Skip to content

chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7 #1671

chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7

chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7 #1671

Workflow file for this run

name: build
concurrency:
group: ${{ github.head_ref || github.ref_name }}
cancel-in-progress: true
on:
push:
tags:
- v*
branches:
- main
paths:
- "go.*"
- "**/*.go"
- "Taskfile.yml"
- "Dockerfile"
- ".github/workflows/*.yml"
- "testdata/**"
- ".goreleaser.yml"
pull_request:
paths:
- "go.*"
- "**/*.go"
- "Taskfile.yml"
- "Dockerfile"
- ".github/workflows/*.yml"
- "testdata/**"
- ".goreleaser.yml"
permissions:
contents: read
jobs:
govulncheck:
uses: caarlos0/meta/.github/workflows/govulncheck.yml@main
with:
go-version: stable
semgrep:
uses: caarlos0/meta/.github/workflows/semgrep.yml@main
ruleguard:
uses: caarlos0/meta/.github/workflows/ruleguard.yml@main
with:
go-version: stable
args: "-disable largeloopcopy"
unit-tests:
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: stable
- uses: arduino/setup-task@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- run: task setup
- run: task test
- uses: codecov/codecov-action@v4
if: matrix.os == 'ubuntu-latest'
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./coverage.txt
acceptance-tests:
strategy:
matrix:
pkgFormat: [deb, rpm, apk, archlinux, ipk]
pkgPlatform: [amd64, arm64, 386, ppc64le, armv6, armv7, s390x]
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
NO_TEST_PPC64LE: "true"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: stable
- uses: arduino/setup-task@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- run: task setup
- run: task acceptance
env:
TEST_PATTERN: "/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/"
windows-build-pkgs:
needs: [unit-tests]
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: stable
- uses: arduino/setup-task@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- shell: bash
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
with:
path: dist/
key: ${{ env.sha_short }}
enableCrossOsArchive: true
- run: task acceptance:windows:package
install-windows-pkgs:
runs-on: ubuntu-latest
needs: [windows-build-pkgs]
steps:
- uses: docker/setup-qemu-action@v3
- uses: actions/checkout@v4
- uses: arduino/setup-task@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- shell: bash
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
with:
path: dist/
key: ${{ env.sha_short }}
enableCrossOsArchive: true
- run: task acceptance:windows:install
dependabot:
needs: [unit-tests, acceptance-tests, install-windows-pkgs]
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: write
if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
steps:
- id: metadata
uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- run: |
gh pr review --approve "$PR_URL"
gh pr merge --squash --auto "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}