Skip to content

fix(deps): update rust crate serde to v1.0.214 - autoclosed #121

fix(deps): update rust crate serde to v1.0.214 - autoclosed

fix(deps): update rust crate serde to v1.0.214 - autoclosed #121

Workflow file for this run

name: Rust
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
workflow_dispatch:
# Automatically cancel in-progress actions on the same branch
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }}
cancel-in-progress: true
env:
DOCKER_CONTAINER_IMAGE_BASE: lhr.ocir.io/lrdyqp2xtoja/cd-webhooks-forwarder
# get correct commit sha for pull requests as well
COMMIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
target:
- rust: aarch64-unknown-linux-musl
docker: linux/arm64
# nix: aarch64-linux
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2
with:
cache-all-crates: "true"
- run: cargo install cross
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
# nix dev shell setup
- uses: DeterminateSystems/nix-installer-action@main
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # v12
with: {name: "nix-community"}
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: test
run: nix develop -c cargo test
- name: build
run: nix develop -c cross build --target ${{ matrix.target.rust }} --release
- name: Login to Docker registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
with:
registry: lhr.ocir.io
username: ${{ secrets.OCIR_USERNAME }}
password: ${{ secrets.OCIR_TOKEN }}
- name: Docker meta tags generator
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
# use correct sha for pr commits
env:
DOCKER_METADATA_PR_HEAD_SHA: true
with:
images: |
${{ env.DOCKER_CONTAINER_IMAGE_BASE }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=edge
type=sha,format=long
- name: Build Dockerfile
id: build-and-push-action-1
uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3
with:
context: .
file: Dockerfile
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha
platforms: ${{ matrix.target.docker }}
build-args: |
RUST_TARGET_DIR=target/${{ matrix.target.rust }}/release
- run: docker push --all-tags $DOCKER_CONTAINER_IMAGE_BASE
- name: get image digest
id: docker-image-digest
run: |
# get digest of pushed image, and get rid of everything up to the actual digest (i.e. remove the repo and name)
DOCKER_IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${DOCKER_CONTAINER_IMAGE_BASE}:sha-${COMMIT_SHA} | sed 's/.*@//')
echo docker_image_digest=$DOCKER_IMAGE_DIGEST >> $GITHUB_OUTPUT
echo "image digest: \`${DOCKER_IMAGE_DIGEST}\`" >> $GITHUB_STEP_SUMMARY
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.DOCKER_CONTAINER_IMAGE_BASE }}:sha-${{ env.COMMIT_SHA }}
format: "table"
exit-code: "1"
ignore-unfixed: true
severity: "CRITICAL"
outputs:
pushed-image-digest: ${{ steps.docker-image-digest.outputs.docker_image_digest }}
deploy:
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
token: ${{ secrets.WRITE_BACK_TO_REPO_TOKEN }}
- name: install kustomize
id: kustomize-installation
run: |
curl -sfLo kustomize.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv4.5.7/kustomize_v4.5.7_linux_amd64.tar.gz
tar xzf ./kustomize.tar.gz
echo "KUSTOMIZE_COMMAND=$PWD/kustomize" >> $GITHUB_OUTPUT
- name: Update kustomization for new image
# in 'prod' folder
env:
KUSTOMIZE_COMMAND: ${{ steps.kustomize-installation.outputs.KUSTOMIZE_COMMAND }}
run: |
cd k8s/overlays/prod
# update image digest
$KUSTOMIZE_COMMAND edit set image \
${DOCKER_CONTAINER_IMAGE_BASE}=${DOCKER_CONTAINER_IMAGE_BASE}:sha-${COMMIT_SHA}@${{ needs.build.outputs.pushed-image-digest }}
- name: Update version label
uses: mikefarah/yq@dd648994340a5d03225d97abf19c9bf1086c3f07 # v4.40.5
with:
cmd: yq -i '.labels[].pairs."app.kubernetes.io/version" = strenv(COMMIT_SHA)' k8s/overlays/prod/kustomization.yaml
- name: Commit to git
run: |
git config user.name github-actions
git config user.email [email protected]
git add k8s/overlays/prod
git commit -m "update: image to version $COMMIT_SHA
[no ci]"
git pull --rebase
git push
echo "Committed to infra" >> $GITHUB_STEP_SUMMARY