Skip to content

Bump actions/checkout from 3.5.3 to 3.6.0 #1053

Bump actions/checkout from 3.5.3 to 3.6.0

Bump actions/checkout from 3.5.3 to 3.6.0 #1053

Workflow file for this run

name: CI
on:
push:
branches:
- main
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
pull_request:
branches:
- main
env:
DOCKER_PLATFORMS: "linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x,linux/mips64le,linux/386"
concurrency:
group: ${{ github.ref_name }}-ci
cancel-in-progress: true
permissions:
contents: read
jobs:
unit-tests:
name: Unit Tests
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Setup Golang Environment
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: go.mod
- name: Run Tests
run: make test
build-docker:
name: Build Docker Image
runs-on: ubuntu-22.04
permissions:
contents: write # for lucacome/draft-release to create/update release draft
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
id-token: write # for OIDC login to AWS ECR and goreleaser/goreleaser-action to sign artifacts
packages: write # for docker/build-push-action to push to GHCR
needs: unit-tests
steps:
- name: Checkout Repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- name: Setup Golang Environment
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: go.mod
- name: Determine GOPATH
id: go
run: |
echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT
- name: Setup QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
with:
platforms: arm,arm64,ppc64le,s390x,mips64le,386
if: github.event_name != 'pull_request'
- name: Docker Buildx
uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
- name: DockerHub Login
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
if: github.event_name != 'pull_request'
- name: Login to GitHub Container Registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
if: github.event_name != 'pull_request'
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # v3.0.1
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }}
if: github.event_name != 'pull_request'
- name: Login to Public ECR
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: public.ecr.aws
if: github.event_name != 'pull_request'
- name: Login to Quay.io
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
if: github.event_name != 'pull_request'
- name: Docker meta
id: meta
uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
with:
images: |
nginx/nginx-prometheus-exporter
ghcr.io/nginxinc/nginx-prometheus-exporter
public.ecr.aws/nginx/nginx-prometheus-exporter
quay.io/nginx/nginx-prometheus-exporter
tags: |
type=edge
type=ref,event=pr
type=schedule
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
labels: |
org.opencontainers.image.vendor=NGINX Inc <[email protected]>
- name: Create/Update Draft
uses: lucacome/draft-release@f6dc37dcdf44be100a649b72c62c628776750190 # v0.2.2
with:
minor-label: "enhancement"
major-label: "change"
publish: ${{ github.ref_type == 'tag' }}
collapse-after: 30
notes-footer: |
## Upgrade
- Use the {{version}} image from our [DockerHub](https://hub.docker.com/r/nginx/nginx-prometheus-exporter/tags?page=1&ordering=last_updated&name={{version-number}}), [GitHub Container](https://github.com/nginxinc/nginx-prometheus-exporter/pkgs/container/nginx-prometheus-exporter), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-prometheus-exporter) or [Quay.io](https://quay.io/repository/nginx/nginx-prometheus-exporter/tag/{{version-number}}?tab=tags).
- Download the latest binaries from the [GitHub releases page](https://github.com/nginxinc/nginx-prometheus-exporter/releases/tag/{{version}}).
- Update to the latest version with `brew upgrade nginx-prometheus-exporter`.
## Compatibility
- NGINX 0.1.18 or newer.
- NGINX Plus R19 or newer.
if: github.event_name != 'pull_request'
- name: Download Syft
uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
if: github.ref_type == 'tag'
- name: Install Cosign
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
if: github.ref_type == 'tag'
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0
with:
version: latest
args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} ${{ github.event_name == 'pull_request' && '--single-target' || '' }} --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOPATH: ${{ steps.go.outputs.go_path }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.NGINX_PAT }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_COMMUNITY }}
- name: Print NGINX Prometheus Exporter info
run: ./dist/nginx-prometheus-exporter_linux_amd64_v1/nginx-prometheus-exporter --version
continue-on-error: true
- name: Build and Push Docker Image
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
with:
file: build/Dockerfile
context: "."
target: goreleaser
platforms: ${{ github.event_name != 'pull_request' && env.DOCKER_PLATFORMS || '' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
load: ${{ github.event_name == 'pull_request' }}
push: ${{ github.event_name != 'pull_request' }}
cache-from: type=gha
cache-to: type=gha,mode=max
provenance: false
sbom: ${{ github.event_name != 'pull_request' }}
- name: Scan image
uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4 # v3.3.6
id: scan
continue-on-error: true
with:
image: nginx/nginx-prometheus-exporter:${{ steps.meta.outputs.version }}
only-fixed: true
add-cpes-if-none: true
- name: Upload scan result to GitHub Security tab
uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
continue-on-error: true
with:
sarif_file: ${{ steps.scan.outputs.sarif }}