Bump golang.org/x/crypto from 0.28.0 to 0.31.0 (#1719) #6908
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
merge_group: | |
pull_request: | |
push: | |
branches: | |
- main | |
- release/** | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest, macos-14] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: cachix/install-nix-action@v23 | |
with: | |
nix_path: nixpkgs=channel:nixos-22.11 | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
**/*.go | |
*.mod | |
*.sum | |
- uses: cachix/cachix-action@v12 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
name: cronos | |
# github don't pass secrets for pull request from fork repos, | |
# in that case the push is disabled naturally. | |
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
- name: Run build | |
run: ./scripts/release.sh | |
if: steps.changed-files.outputs.any_changed == 'true' | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: "cronosd-tarball-${{ matrix.os }}" | |
path: "*.tar.gz" | |
if-no-files-found: ignore | |
unittest: | |
runs-on: ubuntu-latest | |
timeout-minutes: 40 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: cachix/install-nix-action@v23 | |
with: | |
nix_path: nixpkgs=channel:nixos-22.11 | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
**/*.go | |
*.mod | |
*.sum | |
- uses: cachix/cachix-action@v12 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
name: cronos | |
# github don't pass secrets for pull request from fork repos, | |
# in that case the push is disabled naturally. | |
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
- name: test & coverage report creation | |
run: | | |
nix develop .#rocksdb -c make test test-versiondb | |
if: steps.changed-files.outputs.any_changed == 'true' | |
- name: filter out proto files | |
run: | | |
excludelist+=" $(find ./ -type f -name '*.pb.go')" | |
for filename in ${excludelist}; do | |
filename=$(echo $filename | sed 's/^./github.com\/crypto-org-chain\/cronos/g') | |
echo "Excluding ${filename} from coverage report..." | |
sed -i.bak "/$(echo $filename | sed 's/\//\\\//g')/d" coverage.txt | |
done | |
if: steps.changed-files.outputs.any_changed == 'true' | |
- uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: ./coverage.txt,./memiavl/coverage.txt,./store/coverage.txt,./versiondb/coverage.txt | |
if: steps.changed-files.outputs.any_changed == 'true' | |
gomod2nix: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
go.mod | |
go.sum | |
- uses: cachix/install-nix-action@v23 | |
with: | |
nix_path: nixpkgs=channel:nixos-22.11 | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
if: steps.changed-files.outputs.any_changed == 'true' | |
- name: gomod2nix | |
run: nix develop -c gomod2nix | |
if: steps.changed-files.outputs.any_changed == 'true' | |
- name: check working directory is clean | |
id: changes | |
run: | | |
set +e | |
(git diff --no-ext-diff --exit-code) | |
echo "name=changed::$?" >> $GITHUB_OUTPUT | |
- uses: actions/upload-artifact@v3 | |
if: steps.changes.outputs.changed == 1 | |
with: | |
name: gomod2nix.toml | |
path: ./gomod2nix.toml | |
- if: steps.changes.outputs.changed == 1 | |
run: echo "Working directory is dirty" && exit 1 | |
contracts: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
contracts | |
- uses: cachix/install-nix-action@v23 | |
with: | |
nix_path: nixpkgs=channel:nixos-22.11 | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
if: steps.changed-files.outputs.any_changed == 'true' | |
- uses: cachix/cachix-action@v12 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
name: cronos | |
extraPullNames: dapp | |
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
- name: test contracts | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make test-cronos-contracts | |
- name: build contracts | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make gen-cronos-contracts | |
- name: check working directory is clean | |
id: changes | |
run: | | |
set +e | |
(git diff --no-ext-diff --exit-code) | |
echo "name=changed::$?" >> $GITHUB_OUTPUT | |
- uses: actions/upload-artifact@v3 | |
if: steps.changes.outputs.changed == 1 | |
with: | |
name: contracts_out | |
path: ./contracts/out | |
if-no-files-found: ignore | |
- if: steps.changes.outputs.changed == 1 | |
run: echo "Working directory is dirty" && exit 1 |