Skip to content

chore(deps): update github/codeql-action action to v3.27.3 #3283

chore(deps): update github/codeql-action action to v3.27.3

chore(deps): update github/codeql-action action to v3.27.3 #3283

Workflow file for this run

name: build
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
CGO_ENABLED: '0'
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 2
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- name: Test
run: go test -v ./...
lint:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 2
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- name: Run golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
# renovate: datasource=go depName=github.com/golangci/golangci-lint
version: v1.61.0
codeql-analyze:
runs-on: ubuntu-latest
permissions:
security-events: write
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 2
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- name: Initialize CodeQL
uses: github/codeql-action/init@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
build:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
# full checkout for semantic-release
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 2
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- name: Build binaries
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
with:
# renovate: datasource=go depName=github.com/goreleaser/goreleaser
version: v2.4.4
args: build --clean --single-target --snapshot
semantic-release:
needs: [codeql-analyze, build, lint, test]
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
issues: write
packages: write
pull-requests: write
timeout-minutes: 45
steps:
# full checkout for semantic-release
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
# Use Deploy key with write access to push changelog to main branch (protected branch)
ssh-key: ${{ secrets.SEMANTIC_RELEASE_SSH_KEY }}
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- name: Set up GoReleaser
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
with:
# renovate: datasource=go depName=github.com/goreleaser/goreleaser
version: v2.4.4
install-only: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Semantic Release
uses: cycjimmy/semantic-release-action@b1b432f13acb7768e0c8efdec416d363a57546f2 # v4.1.1
with:
# renovate: datasource=npm depName=semantic-release
semantic_version: 24.2.0
dry_run: ${{ github.event_name == 'pull_request' }}
extra_plugins: |
conventional-changelog-conventionalcommits@8.0.0
@semantic-release/changelog@6.0.3
@semantic-release/exec@6.0.3
@semantic-release/git@10.0.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}