Skip to content

fix(deps): update module golang.org/x/net to v0.33.0 [security] #128

fix(deps): update module golang.org/x/net to v0.33.0 [security]

fix(deps): update module golang.org/x/net to v0.33.0 [security] #128

Workflow file for this run

name: Vespa CLI - Build and Publish
on:
push:
tags:
- v*
pull_request:
branches:
- master
paths:
- .github/workflows/publish-cli.yml
- client/go/**
workflow_dispatch:
inputs:
version:
description: 'The version to build and publish, it MUST be a tag in this repository without the "v" prefix.'
required: true
type: string
defaults:
run:
# Specify to ensure "pipefail and errexit" are set.
# Ref: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#defaultsrunshell
shell: bash
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
changes-detected: ${{ steps.check-diff.outputs.has-changes }}
build-version: ${{ steps.meta.outputs.version }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all history for git operations.
- name: Define Build Version
id: meta
run: |
if [[ "${{ github.event_name }}" == "push" && "${{ startswith(github.ref, 'refs/tags/v') }}" == "true" ]]; then
# Remove the "v" prefix from the tag.
BUILD_VERSION="${GITHUB_REF_NAME#*v}"
elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
BUILD_VERSION="${{ github.event.inputs.version }}"
else
BUILD_VERSION="0.0.0-dev_${{ github.run_number }}"
fi
echo "version=${BUILD_VERSION}" >> "${GITHUB_OUTPUT}"
- name: Check for Changes
id: check-diff
env:
VERSION_PATTERN: '^v8\.' # We need the 8 prefix or else "vespa-7." will match and sort before "v8.x.y"
GH_TOKEN: ${{ github.token }}
run: |
set -x
# Checks for changes since the last release.
new_tag="v${{ steps.meta.outputs.version }}"
previous_tag=$(gh release list --exclude-drafts --exclude-pre-releases --json tagName --jq '.[] | .tagName' | grep -E "${VERSION_PATTERN}" | head -n 1)
# If the previous tag and the current tag are the same, there are no changes.
if [[ "${previous_tag}" == "${new_tag}" ]]; then
echo "No changes detected between ${previous_tag} and ${new_tag}."
echo "has-changes=false" >> "${GITHUB_OUTPUT}"
exit 0
fi
# Detect if we are using a dev version (starts with "0.0.0-dev").
if [[ "${new_tag:0:}" == "0.0.0-dev" ]]; then
echo "Dev version being used, skipping check for changes."
echo "has-changes=false" >> "${GITHUB_OUTPUT}"
exit 0
fi
# Git will return a non-zero exit code if there are changes.
if git diff --quiet "${previous_tag}" "${new_tag}" -- client/go; then
echo "No changes detected between ${previous_tag} and ${new_tag}."
echo "has-changes=false" >> "${GITHUB_OUTPUT}"
exit 0
fi
echo "Changes detected between ${previous_tag} and ${new_tag}."
echo "has-changes=true" >> "${GITHUB_OUTPUT}"
build-test:
runs-on: ubuntu-latest
needs:
- prepare
defaults:
run:
# This workflow only interacts with the client/go directory, so we can set the working directory here.
working-directory: client/go
env:
VERSION: ${{ needs.prepare.outputs.build-version }}
HAS_CHANGES: ${{ needs.prepare.outputs.changes-detected }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- name: build
run: |
make clean dist
- name: test
run: |
make test
- uses: actions/upload-artifact@v4
with:
name: vespa-cli
path: client/go/dist
retention-days: 1
publish:
runs-on: macos-latest
# Publish if there are changes detected or if the workflow was manually triggered.
if: (github.event_name == 'push' && needs.prepare.outputs.changes-detected == 'true') || (github.event_name == 'workflow_dispatch')
needs:
- prepare
- build-test
permissions:
contents: write
defaults:
run:
# This workflow only interacts with the client/go directory, so we can set the working directory here.
working-directory: client/go
env:
VERSION: ${{ needs.prepare.outputs.build-version }}
steps:
- name: Checkout Repository at tagged version
uses: actions/checkout@v4
with:
fetch-depth: 0
# Prefix the version with "v" to checkout the tag.
ref: "v${{ needs.prepare.outputs.build-version }}"
- uses: actions/download-artifact@v4
with:
name: vespa-cli
path: client/go/dist
- name: install-dependencies
env:
HOMEBREW_NO_ANALYTICS: 1
HOMEBREW_NO_AUTO_UPDATE: 1
HOMEBREW_NO_INSTALL_CLEANUP: 1
run: |
brew install --quiet coreutils gh zip go
- name: Publish to GitHub Releases
id: github-release
env:
GH_TOKEN: ${{ github.token }}
run: |
# Release to Github directly, bypassing the diff check as we already perform this check in the "prepare" job.
make -- --dist-github
release_url="$(cat /tmp/vespa-cli-release-url.txt)"
echo "release-url=${release_url}" > "${GITHUB_OUTPUT}"
- name: Publish to Homebrew
if: steps.github-release.outputs.release-url != ''
env:
GITHUB_RELEASE_URL: ${{ steps.github-release.outputs.release-url }}
HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
run: |
# Release to Homebrew directly, bypassing the diff check as we already perform this check in the "prepare" job.
make -- --dist-homebrew
- name: Install via Homebrew
if: steps.github-release.outputs.release-url != ''
run: |
make install-brew