chore(deps): bump rollup from 4.52.5 to 4.59.0 in the npm_and_yarn group across 1 directory #496
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| prettier: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Setup bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Run Prettier | |
| run: bunx prettier -w . | |
| - name: Commit if changed | |
| if: github.event_name == 'pull_request' | |
| env: | |
| HEAD_REF: ${{ github.head_ref }} | |
| run: | | |
| if [[ -n "$(git status --porcelain)" ]]; then | |
| echo "The following files were changed by prettier:" | |
| git status --porcelain | |
| git config user.name "github-actions[bot]" | |
| git config user.email "${{ github.actor_id }}+github-actions@users.noreply.github.com" | |
| git add . | |
| git commit -m "chore: format code with prettier" -m 'skip ci' | |
| git fetch origin "$HEAD_REF" | |
| git rebase "origin/$HEAD_REF" | |
| git push origin "HEAD:$HEAD_REF" | |
| else | |
| echo "No changes to commit" | |
| fi | |
| checks: | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: ./go.mod | |
| - name: Create dist | |
| run: | | |
| mkdir -p internal/api/dist | |
| echo '<h1>Parse-DMARC API</h1>' > internal/api/dist/index.html | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v9 | |
| simulate-prod: | |
| if: github.event_name == 'push' || github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install syft | |
| uses: anchore/sbom-action/download-syft@v0 | |
| - name: Setup Cosign CLI | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Setup bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v7 | |
| with: | |
| distribution: goreleaser | |
| version: "~> v2" | |
| args: release --clean --snapshot | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| build-docker: | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Build docker | |
| uses: meysam81/build-docker@main | |
| with: | |
| build-args: | | |
| VERSION=head-${{ github.sha }} | |
| COMMIT=${{ github.sha }} | |
| DATE=${{ github.event.head_commit.timestamp }} | |
| BUILT_BY=github-actions | |
| cosign: true | |
| dockerhub-username: ${{ vars.DOCKERHUB_USERNAME }} | |
| dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| image-name: ghcr.io/${{ github.repository }} | |
| image-extra-tags: | | |
| ${{ github.repository }}:latest | |
| ${{ github.repository }}:${{ github.run_id }} | |
| ${{ github.repository }}:${{ github.sha }} | |
| ghcr.io/${{ github.repository }}:latest | |
| ghcr.io/${{ github.repository }}:${{ github.run_id }} | |
| ghcr.io/${{ github.repository }}:${{ github.sha }} | |
| kubescape: true | |
| release-please: | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| releases_created: ${{ steps.release-please.outputs.releases_created }} | |
| tag_name: ${{ steps.release-please.outputs.tag_name }} | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| steps: | |
| - id: release-please | |
| name: Release please | |
| uses: googleapis/release-please-action@v4 | |
| with: | |
| release-type: go | |
| build-prod: | |
| needs: release-please | |
| if: needs.release-please.outputs.releases_created == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| attestations: write | |
| contents: write | |
| id-token: write | |
| issues: write | |
| packages: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ needs.release-please.outputs.tag_name }} | |
| - name: Install syft | |
| uses: anchore/sbom-action/download-syft@v0 | |
| - name: Setup Cosign CLI | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Setup bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ vars.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v7 | |
| with: | |
| distribution: goreleaser | |
| version: "~> v2" | |
| args: release --clean | |
| env: | |
| BUILDKIT_MULTI_PLATFORM: "${{ vars.BUILDKIT_MULTI_PLATFORM }}" | |
| DISABLE_SBOM: "${{ vars.DISABLE_SBOM }}" | |
| GITHUB_TOKEN: ${{ github.token }} | |
| HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }} | |
| NO_DIGEST: ${{ vars.NO_DIGEST }} | |
| - uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-checksums: ./.goreleaser-dist/checksums.txt | |
| - uses: actions/attest-build-provenance@v3 | |
| if: env.NO_DIGEST != 'false' | |
| with: | |
| subject-checksums: ./.goreleaser-dist/digest.txt | |
| # deploy-grafana: | |
| # needs: [release-please, build-prod] | |
| # if: needs.release-please.outputs.releases_created == 'true' | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v6 | |
| # with: | |
| # ref: ${{ needs.release-please.outputs.tag_name }} | |
| # - name: Validate dashboard JSON | |
| # run: | | |
| # python3 -c "import json; json.load(open('grafana/dashboard.json'))" | |
| # echo "Dashboard JSON is valid" | |
| # - name: Upload dashboard to Grafana.com | |
| # env: | |
| # GRAFANA_API_KEY: ${{ secrets.GRAFANA_API_KEY }} | |
| # run: | | |
| # curl -X POST \ | |
| # -H "Authorization: Bearer $GRAFANA_API_KEY" \ | |
| # -H "Content-Type: application/json" \ | |
| # -d @grafana/dashboard.json \ | |
| # "https://grafana.com/api/dashboards" |