
system "#{bin}/yakmv -h" | ||
signs: | ||
- cmd: cosign | ||
certificate: "${artifact}.pem" | ||
env: | ||
- GITHUB_TOKEN=$RUNNER_TOKEN | ||
- COSIGN_EXPERIMENTAL=1 | ||
args: | ||
- sign-blob | ||
- "--output-certificate=${certificate}" | ||
- "--output-signature=${signature}" | ||
- "${artifact}" | ||
- --yes | ||
artifacts: all | ||
output: true | ||
|
||
docker_signs: | ||
- cmd: cosign | ||
env: | ||
- GITHUB_TOKEN=$RUNNER_TOKEN | ||
- COSIGN_EXPERIMENTAL=1 | ||
artifacts: images | ||
output: true | ||
args: | ||
- 'sign' | ||
- '${artifact}' | ||
- --yes |
Oops, something went wrong.