chore(deps): update step-security/harden-runner action to v2.10.3 #418
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Verify | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| packages: read | |
| id-token: write | |
| env: | |
| GO111MODULE: "on" | |
| jobs: | |
| conform: | |
| runs-on: ubuntu-latest | |
| name: Conform | |
| steps: | |
| - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: siderolabs/conform@6380738b7fdfc68b208ce0674c4ac1ba314ba600 # v0.1.0-alpha.27 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| lint_provider: | |
| runs-on: ubuntu-latest | |
| name: Lint Provider | |
| strategy: | |
| max-parallel: 4 | |
| matrix: | |
| go-version: [1.23.x] | |
| golangci-lint-version: [v1.60.3] | |
| steps: | |
| - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
| with: | |
| go-version: "${{ matrix.go-version }}" | |
| - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
| with: | |
| version: "${{ matrix.golangci-lint-version }}" | |
| args: -c .golangci.yml | |
| skip-cache: true | |
| skip-save-cache: true | |
| - run: | | |
| go vet ./... | |
| test: | |
| runs-on: ubuntu-latest | |
| name: Unit Tests | |
| strategy: | |
| max-parallel: 4 | |
| matrix: | |
| go-version: [1.23.x] | |
| steps: | |
| - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
| with: | |
| go-version: "${{ matrix.go-version }}" | |
| - run: | | |
| make test | |
| - run: | | |
| go install github.com/mattn/goveralls@latest | |
| goveralls -coverprofile=covprofile -service=github | |
| env: | |
| COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| dockerfile_lint: | |
| runs-on: ubuntu-latest | |
| name: Lint Dockerfile | |
| steps: | |
| - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | |
| with: | |
| dockerfile: Dockerfile | |
| build: | |
| runs-on: ubuntu-latest | |
| name: Build Provider and Container | |
| needs: | |
| - lint_provider | |
| - dockerfile_lint | |
| - test | |
| strategy: | |
| max-parallel: 4 | |
| matrix: | |
| go-version: [1.23.x] | |
| steps: | |
| - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
| with: | |
| go-version: "${{ matrix.go-version }}" | |
| - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
| - uses: anchore/sbom-action/download-syft@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 | |
| - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 | |
| - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
| - uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0 | |
| with: | |
| args: -p 3 release --snapshot --clean --skip=publish --timeout 60m0s | |
| version: latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CI_COMMIT_TIMESTAMP: ${{ github.event.pull_request.updated_at }} | |
| CI_COMMIT_SHA: ${{ github.sha }} | |
| CI_COMMIT_TAG: ${{ github.sha }}-dev |