fix(deps): update module golang.org/x/net to v0.33.0 [security] #128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Vespa CLI - Build and Publish | |
on: | |
push: | |
tags: | |
- v* | |
pull_request: | |
branches: | |
- master | |
paths: | |
- .github/workflows/publish-cli.yml | |
- client/go/** | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'The version to build and publish, it MUST be a tag in this repository without the "v" prefix.' | |
required: true | |
type: string | |
defaults: | |
run: | |
# Specify to ensure "pipefail and errexit" are set. | |
# Ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#defaultsrunshell | |
shell: bash | |
jobs: | |
prepare: | |
runs-on: ubuntu-latest | |
outputs: | |
changes-detected: ${{ steps.check-diff.outputs.has-changes }} | |
build-version: ${{ steps.meta.outputs.version }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Fetch all history for git operations. | |
- name: Define Build Version | |
id: meta | |
run: | | |
if [[ "${{ github.event_name }}" == "push" && "${{ startswith(github.ref, 'refs/tags/v') }}" == "true" ]]; then | |
# Remove the "v" prefix from the tag. | |
BUILD_VERSION="${GITHUB_REF_NAME#*v}" | |
elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
BUILD_VERSION="${{ github.event.inputs.version }}" | |
else | |
BUILD_VERSION="0.0.0-dev_${{ github.run_number }}" | |
fi | |
echo "version=${BUILD_VERSION}" >> "${GITHUB_OUTPUT}" | |
- name: Check for Changes | |
id: check-diff | |
env: | |
VERSION_PATTERN: '^v8\.' # We need the 8 prefix or else "vespa-7." will match and sort before "v8.x.y" | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
set -x | |
# Checks for changes since the last release. | |
new_tag="v${{ steps.meta.outputs.version }}" | |
previous_tag=$(gh release list --exclude-drafts --exclude-pre-releases --json tagName --jq '.[] | .tagName' | grep -E "${VERSION_PATTERN}" | head -n 1) | |
# If the previous tag and the current tag are the same, there are no changes. | |
if [[ "${previous_tag}" == "${new_tag}" ]]; then | |
echo "No changes detected between ${previous_tag} and ${new_tag}." | |
echo "has-changes=false" >> "${GITHUB_OUTPUT}" | |
exit 0 | |
fi | |
# Detect if we are using a dev version (starts with "0.0.0-dev"). | |
if [[ "${new_tag:0:}" == "0.0.0-dev" ]]; then | |
echo "Dev version being used, skipping check for changes." | |
echo "has-changes=false" >> "${GITHUB_OUTPUT}" | |
exit 0 | |
fi | |
# Git will return a non-zero exit code if there are changes. | |
if git diff --quiet "${previous_tag}" "${new_tag}" -- client/go; then | |
echo "No changes detected between ${previous_tag} and ${new_tag}." | |
echo "has-changes=false" >> "${GITHUB_OUTPUT}" | |
exit 0 | |
fi | |
echo "Changes detected between ${previous_tag} and ${new_tag}." | |
echo "has-changes=true" >> "${GITHUB_OUTPUT}" | |
build-test: | |
runs-on: ubuntu-latest | |
needs: | |
- prepare | |
defaults: | |
run: | |
# This workflow only interacts with the client/go directory, so we can set the working directory here. | |
working-directory: client/go | |
env: | |
VERSION: ${{ needs.prepare.outputs.build-version }} | |
HAS_CHANGES: ${{ needs.prepare.outputs.changes-detected }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
- name: build | |
run: | | |
make clean dist | |
- name: test | |
run: | | |
make test | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: vespa-cli | |
path: client/go/dist | |
retention-days: 1 | |
publish: | |
runs-on: macos-latest | |
# Publish if there are changes detected or if the workflow was manually triggered. | |
if: (github.event_name == 'push' && needs.prepare.outputs.changes-detected == 'true') || (github.event_name == 'workflow_dispatch') | |
needs: | |
- prepare | |
- build-test | |
permissions: | |
contents: write | |
defaults: | |
run: | |
# This workflow only interacts with the client/go directory, so we can set the working directory here. | |
working-directory: client/go | |
env: | |
VERSION: ${{ needs.prepare.outputs.build-version }} | |
steps: | |
- name: Checkout Repository at tagged version | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# Prefix the version with "v" to checkout the tag. | |
ref: "v${{ needs.prepare.outputs.build-version }}" | |
- uses: actions/download-artifact@v4 | |
with: | |
name: vespa-cli | |
path: client/go/dist | |
- name: install-dependencies | |
env: | |
HOMEBREW_NO_ANALYTICS: 1 | |
HOMEBREW_NO_AUTO_UPDATE: 1 | |
HOMEBREW_NO_INSTALL_CLEANUP: 1 | |
run: | | |
brew install --quiet coreutils gh zip go | |
- name: Publish to GitHub Releases | |
id: github-release | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
# Release to Github directly, bypassing the diff check as we already perform this check in the "prepare" job. | |
make -- --dist-github | |
release_url="$(cat /tmp/vespa-cli-release-url.txt)" | |
echo "release-url=${release_url}" > "${GITHUB_OUTPUT}" | |
- name: Publish to Homebrew | |
if: steps.github-release.outputs.release-url != '' | |
env: | |
GITHUB_RELEASE_URL: ${{ steps.github-release.outputs.release-url }} | |
HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} | |
run: | | |
# Release to Homebrew directly, bypassing the diff check as we already perform this check in the "prepare" job. | |
make -- --dist-homebrew | |
- name: Install via Homebrew | |
if: steps.github-release.outputs.release-url != '' | |
run: | | |
make install-brew |