🧹 Bump cnspec to v11.36.2 (#351) #374
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Packer Plugin | |
## Only trigger tests if source is changing | |
on: | |
push: | |
paths: | |
- "**.go" | |
- "**.mod" | |
- "go.sum" | |
jobs: | |
license-check: | |
name: License Check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/[email protected] | |
- name: Setup Copywrite | |
uses: hashicorp/[email protected] | |
- name: Check Header Compliance | |
run: copywrite headers --plan | |
goreleaser: | |
name: GoReleaser | |
runs-on: self-hosted | |
env: | |
RUNNER_TYPE: "self-hosted" | |
timeout-minutes: 120 | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Unshallow | |
run: git fetch --prune --unshallow | |
- name: Import environment variables from file | |
run: cat ".github/env" >> $GITHUB_ENV | |
- name: Set up Go | |
uses: actions/[email protected] | |
with: | |
go-version: ">=${{ env.golang-version }}" | |
cache: false | |
- name: Check go mod | |
run: | | |
go mod tidy | |
git diff --exit-code go.mod | |
- name: Run golangci-lint | |
uses: golangci/[email protected] | |
with: | |
version: latest | |
skip-cache: true | |
- name: "Install required tooling" | |
if: ${{ env.RUNNER_TYPE != 'self-hosted' }} | |
run: | | |
# Only use sudo on self-hosted runners | |
sudo apt install -y zip | |
- name: Set cnspec version | |
run: echo "CNSPEC_VERSION=$(go list -json -m go.mondoo.com/cnspec/v11 | jq -r '.Version')" >> $GITHUB_ENV | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v6 | |
with: | |
version: latest | |
args: release --snapshot --skip=publish --clean | |
env: | |
API_VERSION: x5.0 | |
CNSPEC_VERSION: ${{ env.CNSPEC_VERSION }} | |
go-auto-approve: | |
runs-on: ubuntu-latest | |
needs: [goreleaser, license-check] | |
# For now, we only auto approve and merge cnspec bump PRs created by mondoo-tools. | |
# We have to check the commit author, because the PR is created by "github-actions[bot]" | |
# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#startswith | |
if: ${{ startsWith(github.ref, 'refs/heads/version/cnspec_update_v') && github.event.commits[0].author.username == 'mondoo-tools' }} | |
permissions: | |
contents: write | |
pull-requests: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# figure out the PR for this commit | |
- uses: cloudposse-github-actions/[email protected] | |
id: pr | |
with: | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
filterOutClosed: true | |
filterOutDraft: true | |
# fetch a token for the mondoo-mergebot app | |
- name: Generate token | |
id: generate-token | |
uses: actions/create-github-app-token@v1 | |
with: | |
app-id: ${{ secrets.MONDOO_MERGEBOT_APP_ID }} | |
private-key: ${{ secrets.MONDOO_MERGEBOT_APP_PRIVATE_KEY }} | |
# automerge using bot token | |
- name: Approve and merge a PR | |
run: | | |
gh pr review ${{ steps.pr.outputs.number }} --approve | |
gh pr merge ${{ steps.pr.outputs.number }} --squash | |
env: | |
GH_TOKEN: ${{ steps.generate-token.outputs.token }} |