Update module golang.org/x/vuln to v1.2.0 (#34) #402
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-and-test | |
| on: | |
| push: | |
| branches-ignore: | |
| - 'renovate/**' | |
| - 'dependabot/**' | |
| pull_request: | |
| workflow_call: | |
| inputs: | |
| mode: | |
| type: string | |
| required: true | |
| default: snapshot | |
| description: | | |
| the mode to use. either `snapshot` or `release`. Will affect effective version, as well | |
| as target-oci-registry. | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| run-tests: | |
| strategy: | |
| matrix: | |
| go-version: [1.26.x] | |
| os: [ubuntu-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-go@v6 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| check-latest: true | |
| - name: Check Go module dependencies | |
| run: | | |
| set -eu | |
| make gotidy | |
| git diff -s --exit-code || ( echo 'Go module dependencies are of date, please run "make gotidy"' && exit 1 ) | |
| - name: Check API reference docs | |
| run: | | |
| set -eu | |
| make api-ref-docs | |
| git diff -s --exit-code || ( echo 'Generated API reference docs are of date, please run "make api-ref-docs"' && exit 1 ) | |
| - name: Check generate | |
| run: | | |
| set -eu | |
| make generate | |
| git diff -s --exit-code || ( echo 'Generated files are of date, please run "make generate"' && exit 1 ) | |
| - name: Check license headers | |
| run: | | |
| set -eu | |
| make checklicense | |
| - name: Check for vulnerabilities | |
| run: | | |
| set -eu | |
| make govulncheck | |
| - name: Run linter | |
| run: | | |
| set -eu | |
| make goimports-reviser lint | |
| - name: Run tests | |
| run: | | |
| set -eu | |
| make test | |
| - name: Build binary | |
| run: | | |
| set -eu | |
| make build | |
| prepare: | |
| if: inputs.mode != '' | |
| uses: gardener/cc-utils/.github/workflows/prepare.yaml@v1 | |
| with: | |
| mode: ${{ inputs.mode }} | |
| version-commit-callback-action-path: .github/actions/prepare-release | |
| permissions: | |
| id-token: write | |
| oci-images: | |
| name: Build OCI-Images | |
| if: inputs.mode != '' | |
| needs: | |
| - run-tests | |
| - prepare | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| secrets: inherit | |
| uses: gardener/cc-utils/.github/workflows/oci-ocm.yaml@v1 | |
| with: | |
| name: gardener-extension-shoot-traefik | |
| version: ${{ needs.prepare.outputs.version }} | |
| target: gardener-extension-shoot-traefik | |
| oci-registry: ${{ needs.prepare.outputs.oci-registry }} | |
| oci-repository: gardener/extensions/gardener-extension-shoot-traefik | |
| oci-platforms: linux/amd64,linux/arm64 | |
| extra-tags: latest | |
| helmcharts: | |
| name: Build Helmcharts | |
| if: inputs.mode != '' | |
| needs: | |
| - prepare | |
| - oci-images | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| uses: gardener/cc-utils/.github/workflows/helmchart-ocm.yaml@v1 | |
| strategy: | |
| matrix: | |
| args: | |
| - name: gardener-extension-shoot-traefik | |
| dir: charts/gardener-extension-shoot-traefik | |
| oci-repository: charts/gardener/extensions | |
| ocm-mappings: | |
| - ref: ocm-resource:gardener-extension-shoot-traefik.repository | |
| attribute: image.repository | |
| - ref: ocm-resource:gardener-extension-shoot-traefik.tag | |
| attribute: image.tag | |
| - name: admission-shoot-traefik-application | |
| dir: charts/gardener-extension-admission-shoot-traefik/charts/application | |
| oci-repository: charts/gardener/extensions | |
| ocm-mappings: | |
| - ref: ocm-resource:gardener-extension-shoot-traefik.repository | |
| attribute: image.repository | |
| - ref: ocm-resource:gardener-extension-shoot-traefik.tag | |
| attribute: image.tag | |
| - name: admission-shoot-traefik-runtime | |
| dir: charts/gardener-extension-admission-shoot-traefik/charts/runtime | |
| oci-repository: charts/gardener/extensions | |
| ocm-mappings: | |
| - ref: ocm-resource:gardener-extension-shoot-traefik.repository | |
| attribute: image.repository | |
| - ref: ocm-resource:gardener-extension-shoot-traefik.tag | |
| attribute: image.tag | |
| with: | |
| name: ${{ matrix.args.name }} | |
| dir: ${{ matrix.args.dir }} | |
| oci-registry: ${{ needs.prepare.outputs.oci-registry }} | |
| oci-repository: ${{ matrix.args.oci-repository }} | |
| ocm-mappings: ${{ toJSON(matrix.args.ocm-mappings) }} | |
| build-only: | |
| if: inputs.mode == '' | |
| needs: | |
| - run-tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Build OCI image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| push: false | |
| tags: gardener-extension-shoot-traefik:latest |