Upgrade kubectl, github actions, add attestation (#167)

cash-track · Nov 15, 2024 · 58777f5 · 58777f5
2 parents d905709 + 193396c
commit 58777f5
Show file tree

Hide file tree

Showing 5 changed files with 605 additions and 520 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -6,6 +6,7 @@ on:
     types: [ published ]
 
 env:
+  REGISTRY: docker.io
   REPO: cashtrack/api
 
 jobs:
@@ -14,6 +15,8 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
+      attestations: write
 
     steps:
       - name: Checkout repository
@@ -52,7 +55,8 @@ jobs:
       # Build and push Docker image with Build (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
+        id: push
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
@@ -61,3 +65,11 @@ jobs:
           build-args: |
             GIT_COMMIT=${{ github.sha }}
             GIT_TAG=${{ github.ref_name }}
+
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        id: attest
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.REPO }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -13,7 +13,7 @@ env:
   INFRA_REPO_REF: main
   CLUSTER: k8s-cash-track
   NAMESPACE: cash-track
-  KUBECTL_BIN: https://storage.googleapis.com/kubernetes-release/release/v1.27.4/bin/linux/amd64/kubectl
+  KUBECTL_BIN: https://storage.googleapis.com/kubernetes-release/release/v1.31.0/bin/linux/amd64/kubectl
 
 jobs:
   deploy:

diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
@@ -144,7 +144,7 @@ jobs:
 
       - name: Upload Coverage To Codecov
         continue-on-error: true
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./coverage.xml
diff --git a/composer.json b/composer.json
@@ -31,7 +31,7 @@
         "spiral-packages/scheduler": "^2.1",
         "spiral/cycle-bridge": "^2.9",
         "spiral/filters-bridge": "^1.0",
-        "spiral/framework": "^3.12",
+        "spiral/framework": "3.13.0",
         "spiral/nyholm-bridge": "^1.3",
         "spiral/roadrunner-bridge": "^3.5.0",
         "spiral/roadrunner-cli": "^2.6",