chore(deps): update module google.golang.org/protobuf to v1.36.11 (#696) #2379
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| tags: | |
| - 'v*' | |
| branches: | |
| - main | |
| permissions: {} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-24.04 | |
| name: Build & Test | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: 'false' | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: "${{ github.actor != 'renovate[bot]' }}" | |
| - name: go build | |
| run: go build ./cmd/openvpn-auth-oauth2 | |
| - name: go test | |
| run: go test ./... -short -timeout 20s -race -covermode=atomic -coverprofile=coverage.out -coverpkg=./... | |
| id: test | |
| shell: bash | |
| continue-on-error: true | |
| - name: go test (retry) | |
| if: steps.test.outcome == 'failure' | |
| shell: bash | |
| run: go test ./... -short -timeout 20s -race -covermode=atomic -coverprofile=coverage.out -coverpkg=./... | |
| - name: go test -bench | |
| run: go test ./... -timeout 20s -run='^$' -bench=. -benchmem -count 3 | |
| - name: go test (Plugin Integration Tests) | |
| run: go test ./lib/openvpn-auth-oauth2 -run '^TestIT$' | |
| - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| goreleaser: | |
| runs-on: ubuntu-24.04 | |
| name: Test goreleaser | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: 'false' | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: "${{ github.actor != 'renovate[bot]' }}" | |
| - uses: anchore/sbom-action/download-syft@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.11 | |
| - name: Write gpg sign key | |
| if: env.GPG_KEY != null | |
| run: echo "$GPG_KEY" > "$GPG_KEY_PATH" | |
| env: | |
| GPG_KEY_PATH: "${{ secrets.GPG_KEY_PATH }}" | |
| GPG_KEY: ${{ secrets.GPG_KEY }} | |
| - name: go build (with goreleaser) | |
| uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 | |
| with: | |
| # renovate: github=goreleaser/goreleaser | |
| version: v2.13.1 | |
| args: release --snapshot | |
| env: | |
| GITHUB_TOKEN: "" | |
| GPG_KEY_PATH: "" | |
| - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: dists | |
| path: dist/ | |
| lint: | |
| name: lint | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: 'false' | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: "${{ github.actor != 'renovate[bot]' }}" | |
| - run: go mod tidy -diff | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 | |
| with: | |
| # renovate: github=golangci/golangci-lint | |
| version: v2.7.2 | |
| args: "--max-same-issues=0" | |
| super-lint: | |
| name: super-lint | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: 'false' | |
| fetch-depth: 0 | |
| - name: Lint Code Base | |
| uses: super-linter/super-linter/slim@502f4fe48a81a392756e173e39a861f8c8efe056 # v8.3.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MULTI_STATUS: false | |
| LINTER_RULES_PATH: . | |
| GITHUB_ACTIONS_ZIZMOR_CONFIG_FILE: ./.github/zizmor.yml | |
| VALIDATE_ALL_CODEBASE: true | |
| VALIDATE_BASH: true | |
| VALIDATE_BASH_EXEC: true | |
| VALIDATE_EDITORCONFIG: true | |
| VALIDATE_ENV: true | |
| VALIDATE_GO_RELEASER: true | |
| VALIDATE_GITHUB_ACTIONS: true | |
| VALIDATE_GITHUB_ACTIONS_ZIZMOR: true | |
| VALIDATE_HTML: true | |
| VALIDATE_JSON: true | |
| VALIDATE_NATURAL_LANGUAGE: true | |
| # VALIDATE_MARKDOWN: false | |
| VALIDATE_RENOVATE: true | |
| VALIDATE_SHELL_SHFMT: true | |
| VALIDATE_XML: true | |
| VALIDATE_YAML: true | |
| publish: | |
| name: Publish package | |
| if: >- | |
| github.event_name == 'push' | |
| && startsWith(github.ref, 'refs/tags/v') | |
| needs: | |
| - build | |
| - lint | |
| - goreleaser | |
| - super-lint | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: 'false' | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: true | |
| - uses: anchore/sbom-action/download-syft@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.11 | |
| - name: GPG configuration | |
| run: |- | |
| echo "$GPG_KEY" > "$GPG_KEY_PATH" | |
| mkdir -p "$HOME/.gnupg" | |
| chmod 0700 "$HOME/.gnupg" | |
| echo "use-agent" > "$HOME/.gnupg/gpg.conf" | |
| echo "pinentry-mode loopback" >> "$HOME/.gnupg/gpg.conf" | |
| echo "allow-loopback-pinentry" > "$HOME/.gnupg/gpg-agent.conf" | |
| echo "max-cache-ttl 86400" >> "$HOME/.gnupg/gpg-agent.conf" | |
| echo "default-cache-ttl 86400" >> "$HOME/.gnupg/gpg-agent.conf" | |
| gpgconf --kill gpg-agent | |
| gpgconf --launch gpg-agent | |
| echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --import "$GPG_KEY_PATH" | |
| echo "1F34F95B4F30BC5B06E0D7CC3F619F17002790D8:6:" | gpg --import-ownertrust | |
| env: | |
| GPG_KEY_ID: ${{ vars.GPG_KEY_ID }} | |
| GPG_KEY: ${{ secrets.GPG_KEY }} | |
| GPG_PASSPHRASE: ${{ secrets.NFPM_PASSPHRASE }} | |
| GPG_KEY_PATH: "${{ secrets.GPG_KEY_PATH }}" | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 | |
| with: | |
| # renovate: github=goreleaser/goreleaser | |
| version: v2.13.1 | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GORELEASER_CURRENT_TAG: ${{ github.ref_name }} | |
| NFPM_OPENVPN-AUTH-OAUTH2_PASSPHRASE: ${{ secrets.NFPM_PASSPHRASE }} | |
| GPG_KEY_PATH: ${{ secrets.GPG_KEY_PATH }} | |
| - name: Release APT repository | |
| run: | | |
| set -x | |
| gh release download "${GITHUB_REF_NAME}" -p "*.deb" -D tmp | |
| pushd tmp | |
| apt-ftparchive packages . | tee Packages | xz > Packages.xz | |
| apt-ftparchive release . > Release | |
| gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" --clearsign -o InRelease Release | |
| gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" --armor --detach-sign --sign -o Release.gpg Release | |
| gh release upload "${GITHUB_REF_NAME}" InRelease Packages Packages.xz Release Release.gpg --clobber | |
| popd | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GPG_PASSPHRASE: ${{ secrets.NFPM_PASSPHRASE }} | |
| - name: Publish Release | |
| run: gh release edit "${GITHUB_REF_NAME}" --draft=false | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 | |
| with: | |
| subject-checksums: ./dist/checksums.txt |