diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c023415a..789cdd9c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,12 +1,12 @@ version: 2 updates: -- package-ecosystem: gomod - directory: "/" - schedule: - interval: weekly - open-pull-requests-limit: 10 -- package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: weekly - open-pull-requests-limit: 10 + - package-ecosystem: gomod + directory: "/" + schedule: + interval: weekly + open-pull-requests-limit: 10 + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: weekly + open-pull-requests-limit: 10 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index dac5b6b2..6959a652 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -11,15 +11,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version-file: './go.mod' check-latest: true - - uses: actions/cache@v3 + - uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2 with: path: | ~/.cache/go-build @@ -29,24 +29,24 @@ jobs: ${{ runner.os }}-go- - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1 - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v4.1.0 + uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0 with: install-only: true - name: Install cosign - uses: sigstore/cosign-installer@v2.8.1 + uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1 - name: Install syft - uses: anchore/sbom-action/download-syft@v0.13.1 + uses: anchore/sbom-action/download-syft@06e109483e6aa305a2b2395eabae554e51530e1d # v0.13.1 - name: Cache - uses: actions/cache@v3 + uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -56,17 +56,17 @@ jobs: - uses: chainguard-dev/actions/goimports@main - name: Run Mage - uses: magefile/mage-action@v2 + uses: magefile/mage-action@2c1951143e54356ebe6a0c6c971bae325b5b50f1 # v2.1.0 with: - version: v1.13.0 + version: v1.14.0 args: -v ci check-docs: name: check-docs runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3 - - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v3 + - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version-file: './go.mod' check-latest: true @@ -86,12 +86,12 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 + - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version-file: './go.mod' check-latest: true - - uses: actions/cache@v3 + - uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2 with: path: | ~/.cache/go-build @@ -100,6 +100,6 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1 with: - version: v1.48.0 + version: v1.50.1 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 55550875..bc2f1855 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -17,35 +17,35 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version-file: './go.mod' check-latest: true - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1 - name: Install GoReleaser - uses: goreleaser/goreleaser-action@v4.1.0 + uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0 with: install-only: true - name: Install cosign - uses: sigstore/cosign-installer@v2.8.1 + uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1 - name: Install syft - uses: anchore/sbom-action/download-syft@v0.13.1 + uses: anchore/sbom-action/download-syft@06e109483e6aa305a2b2395eabae554e51530e1d # v0.13.1 - name: Cache - uses: actions/cache@v3 + uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -64,16 +64,16 @@ jobs: git push origin "refs/tags/$tag" - name: Login to registry - uses: docker/login-action@v2 + uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 with: registry: quay.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Run Mage - uses: magefile/mage-action@v2 + uses: magefile/mage-action@2c1951143e54356ebe6a0c6c971bae325b5b50f1 # v2.1.0 with: - version: v1.13.0 + version: v1.14.0 args: -v release env: GITHUB_TOKEN: "${{ secrets.CI_TOKEN }}" diff --git a/.goreleaser.yml b/.goreleaser.yml index 065d6724..d08512c4 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -8,7 +8,7 @@ before: - go mod download sboms: -- artifacts: archive + - artifacts: archive builds: - main: cr/main.go @@ -41,7 +41,8 @@ builds: -X github.com/helm/chart-releaser/cr/cmd.BuildDate={{ .Date }} archives: - - format_overrides: + - rlcp: true + format_overrides: - goos: windows format: zip files: diff --git a/Dockerfile b/Dockerfile index 73df376d..0edf91c1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.16 +FROM alpine:3.17 RUN apk --no-cache add ca-certificates git diff --git a/build.sh b/build.sh deleted file mode 100755 index 678e87f3..00000000 --- a/build.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/env bash - -# Copyright The Helm Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -#     https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -readonly SCRIPT_DIR -SCRIPT_DIR=$(dirname "$(readlink -f "$0" || true)") - -show_help() { -cat << EOF -Usage: $(basename "$0") - -Build cr using Goreleaser. - - -h, --help Display help - -d, --debug Display verbose output and run Goreleaser with --debug - -r, --release Create a release using Goreleaser. This includes the creation - of a GitHub release and building and pushing the Docker image. - If this flag is not specified, Goreleaser is run with --snapshot -EOF -} - -main() { - local debug= - local release= - - while :; do - case "${1:-}" in - -h|--help) - show_help - exit - ;; - -d|--debug) - debug=true - ;; - -r|--release) - release=true - ;; - *) - break - ;; - esac - - shift - done - - local goreleaser_args=(--rm-dist) - - if [[ -n "$debug" ]]; then - goreleaser_args+=( --debug) - set -x - fi - - if [[ -z "$release" ]]; then - goreleaser_args+=( --snapshot) - fi - - pushd "$SCRIPT_DIR" > /dev/null - - go mod download - go test ./... -race - goreleaser "${goreleaser_args[@]}" - - popd > /dev/null -} - -main "$@" diff --git a/magefile.go b/magefile.go index 5367cb83..52848b64 100644 --- a/magefile.go +++ b/magefile.go @@ -30,10 +30,6 @@ import ( ) func Lint() error { - if err := sh.RunV("bash", "-c", "shopt -s globstar; shellcheck **/*.sh"); err != nil { - return err - } - // if running on CI we have a gh action to run it if os.Getenv("CI") == "" { if err := sh.RunV("golangci-lint", "run", "--timeout", "3m"); err != nil {