feat: update local registry mTLS to do client-side server name verification #1519
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: {} | |
pull_request: {} | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21" | |
check-latest: true | |
cache: true | |
- name: Install pnpm | |
uses: pnpm/[email protected] | |
with: | |
version: 8.x.x | |
- name: Install Node 18 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
cache: pnpm | |
cache-dependency-path: npm/pnpm-lock.yaml | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile --ignore-scripts | |
working-directory: npm | |
- name: Verify dependencies | |
run: | | |
go mod verify | |
go mod download | |
- name: Check formatting | |
run: | | |
STATUS=0 | |
assert-nothing-changed() { | |
local diff | |
"$@" >/dev/null || return 1 | |
if ! diff="$(git diff -U1 --color --exit-code)"; then | |
printf '\e[31mError: running `\e[1m%s\e[22m` results in modifications that you must check into version control:\e[0m\n%s\n\n' "$*" "$diff" >&2 | |
git checkout -- . | |
STATUS=1 | |
fi | |
} | |
assert-nothing-changed go fmt ./... | |
assert-nothing-changed go mod tidy | |
exit $STATUS | |
- uses: golangci/golangci-lint-action@v5 | |
with: | |
version: v1.56.2 | |
only-new-issues: false | |
skip-cache: false | |
skip-build-cache: true | |
skip-pkg-cache: true | |
args: --timeout 5m | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- run: pnpm fmt:check | |
working-directory: npm | |
- run: pnpm type-check | |
working-directory: npm | |
build: | |
runs-on: ubuntu-latest-16-cores | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21" | |
check-latest: true | |
cache: true | |
- name: Install pnpm | |
uses: pnpm/[email protected] | |
with: | |
version: 8.x.x | |
- name: Install Node 18 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
cache: pnpm | |
cache-dependency-path: npm/pnpm-lock.yaml | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile --ignore-scripts | |
working-directory: npm | |
- uses: goreleaser/goreleaser-action@v5 | |
with: | |
version: 1.19.0 | |
args: build --clean --snapshot | |
- run: make npm | |
env: | |
DEPOT_CLI_VERSION: v0.0.0-dev | |
package: | |
runs-on: ubuntu-latest | |
if: github.event_name != 'pull_request' | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: depot/setup-action@v1 | |
- uses: docker/metadata-action@v5 | |
id: meta | |
with: | |
images: | | |
ghcr.io/depot/cli | |
public.ecr.aws/depot/cli | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
- id: build-info | |
name: Set build information | |
run: | | |
echo "::set-output name=version::${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}" | |
echo "::set-output name=date::$(date +'%Y-%m-%d')" | |
echo "::set-output name=sentry-environment::${{ fromJSON('{"true":"release","false":"development"}')[startsWith(github.ref, 'refs/tags/v')] }}" | |
- uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::375021575472:role/github-actions | |
aws-region: us-east-1 | |
- uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- uses: depot/build-push-action@v1 | |
with: | |
push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
build-args: | | |
LDFLAGS=-s -w -X github.com/depot/cli/internal/build.Version=${{ steps.build-info.outputs.version }} -X github.com/depot/cli/internal/build.Date=${{ steps.build-info.outputs.date }} -X github.com/depot/cli/internal/build.SentryEnvironment=${{ steps.build-info.outputs.sentry-environment }} |