Merge pull request #53 from bytemare/update-ci

update ci
bytemare · Apr 30, 2024 · 743931c · 743931c
2 parents 4b4ec2e + 213dbd5
commit 743931c
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 8 deletions.
diff --git a/.github/Makefile b/.github/Makefile
@@ -1,11 +1,9 @@
 .PHONY: update
 update:
 	@echo "Updating dependencies..."
-	@cd ../ && go get -u
+	@cd ../ && go get -u ./...
 	@pwd
 	@go mod tidy
-	@echo "Updating Github Actions pins..."
-	@$(foreach file, $(wildcard workflows/*.yml), pin-github-action $(file);)
 
 .PHONY: update-linters
 update-linters:

diff --git a/.github/dependency-review.yml b/.github/dependency-review.yml
@@ -0,0 +1,27 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
+        with:
+          egress-policy: block
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,7 +17,11 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
-            api.github.com:443 github.com:443 proxy.golang.org:443 objects.githubusercontent.com:443 raw.githubusercontent.com:443
+            api.github.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            proxy.golang.org:443
+            raw.githubusercontent.com:443
 
       - name: Checkout repo
         uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f
@@ -30,7 +34,7 @@ jobs:
 
       # Linting
       - name: Linting
-        uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc
+        uses: golangci/golangci-lint-action@692c9c9dba385536b59da68da5aef1775a6f94ea
         with:
           version: latest
           args: --config=./.github/.golangci.yml ./...
@@ -49,7 +53,10 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
-            github.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443
+            github.com:443
+            proxy.golang.org:443
+            storage.googleapis.com:443
+            sum.golang.org:443
 
       - name: Checkout repo
         uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f
@@ -73,7 +80,16 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
-            api.codecov.io:443 api.github.com:443 cli.codecov.io:443 ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443 github.com:443 proxy.golang.org:443 objects.githubusercontent.com:443 scanner.sonarcloud.io:443 sonarcloud.io:443 storage.googleapis.com:443
+            api.codecov.io:443
+            api.github.com:443
+            cli.codecov.io:443
+            ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            proxy.golang.org:443
+            scanner.sonarcloud.io:443
+            sonarcloud.io:443
+            storage.googleapis.com:443
 
       - name: Checkout repo
         uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f
@@ -104,4 +120,11 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         with:
           args: >
-            -Dsonar.organization=bytemare-github -Dsonar.projectKey=bytemare_hash2curve -Dsonar.go.coverage.reportPaths=.github/coverage.out -Dsonar.sources=. -Dsonar.test.exclusions=tests/** -Dsonar.coverage.exclusions=tests/** -Dsonar.tests=tests/ -Dsonar.verbose=true
+            -Dsonar.organization=bytemare-github
+            -Dsonar.projectKey=bytemare_hash2curve
+            -Dsonar.go.coverage.reportPaths=.github/coverage.out
+            -Dsonar.sources=.
+            -Dsonar.test.exclusions=tests/**
+            -Dsonar.coverage.exclusions=tests/**
+            -Dsonar.tests=tests/
+            -Dsonar.verbose=true