Skip to content

Commit

Permalink
Update some actions and configure dependabot to update actions (#1200)
Browse files Browse the repository at this point in the history 
Signed-off-by: Natalie Arellano <[email protected]>
  • Loading branch information
@natalieparellano
natalieparellano authored Sep 19, 2023
1 parent 874e2c1 commit 06ffeed
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 40 deletions.
4 changes: 4 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,7 @@ updates:
schedule:
interval: daily
open-pull-requests-limit: 10
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: daily
64 changes: 31 additions & 33 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
test-linux-amd64:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- name: Setup go
Expand Down Expand Up @@ -42,7 +42,7 @@ jobs:
test-linux-arm64:
runs-on: linux-arm64
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- name: Setup go
Expand All @@ -62,7 +62,7 @@ jobs:
git config --global core.autocrlf false
git config --global core.eol lf
git config --global core.symlinks true
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- name: Setup go
Expand Down Expand Up @@ -99,7 +99,7 @@ jobs:
run: |
make test
- name: Prepare Codecov
uses: crazy-max/ghaction-chocolatey@v2
uses: crazy-max/ghaction-chocolatey@v3
with:
args: install codecov -y
- name: Run Codecov
Expand All @@ -112,7 +112,7 @@ jobs:
- test-windows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
fetch-depth: 0 # fetch all history for all branches and tags
- name: Setup go
Expand All @@ -121,20 +121,18 @@ jobs:
check-latest: true
go-version-file: 'go.mod'
- name: Install Cosign
uses: sigstore/[email protected]
with:
cosign-release: 'v1.0.0'
uses: sigstore/cosign-installer@v3
- name: Set version
run: |
echo "LIFECYCLE_VERSION=$(go run tools/version/main.go)" | tee -a $GITHUB_ENV version.txt
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: version
path: version.txt
- name: Set tag
run: |
echo "LIFECYCLE_IMAGE_TAG=$(git describe --always --abbrev=7)" >> tag.txt
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: tag
path: tag.txt
Expand All @@ -143,43 +141,43 @@ jobs:
make clean
make build
make package
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-linux-x86-64
path: out/lifecycle-v*+linux.x86-64.tgz
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-linux-x86-64-sha256
path: out/lifecycle-v*+linux.x86-64.tgz.sha256
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-linux-arm64
path: out/lifecycle-v*+linux.arm64.tgz
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-linux-arm64-sha256
path: out/lifecycle-v*+linux.arm64.tgz.sha256
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-windows-x86-64
path: out/lifecycle-v*+windows.x86-64.tgz
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-windows-x86-64-sha256
path: out/lifecycle-v*+windows.x86-64.tgz.sha256
- name: Generate SBOM JSON
uses: CycloneDX/gh-gomod-generate-sbom@v1
uses: CycloneDX/gh-gomod-generate-sbom@v2
with:
args: mod -licenses -json -output lifecycle-v${{ env.LIFECYCLE_VERSION }}-bom.cdx.json
version: ^v1
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-bom-cdx
path: lifecycle-v*-bom.cdx.json
- name: Calculate SBOM sha
run: |
shasum -a 256 lifecycle-v${{ env.LIFECYCLE_VERSION }}-bom.cdx.json > lifecycle-v${{ env.LIFECYCLE_VERSION }}-bom.cdx.json.sha256
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-bom-cdx-sha256
path: lifecycle-v*-bom.cdx.json.sha256
Expand All @@ -188,7 +186,7 @@ jobs:
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: tag
- name: Set env
Expand All @@ -197,14 +195,14 @@ jobs:
- name: Rename cosign public key
run: |
cp cosign.pub lifecycle-v${{ env.LIFECYCLE_VERSION }}-cosign.pub
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-cosign-public-key
path: lifecycle-v${{ env.LIFECYCLE_VERSION }}-cosign.pub
- name: Calculate cosign sha
run: |
shasum -a 256 lifecycle-v${{ env.LIFECYCLE_VERSION }}-cosign.pub > lifecycle-v${{ env.LIFECYCLE_VERSION }}-cosign.pub.sha256
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: lifecycle-cosign-public-key-sha256
path: lifecycle-v${{ env.LIFECYCLE_VERSION }}-cosign.pub.sha256
Expand All @@ -231,11 +229,11 @@ jobs:
MANIFEST_SHA=$(docker manifest push buildpacksio/lifecycle:${LIFECYCLE_IMAGE_TAG})
echo "MANIFEST_SHA: $MANIFEST_SHA"
COSIGN_PASSWORD=${{ secrets.COSIGN_PASSWORD }} cosign sign -r \
-key <(echo -n "${{ secrets.COSIGN_PRIVATE_KEY }}" | base64 --decode) \
COSIGN_PASSWORD=${{ secrets.COSIGN_PASSWORD }} cosign sign -r --tlog-upload=false \
--key <(echo -n "${{ secrets.COSIGN_PRIVATE_KEY }}" | base64 --decode) \
-a tag=${LIFECYCLE_IMAGE_TAG} \
buildpacksio/lifecycle:${LIFECYCLE_IMAGE_TAG}@${MANIFEST_SHA}
cosign verify -key cosign.pub -a tag=${LIFECYCLE_IMAGE_TAG} buildpacksio/lifecycle:${LIFECYCLE_IMAGE_TAG}
cosign verify --insecure-ignore-tlog=true --key cosign.pub -a tag=${LIFECYCLE_IMAGE_TAG} buildpacksio/lifecycle:${LIFECYCLE_IMAGE_TAG}
- name: Scan image
if: github.event_name == 'push'
uses: anchore/scan-action@v3
Expand All @@ -246,7 +244,7 @@ jobs:
needs: build-and-publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
repository: 'buildpacks/pack'
path: 'pack'
Expand All @@ -256,17 +254,17 @@ jobs:
uses: actions/setup-go@v4
with:
go-version-file: 'pack/go.mod'
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: version
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: tag
- name: Set env
run: |
cat version.txt >> $GITHUB_ENV
cat tag.txt >> $GITHUB_ENV
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: lifecycle-linux-x86-64
path: pack
Expand All @@ -287,7 +285,7 @@ jobs:
git config --global core.autocrlf false
git config --global core.eol lf
git config --global core.symlinks true
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
repository: 'buildpacks/pack'
path: 'pack'
Expand Down Expand Up @@ -327,17 +325,17 @@ jobs:
${IPAddress} host.docker.internal
${IPAddress} gateway.docker.internal
" | Out-File -Filepath C:\Windows\System32\drivers\etc\hosts -Encoding utf8
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: version
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: tag
- name: Set env
run: |
cat version.txt >> $env:GITHUB_ENV
cat tag.txt >> $env:GITHUB_ENV
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v3
with:
name: lifecycle-windows-x86-64
path: pack
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/check-latest-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
runs-on:
- ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
check-latest: true
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/draft-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ jobs:
draft-release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Install jq
run: |
mkdir -p deps/bin
Expand All @@ -24,7 +24,8 @@ jobs:
echo "LIFECYCLE_VERSION=$version" >> $GITHUB_ENV
- name: Determine download urls for linux-x86-64, linux-arm64, and windows
id: artifact-urls
uses: actions/[email protected]
# FIXME: this script should be updated to work with actions/github-script@v6
uses: actions/github-script@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand Down
6 changes: 2 additions & 4 deletions .github/workflows/post-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
retag-lifecycle-images:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v4
with:
Expand All @@ -19,9 +19,7 @@ jobs:
run: |
go install github.com/google/go-containerregistry/cmd/crane@latest
- name: Install cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'
uses: sigstore/cosign-installer@v3
- uses: azure/docker-login@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
Expand Down

0 comments on commit 06ffeed

Please sign in to comment.