Skip to content
Nais CLI

build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 #2269

Sign in to view logs

build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4

build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 #2269

Workflow file for this run

.github/workflows/build.yaml at e780fd1
name: Nais CLI
on:
pull_request:
types: [opened, reopened, synchronize]
push:
branches: [main]
paths-ignore: ["**.md"]
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
release-info:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
outputs:
version: ${{ steps.release-info.outputs.version }}
changelog: ${{ steps.release-info.outputs.changelog }}
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # ratchet:actions/checkout@v6
with:
fetch-depth: 0
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # ratchet:jdx/mise-action@v3
- id: release-info
run: mise run ci:release-info
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IS_FORK: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
checks:
strategy:
matrix:
mise-task:
- check:deadcode
- check:govet
- check:govulncheck
- check:staticcheck
- ci:fmt
- test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # ratchet:actions/checkout@v6
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # ratchet:jdx/mise-action@v3
- run: mise run ${{ matrix.mise-task }}
builds:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch: [amd64, arm64]
os: [windows, linux, darwin]
needs: [release-info]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # ratchet:actions/checkout@v6
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # ratchet:jdx/mise-action@v3
- env:
VERSION: ${{ needs.release-info.outputs.version }}
GOOS: ${{ matrix.os }}
GOARCH: ${{ matrix.arch }}
SIGN_CERT: ${{ secrets.SIGN_CERT }}
SIGN_KEY: ${{ secrets.SIGN_KEY }}
run: mise run ci:build
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # ratchet:actions/upload-artifact@v5
with:
name: archive-${{ matrix.os }}-${{ matrix.arch }}
path: nais-cli_${{ matrix.os }}_${{ matrix.arch }}.tgz
if-no-files-found: error
package-deb:
runs-on: ubuntu-latest
strategy:
matrix:
arch: [amd64, arm64]
needs: [release-info]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # ratchet:actions/checkout@v6
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # ratchet:jdx/mise-action@v3
- env:
VERSION: ${{ needs.release-info.outputs.version }}
GOARCH: ${{ matrix.arch }}
run: mise run package-deb
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # ratchet:actions/upload-artifact@v5
with:
name: deb-${{ matrix.arch }}
path: nais-cli_${{ matrix.arch }}.deb
if-no-files-found: error
# Used by GitHub to determine if all checks/builds have passed
branch-protection-checkpoint:
runs-on: ubuntu-latest
needs: [checks, builds, package-deb]
if: ${{ always() }}
steps:
- if: ${{ needs.checks.result != 'success' || needs.builds.result != 'success' }}
run: exit 1
- run: echo "All checks and builds passed."
release-github:
permissions:
contents: write
if: github.ref == 'refs/heads/main' && needs.release-info.outputs.changelog != '' && needs.release-info.outputs.version != ''
runs-on: ubuntu-latest
needs: [release-info, branch-protection-checkpoint]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # ratchet:actions/checkout@v6
with:
fetch-depth: 0
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # ratchet:jdx/mise-action@v3
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # ratchet:actions/download-artifact@v6
with:
merge-multiple: true
path: release_artifacts
- run: mise run ci:generate-checksums ./release_artifacts/ > ./release_artifacts/checksums.txt
# TODO: revert to v2 when outputs.assets outputs tagged urls instead of untagged ones
- uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # ratchet:softprops/action-gh-release@v2.4.2
id: release
with:
tag_name: v${{ needs.release-info.outputs.version }}
body: ${{ needs.release-info.outputs.changelog }}
prerelease: false
files: ./release_artifacts/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- env:
VERSION: ${{ needs.release-info.outputs.version }}
run: |
echo '${{ steps.release.outputs.assets }}' > assets.json
mise run ci:prepare-template-vars ./release_artifacts/checksums.txt ./assets.json -v > template.vars
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # ratchet:actions/upload-artifact@v5
with:
name: template-vars
path: ./template.vars
if-no-files-found: error
- run: |
echo "## :rocket: Release v${{ needs.release-info.outputs.version }}" >> $GITHUB_STEP_SUMMARY
echo "A new release is available over at https://github.com/${{ github.repository }}/releases/tag/v${{ needs.release-info.outputs.version }}." >> $GITHUB_STEP_SUMMARY
release-gar:
if: github.ref == 'refs/heads/main'
needs: [release-github]
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # ratchet:actions/checkout@v6
- id: auth
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # ratchet:google-github-actions/auth@v3
with:
workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }}
service_account: gh-cli@nais-io.iam.gserviceaccount.com
token_format: access_token
- uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # ratchet:google-github-actions/setup-gcloud@v3
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # ratchet:actions/download-artifact@v6
with:
name: deb-arm64
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # ratchet:actions/download-artifact@v6
with:
name: deb-amd64
- name: Upload new deb file to Google repository
run: |
gcloud --project nais-io artifacts apt upload nais-ppa --quiet --source nais-cli_arm64.deb --location europe-north1
gcloud --project nais-io artifacts apt upload nais-ppa --quiet --source nais-cli_amd64.deb --location europe-north1
release-external-repos:
if: github.ref == 'refs/heads/main'
needs: [release-github]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
target:
- repo: nais/nur
file: pkgs/nais-cli.nix
- repo: nais/scoop-bucket
file: nais-cli.json
- repo: nais/homebrew-tap
file: Formula/nais.rb
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # ratchet:actions/checkout@v6
- uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # ratchet:jdx/mise-action@v3
- uses: navikt/github-app-token-generator@b96ff604b2300989cd1105e3fad09199fca56681 # ratchet:navikt/github-app-token-generator@v1
id: token
with:
private-key: "${{ secrets.NAIS_APP_PRIVATE_KEY }}"
app-id: "${{ secrets.NAIS_APP_ID }}"
repo: ${{ matrix.target.repo }}
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # ratchet:actions/download-artifact@v6
with:
name: template-vars
- timeout-minutes: 1
env:
GH_TOKEN: ${{ steps.token.outputs.token }}
run: mise run ci:create-package-manager-pr "${{ matrix.target.repo }}" "${{ matrix.target.file }}"