Skip to content

chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] #16

chore(deps): update module google.golang.org/protobuf to v1.33.0 [security]

chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] #16

Workflow file for this run

name: Branch
on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- "v*"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
actions: write
checks: write
contents: write
deployments: write
id-token: write
issues: write
discussions: write
packages: write
pages: write
pull-requests: write
repository-projects: write
security-events: write
statuses: write
jobs:
check:
strategy:
fail-fast: true
name: Chaincode project
runs-on: namespace-profile-fabric-chaincode
steps:
- name: Checkout
uses: namespacelabs/nscloud-checkout-action@v2
with:
submodules: recursive
- name: Setup caches
uses: namespacelabs/nscloud-cache-action@v1
with:
path: |
cache
out
~/.node_modules
- name: Install Cosign
uses: sigstore/cosign-installer@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASS }}
- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v5
with:
# list of Docker images to use as base name for tags
images: |
ghcr.io/settlemint/chaincode-go-empty
# generate Docker tags based on the following events/attributes
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
- name: Build and push
uses: docker/build-push-action@v5
id: build-and-push
with:
load: false
provenance: true
sbom: true
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
no-cache: true
- name: Sign the images with GitHub OIDC Token
env:
DIGEST: ${{ steps.build-and-push.outputs.digest }}
TAGS: ${{ steps.docker_meta.outputs.tags }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}