Skip to content

🧹 Bump cnspec to v11.36.2 (#351) #374

🧹 Bump cnspec to v11.36.2 (#351)

🧹 Bump cnspec to v11.36.2 (#351) #374

Workflow file for this run

name: Build Packer Plugin
## Only trigger tests if source is changing
on:
push:
paths:
- "**.go"
- "**.mod"
- "go.sum"
jobs:
license-check:
name: License Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/[email protected]
- name: Setup Copywrite
uses: hashicorp/[email protected]
- name: Check Header Compliance
run: copywrite headers --plan
goreleaser:
name: GoReleaser
runs-on: self-hosted
env:
RUNNER_TYPE: "self-hosted"
timeout-minutes: 120
steps:
- name: Checkout
uses: actions/[email protected]
- name: Unshallow
run: git fetch --prune --unshallow
- name: Import environment variables from file
run: cat ".github/env" >> $GITHUB_ENV
- name: Set up Go
uses: actions/[email protected]
with:
go-version: ">=${{ env.golang-version }}"
cache: false
- name: Check go mod
run: |
go mod tidy
git diff --exit-code go.mod
- name: Run golangci-lint
uses: golangci/[email protected]
with:
version: latest
skip-cache: true
- name: "Install required tooling"
if: ${{ env.RUNNER_TYPE != 'self-hosted' }}
run: |
# Only use sudo on self-hosted runners
sudo apt install -y zip
- name: Set cnspec version
run: echo "CNSPEC_VERSION=$(go list -json -m go.mondoo.com/cnspec/v11 | jq -r '.Version')" >> $GITHUB_ENV
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: latest
args: release --snapshot --skip=publish --clean
env:
API_VERSION: x5.0
CNSPEC_VERSION: ${{ env.CNSPEC_VERSION }}
go-auto-approve:
runs-on: ubuntu-latest
needs: [goreleaser, license-check]
# For now, we only auto approve and merge cnspec bump PRs created by mondoo-tools.
# We have to check the commit author, because the PR is created by "github-actions[bot]"
# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#startswith
if: ${{ startsWith(github.ref, 'refs/heads/version/cnspec_update_v') && github.event.commits[0].author.username == 'mondoo-tools' }}
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
# figure out the PR for this commit
- uses: cloudposse-github-actions/[email protected]
id: pr
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
filterOutClosed: true
filterOutDraft: true
# fetch a token for the mondoo-mergebot app
- name: Generate token
id: generate-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.MONDOO_MERGEBOT_APP_ID }}
private-key: ${{ secrets.MONDOO_MERGEBOT_APP_PRIVATE_KEY }}
# automerge using bot token
- name: Approve and merge a PR
run: |
gh pr review ${{ steps.pr.outputs.number }} --approve
gh pr merge ${{ steps.pr.outputs.number }} --squash
env:
GH_TOKEN: ${{ steps.generate-token.outputs.token }}