fix: update grpc to v1.59.0 to solve CVE-2023-44487 #391
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: ci | |
on: | |
pull_request: | |
push: | |
branches: | |
- 'release/**' | |
jobs: | |
yamllint: | |
name: yamllint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
- name: yaml-lint | |
uses: ibiqlik/action-yamllint@v1 | |
with: | |
config_file: .ci/yamllint.yml | |
strict: true | |
build-and-test: | |
name: build and test | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v2 | |
- name: Setup Go | |
uses: actions/setup-go@v1 | |
with: | |
go-version: 1.20.5 | |
- name: Build | |
run: go build -race ./... | |
- name: Test | |
run: go test -race ./... | |
golangci-lint: | |
name: golangci-lint | |
runs-on: ubuntu-latest | |
if: github.repository != 'networkservicemesh/cmd-template' | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Setup Go | |
uses: actions/setup-go@v1 | |
with: | |
go-version: 1.20.5 | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: v1.53.3 | |
excludeFmtErrorf: | |
name: exclude fmt.Errorf | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Exclude fmt.Errorf | |
run: | | |
if grep -r --include=*.go fmt.Errorf . ; then | |
echo "Please use errors.Errorf (or errors.New or errors.Wrap or errors.Wrapf) as appropriate rather than fmt.Errorf" | |
exit 1 | |
fi | |
restrictNSMDeps: | |
name: Restrict dependencies on github.com/networkservicemesh/* | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Restrict dependencies on github.com/networkservicemesh/* | |
run: | | |
for i in $(grep github.com/networkservicemesh/ go.mod | grep -v '^module' | sed 's;.*\(github.com\/networkservicemesh\/[^ ]*\).*;\1;g');do | |
echo Dependency on "${i}" is forbidden | |
exit 1 | |
done | |
checkgomod: | |
name: check go.mod and go.sum | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-go@v1 | |
with: | |
go-version: 1.20.5 | |
- run: go mod tidy | |
- name: Check for changes in go.mod or go.sum | |
run: | | |
git diff --name-only --exit-code go.mod || ( echo "Run go tidy" && false ) | |
git diff --name-only --exit-code go.sum || ( echo "Run go tidy" && false ) | |
gogenerate: | |
name: Check generated files | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: arduino/setup-protoc@v1 | |
with: | |
version: '3.14.0' | |
- uses: actions/setup-go@v1 | |
with: | |
go-version: 1.20.5 | |
- name: Generate files | |
run: go generate ./... | |
- name: Check for changes in generated code | |
run: | | |
git diff -- '*.pb.go' || (echo "Rerun go generate ./... locally and resubmit" && exit -1) | |
excludereplace: | |
name: Exclude replace in go.mod | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v2 | |
- name: Exclude replace in go.mod | |
run: | | |
grep ^replace go.mod || exit 0 | |
exit 1 |