Skip to content

fix(deps): update module github.com/getsops/sops/v3 to v3.9.1 #2026

fix(deps): update module github.com/getsops/sops/v3 to v3.9.1

fix(deps): update module github.com/getsops/sops/v3 to v3.9.1 #2026

Workflow file for this run

# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen".
name: build
on:
pull_request: {}
workflow_dispatch: {}
jobs:
build:
needs: zipper
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Download zipper artifacts
uses: actions/download-artifact@v4
with:
name: zipper
path: assets
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Install dependencies
run: yarn install --check-files
- name: "Update snapshots: secret-inline"
run: yarn run projen integ:secret-inline:snapshot
- name: "Update snapshots: secret-asset"
run: yarn run projen integ:secret-asset:snapshot
- name: "Update snapshots: secret-multikms"
run: yarn run projen integ:secret-multikms:snapshot
- name: "Update snapshots: secret-manual"
run: yarn run projen integ:secret-manual:snapshot
- name: build
run: npx projen build
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
flags: cdk
directory: coverage
- name: Find mutations
id: self_mutation
run: |-
git add .
git diff --staged --patch --exit-code > .repo.patch || echo "self_mutation_happened=true" >> $GITHUB_OUTPUT
working-directory: ./
- name: Upload patch
if: steps.self_mutation.outputs.self_mutation_happened
uses: actions/upload-artifact@v4
with:
name: .repo.patch
path: .repo.patch
overwrite: true
- name: Fail build on mutation
if: steps.self_mutation.outputs.self_mutation_happened
run: |-
echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch."
cat .repo.patch
exit 1
- name: Backup artifact permissions
run: cd dist && getfacl -R . > permissions-backup.acl
continue-on-error: true
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: build-artifact
path: dist
overwrite: true
container:
image: jsii/superchain:1-buster-slim-node16
self-mutation:
needs:
- build
- zipper
runs-on: ubuntu-latest
permissions:
contents: write
if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository)
steps:
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Download zipper artifacts
uses: actions/download-artifact@v4
with:
name: zipper
path: assets
- name: Download patch
uses: actions/download-artifact@v4
with:
name: .repo.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."'
- name: Set git identity
run: |-
git config user.name "github-actions"
git config user.email "github-actions@github.com"
- name: Push changes
env:
PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }}
run: |-
git add .
git commit -s -m "chore: self mutation"
git push origin HEAD:$PULL_REQUEST_REF
package-js:
needs:
- build
- zipper
runs-on: ubuntu-latest
permissions: {}
if: "! needs.build.outputs.self_mutation_happened"
steps:
- uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Download zipper artifacts
uses: actions/download-artifact@v4
with:
name: zipper
path: assets
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Prepare Repository
run: mv dist .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Create js artifact
run: cd .repo && npx projen package:js
- name: Collect js Artifact
run: mv .repo/dist dist
package-java:
needs:
- build
- zipper
runs-on: ubuntu-latest
permissions: {}
if: "! needs.build.outputs.self_mutation_happened"
steps:
- uses: actions/setup-java@v4
with:
distribution: corretto
java-version: "11"
- uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Download zipper artifacts
uses: actions/download-artifact@v4
with:
name: zipper
path: assets
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Prepare Repository
run: mv dist .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Create java artifact
run: cd .repo && npx projen package:java
- name: Collect java Artifact
run: mv .repo/dist dist
package-python:
needs:
- build
- zipper
runs-on: ubuntu-latest
permissions: {}
if: "! needs.build.outputs.self_mutation_happened"
steps:
- uses: actions/setup-node@v4
with:
node-version: 18.x
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Download zipper artifacts
uses: actions/download-artifact@v4
with:
name: zipper
path: assets
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Prepare Repository
run: mv dist .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Create python artifact
run: cd .repo && npx projen package:python
- name: Collect python Artifact
run: mv .repo/dist dist
package-dotnet:
needs:
- build
- zipper
runs-on: ubuntu-latest
permissions: {}
if: "! needs.build.outputs.self_mutation_happened"
steps:
- uses: actions/setup-node@v4
with:
node-version: 18.x
- uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Download zipper artifacts
uses: actions/download-artifact@v4
with:
name: zipper
path: assets
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Prepare Repository
run: mv dist .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Create dotnet artifact
run: cd .repo && npx projen package:dotnet
- name: Collect dotnet Artifact
run: mv .repo/dist dist
gobuild:
name: gobuild
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: "Temporary workaround Checkout Issue #760 "
run: git config --global --add safe.directory /__w/cdk-sops-secrets/cdk-sops-secrets
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Fetch all tags
run: git fetch --force --tags
- name: Test
run: scripts/lambda-test.sh
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
files: ./coverage/coverage.out
flags: go-lambda
- name: Build
run: scripts/lambda-build.sh
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: gobuild
path: lambda/bootstrap
container:
image: golang:1.22-bullseye
zipper:
name: zipper
needs: gobuild
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Prepare
run: apk add zip git
- name: Temporary workaround
run: git config --global --add safe.directory /__w/cdk-sops-secrets/cdk-sops-secrets
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download gobuild artifacts
uses: actions/download-artifact@v4
with:
name: gobuild
path: lambda
- name: Zip
run: scripts/lambda-zip.sh
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: zipper
path: assets/cdk-sops-lambda.zip
container:
image: alpine:latest