Skip to content

build(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0 #2424

build(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0

build(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0 #2424

Workflow file for this run

# - When a third-party action is added (i.e., `uses`), please also add it to `download-licenses` in Makefile.
# - When a job is added/removed/renamed, please make corresponding changes in ci-docs.yaml.
name: CI
on:
push:
branches:
- main
paths-ignore:
- '**.md'
- 'contrib/**'
- '.github/CODEOWNERS'
pull_request:
branches:
- main
paths-ignore:
- '**.md'
- 'contrib/**'
- '.github/CODEOWNERS'
permissions:
id-token: write
contents: write
env:
DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
git-secrets:
runs-on: ubuntu-latest
steps:
- name: Pull latest awslabs/git-secrets repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: awslabs/git-secrets
ref: 1.3.0
fetch-tags: true
path: git-secrets
- name: Install git secrets from source
run: sudo make install
working-directory: git-secrets
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Scan repository for git secrets
run: |
git secrets --register-aws
git secrets --scan-history
gen-code-no-diff:
strategy:
matrix:
os: [macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: go.mod
cache: true
- run: make gen-code
- run: git diff --exit-code
unit-tests:
strategy:
fail-fast: false
matrix:
os: [macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Configure git CRLF settings
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
# Since this repository is not meant to be used as a library,
# we don't need to test the latest 2 major releases like Go does: https://go.dev/doc/devel/release#policy.
go-version-file: go.mod
cache: true
- run: make test-unit
# It's recommended to run golangci-lint in a job separate from other jobs (go test, etc) because different jobs run in parallel.
go-linter:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: go.mod
cache: false # caching can result in tar errors that files already exist
- name: set GOOS env to windows
run: |
echo "GOOS=windows" >> $GITHUB_ENV
- name: golangci-lint - windows
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
# Pin the version in case all the builds start to fail at the same time.
# There may not be an automatic way (e.g., dependabot) to update a specific parameter of a GitHub Action,
# so we will just update it manually whenever it makes sense (e.g., a feature that we want is added).
version: v1.56.1
args: --fix=false --timeout=5m
- name: set GOOS env to darwin
run: |
echo "GOOS=darwin" >> $GITHUB_ENV
- name: golangci-lint - darwin
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
# Pin the version in case all the builds start to fail at the same time.
# There may not be an automatic way (e.g., dependabot) to update a specific parameter of a GitHub Action,
# so we will just update it manually whenever it makes sense (e.g., a feature that we want is added).
version: v1.56.1
args: --fix=false --timeout=5m --skip-dirs="(^|/)deps($|/)"
shellcheck:
name: ShellCheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
with:
version: v0.9.0
continue-on-error: true
go-mod-tidy-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: go.mod
cache: true
# TODO: Use `go mod tidy --check` after https://github.com/golang/go/issues/27005 is fixed.
- run: go mod tidy
- run: git diff --exit-code
check-licenses:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: go.mod
cache: true
- run: make check-licenses
e2e-tests:
strategy:
fail-fast: false
matrix:
os:
[
[self-hosted, macos, amd64, 13, test],
[self-hosted, macos, amd64, 14, test],
[self-hosted, macos, arm64, 13, test],
[self-hosted, macos, arm64, 14, test],
]
test-command: ['test-e2e-vm-serial', 'test-e2e-container']
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
# We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail.
fetch-depth: 0
persist-credentials: false
submodules: recursive
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: go.mod
cache: true
- name: Set output variables
id: vars
run: |
has_creds=${{ (github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name) && github.actor != 'dependabot[bot]' }}
echo "has_creds=$has_creds" >> $GITHUB_OUTPUT
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
if: ${{ steps.vars.outputs.has_creds == true }}
with:
role-to-assume: ${{ secrets.ROLE }}
role-session-name: credhelper-test
aws-region: ${{ secrets.REGION }}
- name: Clean up previous files
run: |
sudo rm -rf /opt/finch
sudo rm -rf ~/.finch
sudo rm -rf ./_output
if pgrep '^qemu-system'; then
sudo pkill '^qemu-system'
fi
if pgrep '^socket_vmnet'; then
sudo pkill '^socket_vmnet'
fi
- name: Install Rosetta 2
run: echo "A" | softwareupdate --install-rosetta || true
- run: brew install lz4 automake autoconf libtool yq
shell: zsh {0}
- name: Build project
run: |
export PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH"
make
shell: zsh {0}
- run: |
git status
git clean -f -d
REGISTRY=${{ steps.vars.outputs.has_creds == true && env.REGISTRY || '' }} make ${{ matrix.test-command }}
shell: zsh {0}
windows-e2e-tests:
strategy:
fail-fast: false
matrix:
os: [[self-hosted, windows, amd64, test]]
test-command: ['test-e2e-vm-serial', 'test-e2e-container']
runs-on: ${{ matrix.os }}
timeout-minutes: 180
steps:
- name: Configure git CRLF settings
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- name: Cleanup previous checkouts
run: |
takeown /F C:\actions-runner\_work\finch /R
Remove-Item C:\actions-runner\_work\finch\finch -Recurse -Force -ErrorAction Ignore
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
# We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail.
fetch-depth: 0
persist-credentials: false
submodules: recursive
- name: Set output variables
id: vars
run: |
$has_creds="${{ (github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name) && github.actor != 'dependabot[bot]'}}"
echo "has_creds=$has_creds" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
exit 0 # if $has_creds is false, powershell will exit with code 1 and this step will fail
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
if: env.has_creds == 'true'
with:
role-to-assume: ${{ secrets.ROLE }}
role-session-name: credhelper-test
aws-region: ${{ secrets.REGION }}
- name: Remove Finch VM
run: |
# We want these cleanup commands to always run, ignore errors so the step completes.
$ErrorActionPreference = 'Ignore'
taskkill /f /im wslservice.exe 2> nul || cmd /c "exit /b 0"
wsl --list --verbose
wsl --shutdown
wsl --unregister lima-finch
wsl --list --verbose
- name: Clean up previous files
run: |
Remove-Item C:\Users\Administrator\.finch -Recurse -ErrorAction Ignore
Remove-Item C:\Users\Administrator\AppData\Local\.finch -Recurse -ErrorAction Ignore
make clean
cd deps/finch-core && make clean
- name: Build project
run: |
git status
make
- name: Run e2e tests
run: |
# set path to use newer ssh version
$newPath = (";C:\Program Files\Git\bin\;" + "C:\Program Files\Git\usr\bin\;" + "$env:Path")
$env:Path = $newPath
# set networking config option to allow for VM/container -> host communication
echo "[experimental]`nnetworkingMode=mirrored`nhostAddressLoopback=true" > C:\Users\Administrator\.wslconfig
git status
git clean -f -d
make ${{ matrix.test-command }}
- name: Remove Finch VM and Clean Up Previous Environment
if: ${{ always() }}
run: |
# We want these cleanup commands to always run, ignore errors so the step completes.
$ErrorActionPreference = 'Ignore'
taskkill /f /im wslservice.exe 2> nul || cmd /c "exit /b 0"
wsl --list --verbose
wsl --shutdown
wsl --unregister lima-finch
wsl --list --verbose
Remove-Item C:\Users\Administrator\AppData\Local\.finch -Recurse
make clean
cd deps/finch-core && make clean
exit 0 # Cleanup may set the exit code e.g. if a file doesn't exist; just ignore
mdlint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0
with:
args: '**/*.md'
# CHANGELOG.md is only updated by release-please bot.
ignore: 'CHANGELOG.md'