Update vendoring for golang.org/x/sys 0.27.0 #239
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| # Run automatically when pushing a commit or tag. | |
| push: | |
| # Run automatically once a week (at 05:30 on fridays) | |
| # to check against any updated vulnerability information | |
| # regardless if our own code has changed. | |
| schedule: | |
| - cron: '30 5 * * 5' | |
| # Support manually running the workflow. | |
| workflow_dispatch: | |
| # Configurable input properties when running manually. | |
| inputs: | |
| # Option to run go-releaser, by default publishing a (draft) release from latest tag. | |
| release: | |
| description: Run GoReleaser step | |
| type: boolean | |
| # Additional option, when option release is true, to run as snapshot build from | |
| # latest commit instead of latest tag and without publishing as a release. | |
| snapshot: | |
| description: GoReleaser Snapshot mode (latest commit, no publishing) | |
| type: boolean | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: windows-latest | |
| steps: | |
| # Configure git to keep LF on Windows, since linters such as goimports assumes this. | |
| - id: git-config | |
| name: Configure git | |
| run: git config --global core.autocrlf false | |
| # Checkout the source code. | |
| - id: git-checkout | |
| name: Checkout source | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history, required for the GoReleaser changelog to work correctly. | |
| show-progress: false | |
| # Install go on the runner. | |
| - id: go-setup | |
| name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true # Don't use a locally cached version of Go without first checking if it is up-to-date. | |
| # Initialize CodeQL (GitHub vulnerability analysis). | |
| # NOTE: Skipping (this and all other CodeQL related) if running Dependabot PR, | |
| # since it runs with read-only token by default and therefore the Post Setup CodeQL | |
| # will produce error when trying to upload code scanning results | |
| - id: codeql-init | |
| name: Setup CodeQL | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: go | |
| # Build. | |
| # The golangci-lint step will implicitely build the code, and if creating | |
| # a release goreleaser will do it as well, but here we do an explicit build | |
| # required for CodeQL while its indirect build tracing is active. | |
| - id: go-build | |
| name: Build source | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| run: go build -x ./... | |
| # Run CodeQL analysis. | |
| # This finalizes the database and ends tracing (but note that trace-related | |
| # environment variables will still be left behind, see | |
| # https://github.com/github/codeql-action/blob/e683046da183a09174d531cc43713853e27debb3/src/analyze.ts#L583-L588). | |
| - id: codeql-analyze | |
| name: Run CodeQL | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| uses: github/codeql-action/analyze@v3 | |
| # Run govulncheck (Go vulnerability analysis). | |
| # Currently manual install and execution, not using separate action. | |
| - id: get-govulncheck | |
| name: Setup govulncheck | |
| run: go install golang.org/x/vuln/cmd/govulncheck@latest | |
| - id: run-govulncheck | |
| name: Run govulncheck | |
| run: govulncheck ./... | |
| # Run linting on the source code. | |
| - id: go-lint | |
| name: Run linting | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: latest | |
| # If pushing v* tag, or manual run with option release: Clean workspace to remove remnants from the linter. | |
| # This will remove "undefined/", which avoids go-release failing with: | |
| # git is currently in a dirty state | |
| # Please check in your pipeline what can be changing the following files: | |
| # ?? undefined/ | |
| - id: clean | |
| name: Clean before go release (if pushing v-tag or triggered manually) | |
| if: inputs.release || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) | |
| run: git clean -xdf | |
| # If pushing v* tag, or manual run with option "release" but not "snapshot": Build and create release from latest tag. | |
| # Note: If manual run it must be on the tag (same commit), or else go-releaser will fail with: "git tag <tag_name> was not made against commit <commit_hash>", | |
| # and one must consider using the snapshot mode instead (see below). | |
| - id: go-release-tag | |
| name: Run go release tag (if pushing v-tag or triggered manually) | |
| uses: goreleaser/goreleaser-action@v6 | |
| if: (inputs.release && !inputs.snapshot) || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) | |
| with: | |
| version: latest | |
| args: release --clean | |
| env: | |
| GOVERSION: ${{ steps.go-setup.outputs.go-version }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # If manual run with options "release" and "snapshot": Build latest commit without publishing a release. | |
| - id: go-release-snapshot | |
| name: Run go release snapshot (if triggered manually) | |
| uses: goreleaser/goreleaser-action@v6 | |
| if: inputs.release && inputs.snapshot | |
| with: | |
| version: latest | |
| args: release --clean --snapshot | |
| env: | |
| GOVERSION: ${{ steps.go-setup.outputs.go-version }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |