feat: update dependencies and tools #451

Workflow file for this run

	name: Continuous Integration Pipeline
	on:
	push:
	branches:
	- main
	tags:
	- "*"
	pull_request:
	branches:
	- main
	paths-ignore:
	- "*/.md"
	- docs/**
	- examples/**

	env:
	GOLANGCI_LINT_VERSION: v2.5.0
	jobs:
	lint:
	name: Lint Code
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	show-progress: false
	- name: Setup Golang
	uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
	with:
	go-version-file: go.mod
	cache: false
	- name: golangci-lint
	uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
	with:
	version: ${{ env.GOLANGCI_LINT_VERSION }}

	test:
	name: Testing on ${{ matrix.os }}
	strategy:
	matrix:
	os:
	- ubuntu-latest
	runs-on: ${{ matrix.os }}
	steps:
	- name: Checkout Repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	show-progress: false
	- name: Setup Golang
	uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
	with:
	go-version-file: go.mod
	- name: Run Test Coverage
	run: make ci

	publish-docker:
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: write
	packages: write
	id-token: write
	needs:
	- lint
	- test
	if: github.event_name == 'push'
	steps:
	- name: Checkout Repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	show-progress: false
	- name: Docker Login to GitHub Repository
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Docker Login to DockerHub
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	username: ${{ secrets.BOT_DOCKER_USERNAME }}
	password: ${{ secrets.BOT_DOCKER_TOKEN }}
	- name: Docker Login to Mia registry
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: nexus.mia-platform.eu
	username: ${{ secrets.NEXUS_USER }}
	password: ${{ secrets.NEXUS_TOKEN }}
	- name: Install Cosign
	uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
	- name: Set up QEMU
	uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
	with:
	platforms: amd64,arm64
	- name: Configure docker metadata
	id: meta
	uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
	env:
	DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
	with:
	images: \|
	ghcr.io/mia-platform/integration-connector-agent
	docker.io/miaplatform/integration-connector-agent
	nexus.mia-platform.eu/plugins/integration-connector-agent
	tags: \|
	type=raw,value=latest,enable={{is_default_branch}}
	type=semver,pattern={{version}}
	labels: \|
	org.opencontainers.image.authors=Mia Platform Core Team<[email protected]>
	org.opencontainers.image.vendor=Mia s.r.l.
	annotations: \|
	org.opencontainers.image.authors=Mia Platform Core Team<[email protected]>
	org.opencontainers.image.vendor=Mia s.r.l.
	- name: Setup Buildx Context
	uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
	id: buildx
	with:
	platforms: linux/amd64,linux/arm64
	- name: Build and push
	id: docker-build
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	with:
	context: .
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	annotations: ${{ steps.meta.outputs.annotations }}
	platforms: ${{ steps.buildx.outputs.platforms }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	- name: Scan image
	uses: sysdiglabs/scan-action@0065d3b93bd4115371b55720251adb1d228fe188 # v5.1.1
	with:
	image-tag: nexus.mia-platform.eu/plugins/integration-connector-agent:${{ steps.meta.outputs.version }}
	sysdig-secure-url: "https://eu1.app.sysdig.com"
	sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN }}
	registry-user: ${{ secrets.NEXUS_USER }}
	registry-password: ${{ secrets.NEXUS_TOKEN }}
	stop-on-processing-error: true
	- name: Generate SBOM
	uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
	if: github.ref_type == 'tag'
	with:
	artifact-name: integration-connector-agent-sbom.spdx.json
	output-file: ./integration-connector-agent-sbom.spdx.json
	image: nexus.mia-platform.eu/plugins/integration-connector-agent:${{ steps.meta.outputs.version }}
	upload-release-assets: true
	- name: GCP Auth
	uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
	if: github.ref_type == 'tag'
	with:
	project_id: ${{ secrets.MIA_PLATFORM_KMS_GCP_PROJECT }}
	workload_identity_provider: ${{ secrets.MIA_PLATFORM_WIF }}
	create_credentials_file: true
	- name: Sign image with a key
	if: github.ref_type == 'tag'
	run: \|
	for tag in ${TAGS}; do
	image="${tag}@${DIGEST}"
	cosign sign --recursive --yes --key "${COSIGN_PRIVATE_KEY}" "${image}"
	cosign attest --yes --key "${COSIGN_PRIVATE_KEY}" --predicate "integration-connector-agent-sbom.spdx.json" --type="spdxjson" "${image}"
	done
	env:
	TAGS: \|
	ghcr.io/mia-platform/integration-connector-agent:${{ steps.meta.outputs.version }}
	docker.io/miaplatform/integration-connector-agent:${{ steps.meta.outputs.version }}
	nexus.mia-platform.eu/plugins/integration-connector-agent:${{ steps.meta.outputs.version }}
	DIGEST: ${{ steps.docker-build.outputs.digest }}
	COSIGN_PRIVATE_KEY: ${{ secrets.MIA_PLATFORM_KEY_KMS }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: update dependencies and tools #451

Workflow file

feat: update dependencies and tools #451

Uh oh!

Jobs

Run details

Workflow file for this run