Bump golang.org/x/crypto from 0.28.0 to 0.31.0 #9861
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
pull_request: | |
merge_group: | |
push: | |
branches: | |
- master | |
- release/** | |
issue_comment: | |
types: [created, edited] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
member: | |
name: Check whether it is triggered by team members with issue_comment or push or pull_request | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' || github.event_name == 'pull_request' || startsWith(github.event.comment.body, '/runsim') | |
outputs: | |
valid: ${{ steps.setValid.outputs.valid }} | |
steps: | |
- uses: tspascoal/get-user-teams-membership@v2 | |
id: checkUserMember | |
if: github.event_name == 'issue_comment' | |
with: | |
username: ${{ github.actor }} | |
team: 'maintainers' | |
GITHUB_TOKEN: ${{ secrets.ORG_READ_BOT_PAT }} | |
- name: set valid if it is push/pull_request event or check if it is triggered by team members with issue_comment | |
id: setValid | |
run: | | |
if [[ "${{ steps.checkUserMember.outputs.isTeamMember }}" == "true" ]]; then | |
echo "valid=true" >> $GITHUB_OUTPUT | |
elif [[ "${{ github.event_name }}" == "push" || "${{ github.event_name }}" == "pull_request" ]]; then | |
echo "valid=true" >> $GITHUB_OUTPUT | |
else | |
echo "valid=false" >> $GITHUB_OUTPUT | |
fi | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
needs: [member] | |
permissions: | |
pull-requests: write | |
timeout-minutes: 10 | |
if: needs.member.outputs.valid == 'true' | |
outputs: | |
repo_name: ${{ steps.pr_data.outputs.repo_name }} | |
ref: ${{ steps.pr_data.outputs.ref }} | |
steps: | |
- name: Comment PR for Sim test started | |
uses: crypto-org-chain/actions-pull-request-add-comment@master | |
if: github.event_name == 'issue_comment' | |
with: | |
message: | | |
Simulation tests started and triggered by `/runsim`. | |
Will update here when it succeeds or fails. | |
Can further check progress [here](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Github API Request | |
id: request | |
uses: octokit/[email protected] | |
if: github.event_name == 'issue_comment' | |
with: | |
route: ${{ github.event.issue.pull_request.url }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get Comment PR informations | |
id: pr_data | |
if: github.event_name == 'issue_comment' | |
env: | |
COMMENT_BODY: ${{ github.event.comment.body }} | |
COMMENT_DATE: ${{ github.event.comment.created_at }} | |
run: | | |
PR_PUSHED_AT="${{ fromJson(steps.request.outputs.data).pushed_at }}" | |
comment_hash=`echo "$COMMENT_BODY" | cut -d' ' -f2` # get commit hash if any | |
if [[ "${comment_hash}" == "/runsim" ]]; then | |
# use default head ref, if the PR hasn't changed since the comment | |
if [[ $(date -d "$PR_PUSHED_AT" +%s) -gt $(date -d "$COMMENT_AT" +%s) ]]; then | |
echo "The PR has changed since the comment, and is therefore not safe to use. Exiting." | |
exit 1 | |
fi | |
echo "ref=${{ fromJson(steps.request.outputs.data).head.sha }}" >> $GITHUB_OUTPUT | |
else | |
# use comment provided ref | |
echo "ref=${comment_hash}" >> $GITHUB_OUTPUT | |
fi | |
- name: Set up Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.22 | |
- name: Checkout Comment PR Branch | |
uses: actions/checkout@v4 | |
if: github.event_name == 'issue_comment' | |
with: | |
submodules: true | |
persist-credentials: false | |
token: ${{ secrets.GITHUB_TOKEN }} | |
ref: ${{ steps.pr_data.outputs.ref }} | |
- name: Normal check out code | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
submodules: true | |
if: github.event_name == 'push' || github.event_name == 'pull_request' | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
**/*.go | |
go.mod | |
go.sum | |
- name: Set GOBIN | |
run: | | |
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH | |
- name: build | |
if: | | |
steps.changed-files.outputs.any_changed == 'true' || github.event_name == 'issue_comment' | |
run: make build | |
- name: test | |
run: make test | |
if: "steps.changed-files.outputs.any_changed == 'true' || github.event_name == 'issue_comment'" | |
- name: Upload coverage report | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
file: ./coverage.txt | |
flags: unit_tests | |
- name: Create file status_build.txt and write the job status into it | |
if: github.event_name == 'issue_comment' | |
run: | | |
echo ${{ job.status }} > status_build.txt | |
- name: Upload file status_build.txt as an artifact | |
if: github.event_name == 'issue_comment' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: pass_status_build | |
path: status_build.txt | |
build-rocksdb: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest] | |
runs-on: ${{ matrix.os }} | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: cachix/install-nix-action@v23 | |
with: | |
nix_path: nixpkgs=channel:nixos-22.11 | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
**/*.go | |
go.mod | |
go.sum | |
- uses: cachix/cachix-action@v12 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
name: crypto-com | |
# github don't pass secrets for pull request from fork repos, | |
# in that case the push is disabled naturally. | |
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
- name: Run build | |
run: ./scripts/release.sh | |
if: steps.changed-files.outputs.any_changed == 'true' | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: "chain-maind-tarball-${{ matrix.os }}" | |
path: "*.tar.gz" | |
if-no-files-found: ignore | |
install-runsim: | |
runs-on: ubuntu-latest | |
needs: build | |
if: github.event_name == 'push' || github.event_name == 'issue_comment' | |
steps: | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: 1.22 | |
- name: install runsim | |
run: | | |
export GO111MODULE="on" && go install github.com/cosmos/tools/cmd/[email protected] | |
- uses: actions/[email protected] | |
with: | |
path: ~/go/bin | |
key: ${{ runner.os }}-go-runsim-binary | |
- name: Create file status_install.txt and write the job status into it | |
if: github.event_name == 'issue_comment' | |
run: | | |
echo ${{ job.status }} > status_install.txt | |
- name: Upload file status_install.txt as an artifact | |
if: github.event_name == 'issue_comment' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: pass_status_install | |
path: status_install.txt | |
test-sim-nondeterminism: | |
runs-on: ubuntu-latest | |
needs: [build, install-runsim] | |
steps: | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: 1.22 | |
- name: Checkout Comment PR Branch | |
uses: actions/checkout@v4 | |
if: github.event_name == 'issue_comment' | |
with: | |
submodules: true | |
persist-credentials: false | |
token: ${{ secrets.GITHUB_TOKEN }} | |
ref: ${{ needs.build.outputs.ref }} | |
- name: Normal check out code | |
uses: actions/checkout@v4 | |
if: github.event_name == 'push' || github.event_name == 'pull_request' | |
with: | |
submodules: true | |
persist-credentials: false | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
**/*.go | |
go.mod | |
go.sum | |
- uses: actions/[email protected] | |
with: | |
path: ~/go/bin | |
key: ${{ runner.os }}-go-runsim-binary | |
if: "steps.changed-files.outputs.any_changed == 'true' || github.event_name == 'issue_comment'" | |
- name: test-sim-nondeterminism | |
run: | | |
make test-sim-nondeterminism | |
if: "steps.changed-files.outputs.any_changed == 'true' || github.event_name == 'issue_comment'" | |
- name: Create file status_sim1.txt and write the job status into it | |
if: github.event_name == 'issue_comment' | |
run: | | |
echo ${{ job.status }} > status_sim1.txt | |
- name: Upload file status_sim1.txt as an artifact | |
if: github.event_name == 'issue_comment' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: pass_status_sim1 | |
path: status_sim1.txt | |
test-sim-import-export: | |
runs-on: ubuntu-latest | |
needs: [build, install-runsim] | |
steps: | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: 1.22 | |
- name: Checkout Comment PR Branch | |
uses: actions/checkout@v4 | |
if: github.event_name == 'issue_comment' | |
with: | |
submodules: true | |
persist-credentials: false | |
token: ${{ secrets.GITHUB_TOKEN }} | |
ref: ${{ needs.build.outputs.ref }} | |
- name: Normal check out code | |
uses: actions/checkout@v4 | |
if: github.event_name == 'push' || github.event_name == 'pull_request' | |
with: | |
submodules: true | |
persist-credentials: false | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
**/*.go | |
go.mod | |
go.sum | |
- uses: actions/[email protected] | |
with: | |
path: ~/go/bin | |
key: ${{ runner.os }}-go-runsim-binary | |
if: "steps.changed-files.outputs.any_changed == 'true' || github.event_name == 'issue_comment'" | |
- name: test-sim-import-export | |
run: | | |
make test-sim-import-export | |
if: "steps.changed-files.outputs.any_changed == 'true' || github.event_name == 'issue_comment'" | |
- name: Create file status_sim2.txt and write the job status into it | |
if: github.event_name == 'issue_comment' | |
run: | | |
echo ${{ job.status }} > status_sim2.txt | |
- name: Upload file status_sim2.txt as an artifact | |
if: github.event_name == 'issue_comment' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: pass_status_sim2 | |
path: status_sim2.txt | |
test-sim-after-import: | |
runs-on: ubuntu-latest | |
needs: [build, install-runsim] | |
steps: | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: 1.22 | |
- name: Checkout Comment PR Branch | |
uses: actions/checkout@v4 | |
if: github.event_name == 'issue_comment' | |
with: | |
submodules: true | |
persist-credentials: false | |
token: ${{ secrets.GITHUB_TOKEN }} | |
ref: ${{ needs.build.outputs.ref }} | |
- name: Normal check out code | |
uses: actions/checkout@v4 | |
if: github.event_name == 'push' || github.event_name == 'pull_request' | |
with: | |
submodules: true | |
persist-credentials: false | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
**/*.go | |
go.mod | |
go.sum | |
- uses: actions/[email protected] | |
with: | |
path: ~/go/bin | |
key: ${{ runner.os }}-go-runsim-binary | |
if: "steps.changed-files.outputs.any_changed == 'true' || github.event_name == 'issue_comment'" | |
- name: test-sim-after-import | |
run: | | |
make test-sim-after-import | |
if: "steps.changed-files.outputs.any_changed == 'true' || github.event_name == 'issue_comment'" | |
- name: Create file status_sim3.txt and write the job status into it | |
if: github.event_name == 'issue_comment' | |
run: | | |
echo ${{ job.status }} > status_sim3.txt | |
- name: Upload file status_sim3.txt as an artifact | |
if: github.event_name == 'issue_comment' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: pass_status_sim3 | |
path: status_sim3.txt | |
report-status-pr: | |
runs-on: ubuntu-latest | |
needs: [member, test-sim-nondeterminism, test-sim-import-export, test-sim-after-import] | |
permissions: | |
pull-requests: write | |
if: always() && github.event_name == 'issue_comment' && needs.member.outputs.valid == 'true' | |
steps: | |
- name: Download artifact pass_status_build | |
uses: actions/[email protected] | |
continue-on-error: true | |
with: | |
name: pass_status_build | |
- name: Download artifact pass_status_install | |
uses: actions/[email protected] | |
continue-on-error: true | |
with: | |
name: pass_status_install | |
- name: Download artifact pass_status_sim1 | |
uses: actions/[email protected] | |
continue-on-error: true | |
with: | |
name: pass_status_sim1 | |
- name: Download artifact pass_status_sim2 | |
uses: actions/[email protected] | |
continue-on-error: true | |
with: | |
name: pass_status_sim2 | |
- name: Download artifact pass_status_sim3 | |
uses: actions/[email protected] | |
continue-on-error: true | |
with: | |
name: pass_status_sim3 | |
- name: Set the statuses of Jobs as output parameters | |
id: set_outputs | |
continue-on-error: true | |
run: | | |
echo "status_job01=$(<pass_status_build/status_build.txt)" >> $GITHUB_OUTPUT | |
echo "status_job02=$(<pass_status_install/status_install.txt)" >> $GITHUB_OUTPUT | |
echo "status_job03=$(<pass_status_sim1/status_sim1.txt)" >> $GITHUB_OUTPUT | |
echo "status_job04=$(<pass_status_sim2/status_sim2.txt)" >> $GITHUB_OUTPUT | |
echo "status_job05=$(<pass_status_sim3/status_sim3.txt)" >> $GITHUB_OUTPUT | |
- name: The sim jobs has succeed | |
uses: crypto-org-chain/actions-pull-request-add-comment@master | |
if: >- | |
steps.set_outputs.outputs.status_job01 == 'success' && steps.set_outputs.outputs.status_job02 == 'success' | |
&& steps.set_outputs.outputs.status_job03 == 'success' && steps.set_outputs.outputs.status_job04 == 'success' | |
&& steps.set_outputs.outputs.status_job05 == 'success' | |
with: | |
message: | | |
✅ `/runsim` simulation test has succeeded 🎉 | |
Can further check [here](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: The sim jobs has failed | |
uses: crypto-org-chain/actions-pull-request-add-comment@master | |
if: >- | |
steps.set_outputs.outputs.status_job01 != 'success' || steps.set_outputs.outputs.status_job02 != 'success' | |
|| steps.set_outputs.outputs.status_job03 != 'success' || steps.set_outputs.outputs.status_job04 != 'success' | |
|| steps.set_outputs.outputs.status_job05 != 'success' | |
with: | |
message: | | |
❌ `/runsim` simulation test has failed 😅 | |
Can further check [here](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
gomod2nix: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' || github.event_name == 'pull_request' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- id: changed-files | |
uses: tj-actions/changed-files@v41 | |
with: | |
files: | | |
go.mod | |
go.sum | |
- uses: cachix/install-nix-action@v23 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: update gomod2nix | |
run: nix run .#update-gomod2nix | |
if: steps.changed-files.outputs.any_changed == 'true' | |
- name: check working directory is clean | |
id: changes | |
run: | | |
set +e | |
(git diff --no-ext-diff --exit-code) | |
echo "changed=$?" >> $GITHUB_OUTPUT | |
- uses: actions/upload-artifact@v3 | |
if: steps.changes.outputs.changed == 1 | |
with: | |
name: gomod2nix.toml | |
path: ./gomod2nix.toml | |
- if: steps.changes.outputs.changed == 1 | |
run: echo "Working directory is dirty" && exit 1 |