From c97bae630ba6733160f9e027827d84c424e2e71a Mon Sep 17 00:00:00 2001 From: Mateusz Szostok Date: Wed, 20 Sep 2023 14:10:36 +0200 Subject: [PATCH 1/2] Add cancel concurrent builds --- .github/workflows/chart-testing.yaml | 4 ++++ .github/workflows/ci.yml | 5 +++++ .github/workflows/codeql.yaml | 4 ++++ .github/workflows/pr-build.yaml | 4 ++++ .github/workflows/vulnerability-scan.yml | 5 +++++ 5 files changed, 22 insertions(+) diff --git a/.github/workflows/chart-testing.yaml b/.github/workflows/chart-testing.yaml index f72bbc9ba..1679a852d 100644 --- a/.github/workflows/chart-testing.yaml +++ b/.github/workflows/chart-testing.yaml @@ -7,6 +7,10 @@ on: # The branches below must be a subset of the branches above branches: [ "main" ] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} # scope to for the current workflow + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} # cancel only PR related jobs + jobs: chart-test: runs-on: ubuntu-latest diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2cfc1abc5..29db36ffb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,6 +6,11 @@ env: HELM_VERSION: v3.9.0 GOLANGCI_LINT_VERSION: v1.54.2 GOLANGCI_LINT_TIMEOUT: 10m + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} # scope to for the current workflow + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} # cancel only PR related jobs + jobs: lint-go: if: ${{ !contains(github.event.commits[0].message, '[skip-ci]') }} diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index e2beed781..4934f199e 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -10,6 +10,10 @@ on: # Runs at 09:00 UTC on Wed. - cron: '0 9 * * 3' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} # scope to for the current workflow + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} # cancel only PR related jobs + jobs: analyze: name: Analyze diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml index 22cec4e92..8a89d32e5 100644 --- a/.github/workflows/pr-build.yaml +++ b/.github/workflows/pr-build.yaml @@ -30,6 +30,10 @@ env: IMAGE_TAG: ${{ github.event.pull_request.number }}-PR IMAGE_SAVE_LOAD_DIR: /tmp/botkube-images +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} # scope to for the current workflow + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} # cancel only PR related jobs + jobs: save-image: diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 3911e1f5c..ac323899e 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -1,6 +1,11 @@ name: Vulnerability Scan on: pull_request: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} # scope to for the current workflow + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} # cancel only PR related jobs + jobs: scan-repo: if: ${{ !contains(github.event.commits[0].message, '[skip-ci]') }} From 1d230b75f38efb15812ba6c0474883ecf35782ac Mon Sep 17 00:00:00 2001 From: Mateusz Szostok Date: Wed, 20 Sep 2023 14:36:49 +0200 Subject: [PATCH 2/2] Bump deps, migrate set-output --- .github/workflows/branch-build.yml | 20 +++++------ .github/workflows/chart-testing.yaml | 2 +- .github/workflows/ci.yml | 43 ++++++++++++++++++------ .github/workflows/codeql.yaml | 4 +-- .github/workflows/cut-new-release.yml | 10 +++--- .github/workflows/finalize-release.yml | 4 +-- .github/workflows/next-rc.yml | 12 +++---- .github/workflows/pr-build.yaml | 16 ++++----- .github/workflows/process-chart.yml | 4 +-- .github/workflows/release.yml | 10 +++--- .github/workflows/upload-plugins.yaml | 8 ++--- .github/workflows/vulnerability-scan.yml | 2 +- 12 files changed, 78 insertions(+), 57 deletions(-) diff --git a/.github/workflows/branch-build.yml b/.github/workflows/branch-build.yml index d3250437c..7aa3e0ea0 100644 --- a/.github/workflows/branch-build.yml +++ b/.github/workflows/branch-build.yml @@ -25,14 +25,14 @@ jobs: DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Docker Login uses: docker/login-action@v1 with: @@ -40,7 +40,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v2 + uses: goreleaser/goreleaser-action@v5 with: install-only: true version: latest @@ -70,16 +70,16 @@ jobs: - discord steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v2 + uses: goreleaser/goreleaser-action@v5 with: install-only: true version: latest - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true @@ -129,12 +129,12 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true @@ -166,7 +166,7 @@ jobs: --set image.tag="${IMAGE_TAG}" \ - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v2 + uses: goreleaser/goreleaser-action@v5 with: install-only: true version: latest diff --git a/.github/workflows/chart-testing.yaml b/.github/workflows/chart-testing.yaml index 1679a852d..7a846e049 100644 --- a/.github/workflows/chart-testing.yaml +++ b/.github/workflows/chart-testing.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 29db36ffb..8f774749b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,17 +18,12 @@ jobs: name: Lint Go code steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true - - name: Run golangci-lint - uses: golangci/golangci-lint-action@v3 - with: - version: ${{ env.GOLANGCI_LINT_VERSION }} - args: --timeout=${{ env.GOLANGCI_LINT_TIMEOUT }} - name: Verify Go modules run: go mod verify if: always() @@ -45,6 +40,32 @@ jobs: else echo '✔ No issues detected. Have a nice day :-)' fi + golangci: + name: golangci-lint + runs-on: ubuntu-latest + steps: + - name: Checkout source + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version-file: 'go.mod' + # When the files to be extracted are already present, + # tar extraction in Golangci Lint fails with the "File exists" + # errors. These files appear to be present because of + # cache in setup-go, on disabling the cache we are no more seeing + # such error. Cache is to be enabled once the fix is available for + # this issue: + # https://github.com/golangci/golangci-lint-action/issues/807 + cache: false + + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + version: ${{ env.GOLANGCI_LINT_VERSION }} + args: --timeout=${{ env.GOLANGCI_LINT_TIMEOUT }} + test: if: ${{ !contains(github.event.commits[0].message, '[skip-ci]') }} @@ -52,9 +73,9 @@ jobs: name: Run tests steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true @@ -70,9 +91,9 @@ jobs: name: Build app steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 4934f199e..864abab02 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -30,10 +30,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: 1.19 diff --git a/.github/workflows/cut-new-release.yml b/.github/workflows/cut-new-release.yml index 7e1c28ee3..c5092bd97 100644 --- a/.github/workflows/cut-new-release.yml +++ b/.github/workflows/cut-new-release.yml @@ -21,7 +21,7 @@ jobs: ref: ${{ steps.extract.outputs.ref }} base-version: ${{ steps.extract.outputs.base-version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 @@ -43,8 +43,8 @@ jobs: echo "release-${BASE_VERSION} is found, now REF=release-${BASE_VERSION}" REF=$(echo "release-${BASE_VERSION}") fi - echo ::set-output name=ref::$REF - echo ::set-output name=base-version::$BASE_VERSION + echo "ref=$REF" >> $GITHUB_OUTPUT + echo "base-version=$BASE_VERSION" >> $GITHUB_OUTPUT else # Fail entire job if it is not a valid format echo "${{ inputs.version }} is not a valid version format. Use something like 'v0.14.0'" @@ -56,7 +56,7 @@ jobs: runs-on: ubuntu-22.04 needs: [workflow-metadata] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ needs.workflow-metadata.outputs.ref }} token: ${{ secrets.GH_TOKEN }} @@ -96,4 +96,4 @@ jobs: if: ${{ contains(needs.workflow-metadata.outputs.ref, env.main-branch ) }} run: | git checkout -b release-${{ needs.workflow-metadata.outputs.base-version }} - git push origin release-${{ needs.workflow-metadata.outputs.base-version }} \ No newline at end of file + git push origin release-${{ needs.workflow-metadata.outputs.base-version }} diff --git a/.github/workflows/finalize-release.yml b/.github/workflows/finalize-release.yml index 343c833c9..a7764ccae 100644 --- a/.github/workflows/finalize-release.yml +++ b/.github/workflows/finalize-release.yml @@ -23,7 +23,7 @@ jobs: id: extract run: | BASE_VERSION=$(echo "${{ inputs.version }}" | cut -c2- | awk 'BEGIN{FS=OFS="."}NF--') - echo ::set-output name=base-version::$BASE_VERSION + echo "base-version=$BASE_VERSION" >> $GITHUB_OUTPUT process-chart: needs: [extract-metadata] @@ -32,4 +32,4 @@ jobs: release-branch: release-${{ needs.extract-metadata.outputs.base-version }} next-version: ${{ inputs.version }} secrets: - gh-token: ${{ secrets.GH_TOKEN }} \ No newline at end of file + gh-token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/next-rc.yml b/.github/workflows/next-rc.yml index 75753e9c7..0a2913fe7 100644 --- a/.github/workflows/next-rc.yml +++ b/.github/workflows/next-rc.yml @@ -22,7 +22,7 @@ jobs: branch: ${{ steps.next-rc.outputs.branch }} runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 @@ -59,10 +59,10 @@ jobs: NEW_RELEASE_VERSION="${BASE_TAG}-rc.${NEW_RELEASE_REVISION}" echo "Latest release-candidate tag found: ${BASE_TAG}-rc.${LATEST_RELEASE_TAG}, creating: ${BASE_TAG}-rc.${NEW_RELEASE_REVISION}" - echo ::set-output name=release-version::$BASE_TAG - echo ::set-output name=new-rc-version::$NEW_RELEASE_VERSION - echo ::set-output name=commit-msg::$COMMIT_MSG - echo ::set-output name=branch::$CURRENT_BRANCH + echo "release-version=$BASE_TAG" >> $GITHUB_OUTPUT + echo "new-rc-version=$NEW_RELEASE_VERSION" >> $GITHUB_OUTPUT + echo "commit-msg=$COMMIT_MSG" >> $GITHUB_OUTPUT + echo "branch=$CURRENT_BRANCH" >> $GITHUB_OUTPUT process-chart: if: ${{ (!contains(github.event.commits[0].message, '[skip-ci]')) && (needs.next-rc.outputs.new-rc-version != '') }} @@ -72,4 +72,4 @@ jobs: release-branch: ${{ needs.next-rc.outputs.branch }} next-version: ${{ needs.next-rc.outputs.new-rc-version }} secrets: - gh-token: ${{ secrets.GH_TOKEN }} \ No newline at end of file + gh-token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml index 8a89d32e5..d40b78044 100644 --- a/.github/workflows/pr-build.yaml +++ b/.github/workflows/pr-build.yaml @@ -45,19 +45,19 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v2 + uses: goreleaser/goreleaser-action@v5 with: install-only: true version: latest @@ -86,7 +86,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -136,7 +136,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false @@ -198,13 +198,13 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true @@ -236,7 +236,7 @@ jobs: --set image.tag="${IMAGE_TAG}" \ - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v2 + uses: goreleaser/goreleaser-action@v5 with: install-only: true version: latest diff --git a/.github/workflows/process-chart.yml b/.github/workflows/process-chart.yml index 9cf44fef1..a6e4b3d73 100644 --- a/.github/workflows/process-chart.yml +++ b/.github/workflows/process-chart.yml @@ -35,7 +35,7 @@ jobs: outputs: new-version: ${{ inputs.next-version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ inputs.release-branch }} token: ${{ secrets.gh-token }} @@ -86,7 +86,7 @@ jobs: git push --tags - name: Checkout to gh-pages for Helm - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: chart ref: gh-pages diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 677be4f96..ddfaad019 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Git checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 @@ -22,13 +22,13 @@ jobs: run: git fetch --force --tags - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Docker Login uses: docker/login-action@v1 @@ -48,10 +48,10 @@ jobs: git fetch origin "refs/notes/*:refs/notes/*" BASE_VERSION=$(echo "${BASE_TAG}" | cut -c2- | awk 'BEGIN{FS=OFS="."}NF--') PREV_VERSION=$(echo $(git log --pretty=format:"%N" --show-notes="release-${BASE_VERSION}") | awk -F',' '{ print $1 }' | awk NF | awk '{ print $2 }') - echo ::set-output name=previous-version::$PREV_VERSION + echo "previous-version=$PREV_VERSION" >> $GITHUB_OUTPUT - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v3 + uses: goreleaser/goreleaser-action@v5 with: install-only: true version: latest diff --git a/.github/workflows/upload-plugins.yaml b/.github/workflows/upload-plugins.yaml index 66e077887..e31e35b37 100644 --- a/.github/workflows/upload-plugins.yaml +++ b/.github/workflows/upload-plugins.yaml @@ -12,7 +12,7 @@ jobs: GOBIN: /home/runner/work/botkube/bin steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: GCP auth uses: 'google-github-actions/auth@v1' with: @@ -20,14 +20,14 @@ jobs: - name: 'Set up Cloud SDK' uses: 'google-github-actions/setup-gcloud@v1' - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version-file: 'go.mod' cache: true - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v2 + uses: goreleaser/goreleaser-action@v5 with: install-only: true version: latest diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index ac323899e..9ae7a20bf 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -17,7 +17,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master with: