fix: Update module github.com/d0ugal/promexporter to v1.13.4 #527
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, 'release-please--branches--main' ] | |
| pull_request: | |
| paths-ignore: | |
| - CHANGELOG.md | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref }} | |
| sha: ${{ github.sha }} | |
| - name: Set up Go 1.25 | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.25' | |
| - name: Install dependencies | |
| run: go mod download | |
| - name: Run tests | |
| run: go test -v -race -coverprofile=coverage.txt -covermode=atomic ./... | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| files: ./coverage.txt | |
| flags: unittests | |
| name: codecov-umbrella | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref }} | |
| sha: ${{ github.sha }} | |
| - name: Run linting using Makefile | |
| run: make lint-only | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref }} | |
| sha: ${{ github.sha }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.25' | |
| - name: Build | |
| run: | | |
| go build -v -ldflags="-s -w" -o ghcr-exporter ./cmd | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: ghcr-exporter | |
| path: ghcr-exporter | |
| retention-days: 30 | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref }} | |
| sha: ${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'table' | |
| exit-code: '1' | |
| severity: 'CRITICAL,HIGH' | |
| check-build-needed: | |
| name: Check if build is needed | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| outputs: | |
| should-build: ${{ steps.check.outputs.should-build }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref }} | |
| sha: ${{ github.sha }} | |
| - name: Check if build should be skipped | |
| id: check | |
| run: | | |
| # Only check for push events (dev-build only runs on push to main) | |
| if [ "${{ github.event_name }}" != "push" ]; then | |
| echo "should-build=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| # Get the current commit SHA | |
| CURRENT_SHA="${{ github.sha }}" | |
| # Get commit message from git log | |
| COMMIT_MSG=$(git log -1 --format="%s" "$CURRENT_SHA" 2>/dev/null || echo "") | |
| echo "Checking commit: $CURRENT_SHA" | |
| echo "Commit message: $COMMIT_MSG" | |
| # Check if it's a release commit (pattern: "chore(main): release" or similar) | |
| # BUT: Always run CI for release-please branches and PRs | |
| if echo "$COMMIT_MSG" | grep -qiE "^(chore|release|version).*(release|version|changelog)"; then | |
| # Check if this is from a release-please branch or PR (should always run CI) | |
| if echo "${{ github.ref }}" | grep -qiE "release-please" || echo "${{ github.head_ref }}" | grep -qiE "release-please"; then | |
| echo "Release commit from release-please branch/PR - running CI" | |
| echo "should-build=true" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| # Check if commit message explicitly says to skip CI | |
| if echo "$COMMIT_MSG" | grep -qiE "[skip ci]|[ci skip]|skip ci"; then | |
| echo "Skip reason: [skip ci] detected in commit message" | |
| echo "should-build=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| echo "Skip reason: Release commit detected (not from release-please branch)" | |
| echo "should-build=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| # For push events, check changed files against base branch | |
| BASE_SHA="${{ github.event.before }}" | |
| HEAD_SHA="${{ github.event.after }}" | |
| if [ -z "$BASE_SHA" ] || [ "$BASE_SHA" = "0000000000000000000000000000000000" ]; then | |
| # Initial commit or no base, check all files | |
| CHANGED_FILES=$(git ls-tree -r --name-only HEAD) | |
| else | |
| # Get list of changed files | |
| CHANGED_FILES=$(git diff --name-only "$BASE_SHA" "$HEAD_SHA") | |
| fi | |
| if [ -z "$CHANGED_FILES" ]; then | |
| echo "No changed files detected, skipping build" | |
| echo "should-build=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| # Documentation file patterns to ignore | |
| DOC_PATTERNS="^README\.md$|^CHANGELOG\.md$|^docs/|\.md$|^LICENSE" | |
| # Check if all changed files are documentation | |
| NON_DOC_FILES=$(echo "$CHANGED_FILES" | grep -vE "$DOC_PATTERNS" || true) | |
| if [ -z "$NON_DOC_FILES" ]; then | |
| echo "Skip reason: Only documentation files changed" | |
| echo "Changed files:" | |
| echo "$CHANGED_FILES" | sed 's/^/ - /' | |
| echo "should-build=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "Build needed: Non-documentation files changed" | |
| echo "Non-doc files:" | |
| echo "$NON_DOC_FILES" | sed 's/^/ - /' | |
| echo "should-build=true" >> $GITHUB_OUTPUT | |
| fi | |
| dev-build: | |
| name: Development Build | |
| runs-on: ubuntu-latest | |
| needs: [test, check-build-needed] | |
| if: needs.check-build-needed.outputs.should-build == 'true' | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref }} | |
| sha: ${{ github.sha }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate dev tag | |
| id: meta | |
| run: | | |
| # Create a semver-compatible dev tag with commits since last release and commit SHA | |
| SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) | |
| # Get the last release tag (excluding pre-release tags) | |
| LAST_TAG=$(git describe --tags --abbrev=0 --match="v[0-9]*.[0-9]*.[0-9]*" 2>/dev/null || echo "") | |
| if [ -z "$LAST_TAG" ]; then | |
| # No release tags found, use 0.0.0 and count all commits | |
| VERSION="0.0.0" | |
| COMMIT_COUNT=$(git rev-list --count HEAD) | |
| else | |
| # Extract version from tag (remove 'v' prefix) | |
| VERSION=${LAST_TAG#v} | |
| # Count commits since last release | |
| COMMIT_COUNT=$(git rev-list --count ${LAST_TAG}..HEAD) | |
| fi | |
| DEV_TAG="v${VERSION}-dev.${COMMIT_COUNT}.${SHORT_SHA}" | |
| echo "dev_tag=${DEV_TAG}" >> $GITHUB_OUTPUT | |
| echo "Last release tag: ${LAST_TAG:-'none'}" | |
| echo "Base version: ${VERSION}" | |
| echo "Commits since last release: ${COMMIT_COUNT}" | |
| echo "Generated dev tag: ${DEV_TAG}" | |
| - name: Extract metadata | |
| id: docker_meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| ${{ steps.meta.outputs.dev_tag }} | |
| dev | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.docker_meta.outputs.tags }} | |
| labels: ${{ steps.docker_meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=min | |
| build-args: | | |
| VERSION=${{ steps.meta.outputs.dev_tag }} | |
| COMMIT=${{ github.sha }} | |
| BUILD_DATE=${{ github.event.head_commit.timestamp }} |