mirror of
https://github.com/caddyserver/caddy.git
synced 2026-02-09 01:59:21 +08:00
680f3fe209
Bumps the actions-deps group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.0` | | [github/ai-moderator](https://github.com/github/ai-moderator) | `1.1.2` | `1.1.4` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.1` | `2.13.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.0.0` | `6.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `5.0.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `8.0.0` | `9.1.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.0` | `4.8.2` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.10.0` | `4.0.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.6` | `0.20.10` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `4.0.0` | `4.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.30.5` | `4.31.6` | Updates `actions/checkout` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](08c6903cd8...1af3b93b68) Updates `github/ai-moderator` from 1.1.2 to 1.1.4 - [Release notes](https://github.com/github/ai-moderator/releases) - [Commits](6bcdb2a79c...81159c3707) Updates `step-security/harden-runner` from 2.13.1 to 2.13.2 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](f4a75cfd61...95d9a5deda) Updates `actions/setup-go` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](4469467582...4dc6199c7b) Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](ea165f8d65...330a01c490) Updates `golangci/golangci-lint-action` from 8.0.0 to 9.1.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](4afd733a84...e7fa5ac41e) Updates `actions/dependency-review-action` from 4.8.0 to 4.8.2 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](56339e523c...3c4e3dcb1a) Updates `sigstore/cosign-installer` from 3.10.0 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](d7543c93d8...faadad0cce) Updates `anchore/sbom-action` from 0.20.6 to 0.20.10 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](f8bdd1d8ac...fbfd9c6c18) Updates `peter-evans/repository-dispatch` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](5fc4efd1a4...28959ce8df) Updates `github/codeql-action` from 3.30.5 to 4.31.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](3599b3baa1...fe4161a26a) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: github/ai-moderator dependency-version: 1.1.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: step-security/harden-runner dependency-version: 2.13.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: actions/setup-go dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: golangci/golangci-lint-action dependency-version: 9.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/dependency-review-action dependency-version: 4.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: anchore/sbom-action dependency-version: 0.20.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: peter-evans/repository-dispatch dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 4.31.6 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>
250 lines
8.4 KiB
YAML
250 lines
8.4 KiB
YAML
# Used as inspiration: https://github.com/mvdan/github-actions-golang
|
|
|
|
name: Tests
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
- 2.*
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
- 2.*
|
|
|
|
env:
|
|
GOFLAGS: '-tags=nobadger,nomysql,nopgx'
|
|
# https://github.com/actions/setup-go/issues/491
|
|
GOTOOLCHAIN: local
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
test:
|
|
strategy:
|
|
# Default is true, cancels jobs for other platforms in the matrix if one fails
|
|
fail-fast: false
|
|
matrix:
|
|
os:
|
|
- linux
|
|
- mac
|
|
- windows
|
|
go:
|
|
- '1.25'
|
|
|
|
include:
|
|
# Set the minimum Go patch version for the given Go minor
|
|
# Usable via ${{ matrix.GO_SEMVER }}
|
|
- go: '1.25'
|
|
GO_SEMVER: '~1.25.0'
|
|
|
|
# Set some variables per OS, usable via ${{ matrix.VAR }}
|
|
# OS_LABEL: the VM label from GitHub Actions (see https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#standard-github-hosted-runners-for-public-repositories)
|
|
# CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing
|
|
# SUCCESS: the typical value for $? per OS (Windows/pwsh returns 'True')
|
|
- os: linux
|
|
OS_LABEL: ubuntu-latest
|
|
CADDY_BIN_PATH: ./cmd/caddy/caddy
|
|
SUCCESS: 0
|
|
|
|
- os: mac
|
|
OS_LABEL: macos-14
|
|
CADDY_BIN_PATH: ./cmd/caddy/caddy
|
|
SUCCESS: 0
|
|
|
|
- os: windows
|
|
OS_LABEL: windows-latest
|
|
CADDY_BIN_PATH: ./cmd/caddy/caddy.exe
|
|
SUCCESS: 'True'
|
|
|
|
runs-on: ${{ matrix.OS_LABEL }}
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
actions: write # to allow uploading artifacts and cache
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Install Go
|
|
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
|
with:
|
|
go-version: ${{ matrix.GO_SEMVER }}
|
|
check-latest: true
|
|
|
|
# These tools would be useful if we later decide to reinvestigate
|
|
# publishing test/coverage reports to some tool for easier consumption
|
|
# - name: Install test and coverage analysis tools
|
|
# run: |
|
|
# go get github.com/axw/gocov/gocov
|
|
# go get github.com/AlekSi/gocov-xml
|
|
# go get -u github.com/jstemmer/go-junit-report
|
|
# echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
|
|
|
|
- name: Print Go version and environment
|
|
id: vars
|
|
shell: bash
|
|
run: |
|
|
printf "Using go at: $(which go)\n"
|
|
printf "Go version: $(go version)\n"
|
|
printf "\n\nGo environment:\n\n"
|
|
go env
|
|
printf "\n\nSystem environment:\n\n"
|
|
env
|
|
printf "Git version: $(git version)\n\n"
|
|
# Calculate the short SHA1 hash of the git commit
|
|
echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
|
|
- name: Get dependencies
|
|
run: |
|
|
go get -v -t -d ./...
|
|
# mkdir test-results
|
|
|
|
- name: Build Caddy
|
|
working-directory: ./cmd/caddy
|
|
env:
|
|
CGO_ENABLED: 0
|
|
run: |
|
|
go build -trimpath -ldflags="-w -s" -v
|
|
|
|
- name: Smoke test Caddy
|
|
working-directory: ./cmd/caddy
|
|
run: |
|
|
./caddy start
|
|
./caddy stop
|
|
|
|
- name: Publish Build Artifact
|
|
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
|
with:
|
|
name: caddy_${{ runner.os }}_go${{ matrix.go }}_${{ steps.vars.outputs.short_sha }}
|
|
path: ${{ matrix.CADDY_BIN_PATH }}
|
|
compression-level: 0
|
|
|
|
# Commented bits below were useful to allow the job to continue
|
|
# even if the tests fail, so we can publish the report separately
|
|
# For info about set-output, see https://stackoverflow.com/questions/57850553/github-actions-check-steps-status
|
|
- name: Run tests
|
|
# id: step_test
|
|
# continue-on-error: true
|
|
run: |
|
|
# (go test -v -coverprofile=cover-profile.out -race ./... 2>&1) > test-results/test-result.out
|
|
go test -v -coverprofile="cover-profile.out" -short -race ./...
|
|
# echo "status=$?" >> $GITHUB_OUTPUT
|
|
|
|
# Relevant step if we reinvestigate publishing test/coverage reports
|
|
# - name: Prepare coverage reports
|
|
# run: |
|
|
# mkdir coverage
|
|
# gocov convert cover-profile.out > coverage/coverage.json
|
|
# # Because Windows doesn't work with input redirection like *nix, but output redirection works.
|
|
# (cat ./coverage/coverage.json | gocov-xml) > coverage/coverage.xml
|
|
|
|
# To return the correct result even though we set 'continue-on-error: true'
|
|
# - name: Coerce correct build result
|
|
# if: matrix.os != 'windows' && steps.step_test.outputs.status != ${{ matrix.SUCCESS }}
|
|
# run: |
|
|
# echo "step_test ${{ steps.step_test.outputs.status }}\n"
|
|
# exit 1
|
|
|
|
s390x-test:
|
|
name: test (s390x on IBM Z)
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
runs-on: ubuntu-latest
|
|
if: github.event.pull_request.head.repo.full_name == 'caddyserver/caddy' && github.actor != 'dependabot[bot]'
|
|
continue-on-error: true # August 2020: s390x VM is down due to weather and power issues
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
|
|
with:
|
|
egress-policy: audit
|
|
allowed-endpoints: ci-s390x.caddyserver.com:22
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Run Tests
|
|
run: |
|
|
set +e
|
|
mkdir -p ~/.ssh && echo -e "${SSH_KEY//_/\\n}" > ~/.ssh/id_ecdsa && chmod og-rwx ~/.ssh/id_ecdsa
|
|
|
|
# short sha is enough?
|
|
short_sha=$(git rev-parse --short HEAD)
|
|
|
|
# To shorten the following lines
|
|
ssh_opts="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
|
|
ssh_host="$CI_USER@ci-s390x.caddyserver.com"
|
|
|
|
# The environment is fresh, so there's no point in keeping accepting and adding the key.
|
|
rsync -arz -e "ssh $ssh_opts" --progress --delete --exclude '.git' . "$ssh_host":/var/tmp/"$short_sha"
|
|
ssh $ssh_opts -t "$ssh_host" bash <<EOF
|
|
cd /var/tmp/$short_sha
|
|
go version
|
|
go env
|
|
printf "\n\n"
|
|
retries=3
|
|
exit_code=0
|
|
while ((retries > 0)); do
|
|
CGO_ENABLED=0 go test -p 1 -v ./...
|
|
exit_code=$?
|
|
if ((exit_code == 0)); then
|
|
break
|
|
fi
|
|
echo "\n\nTest failed: \$exit_code, retrying..."
|
|
((retries--))
|
|
done
|
|
echo "Remote exit code: \$exit_code"
|
|
exit \$exit_code
|
|
EOF
|
|
test_result=$?
|
|
|
|
# There's no need leaving the files around
|
|
ssh $ssh_opts "$ssh_host" "rm -rf /var/tmp/'$short_sha'"
|
|
|
|
echo "Test exit code: $test_result"
|
|
exit $test_result
|
|
env:
|
|
SSH_KEY: ${{ secrets.S390X_SSH_KEY }}
|
|
CI_USER: ${{ secrets.CI_USER }}
|
|
|
|
goreleaser-check:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
if: github.event.pull_request.head.repo.full_name == 'caddyserver/caddy' && github.actor != 'dependabot[bot]'
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
|
|
with:
|
|
version: latest
|
|
args: check
|
|
- name: Install Go
|
|
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
|
with:
|
|
go-version: "~1.25"
|
|
check-latest: true
|
|
- name: Install xcaddy
|
|
run: |
|
|
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
|
|
xcaddy version
|
|
- uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
|
|
with:
|
|
version: latest
|
|
args: build --single-target --snapshot
|
|
env:
|
|
TAG: ${{ github.head_ref || github.ref_name }}
|