diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 01e1641a..2f389d0a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,28 +12,37 @@ env: jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 - - name: Setup QEMU - uses: docker/setup-qemu-action@v3 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v3.5.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: buildkitd-config: .github/buildkitd.toml + - name: Retrieve author data + id: author run: | - echo AUTHOR=$(curl -sSL ${{ github.event.repository.owner.url }} | jq -r '.name') >> $GITHUB_ENV + AUTHOR=$(curl -sSL ${{ github.event.repository.owner.url }} | jq -r '.name') + echo "AUTHOR=$AUTHOR" >> $GITHUB_ENV + - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} labels: | org.opencontainers.image.authors=${{ env.AUTHOR }} + org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} + org.opencontainers.image.created=${{ steps.meta.outputs.created }} + - name: Build Docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 179e9392..bb1a5972 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -29,11 +29,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 #v3.28.11 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -44,7 +44,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@6bb031afdd8eb862ea3fc1848194185e076637e5 #v3.28.11 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -58,4 +58,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 #v3.28.11 diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index e51eb54f..9233b9c1 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -7,15 +7,24 @@ on: tags-ignore: ["**"] pull_request: +permissions: + # Required: allow read access to the content for analysis. + contents: read + # Optional: allow read access to pull request. Use with `only-new-issues` option. + pull-requests: read + # Optional: allow write access to checks to allow the action to annotate code in the PR. + checks: write + security-events: write + jobs: # Docs: gitleaks: name: Gitleaks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: {fetch-depth: 0} - - uses: gacts/gitleaks@v1 # Action page: + - uses: gacts/gitleaks@beadb7dfb484e933cf3e29e2b589f7d42699c4b1 # v1.2.2 # Action page: with: config-path: .gitleaks.toml @@ -23,16 +32,16 @@ jobs: # Docs: name: Golang-CI (lint) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: {fetch-depth: 0} - - uses: actions/setup-go@v5 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: - go-version: '1.23' + go-version: '1.24' cache: false - name: Run linter - uses: golangci/golangci-lint-action@v6 # Action page: + uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0 # Action page: with: - version: v1.62 # without patch version + version: v1.64 # without patch version only-new-issues: false # show only new issues if it's a pull request args: --timeout 4m # the default of 1m didn't suffice occasionally diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 3f73a025..b2d4c197 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -4,16 +4,19 @@ on: branches: - master +permissions: + contents: write + jobs: mkdocs: name: Deploy docs runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Deploy docs - uses: mhausenblas/mkdocs-deploy-gh-pages@master + uses: mhausenblas/mkdocs-deploy-gh-pages@d77dd03172e96abbcdb081d8c948224762033653 # v1.26 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CONFIG_FILE: mkdocs.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 247467c6..ea6a5017 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,4 +1,5 @@ name: Publish Docker image + on: push: branches: @@ -13,39 +14,53 @@ env: jobs: push_to_registry: name: Push Docker image to GitHub Packages - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest permissions: packages: write contents: read steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v3.5.0 with: platforms: all + - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: buildkitd-config: .github/buildkitd.toml - - name: Login to DockerHub - uses: docker/login-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Retrieve author data + id: author run: | - echo AUTHOR=$(curl -sSL ${{ github.event.repository.owner.url }} | jq -r '.name') >> $GITHUB_ENV + AUTHOR=$(curl -sSL ${{ github.event.repository.owner.url }} | jq -r '.name') + echo "AUTHOR=$AUTHOR" >> $GITHUB_ENV + - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=tag + type=sha,prefix=sha- labels: | org.opencontainers.image.authors=${{ env.AUTHOR }} - - name: Build container image - uses: docker/build-push-action@v6 + org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} + org.opencontainers.image.created=${{ steps.meta.outputs.created }} + + - name: Build and push container image + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . platforms: linux/amd64,linux/arm64/v8,linux/arm/v7,linux/ppc64le,linux/s390x diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d5d1704a..1cfb9683 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,21 +6,33 @@ on: - master pull_request: +permissions: + contents: read # Erforderlich, um den Code auszuchecken + jobs: test-go: runs-on: ubuntu-latest strategy: matrix: - go: [ '1.22', '1.23' ] + go: [ '1.23', '1.24' ] name: Go ${{ matrix.go }} tests steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup Go - uses: actions/setup-go@v5 + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Set up Go + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ matrix.go }} - cache: true - - name: Run go test - run: go test -v ./... + cache: true # Aktiviert Caching für Go-Module + + - name: Cache Go modules + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 + with: + path: ~/go/pkg/mod + key: go-mod-${{ runner.os }}-${{ matrix.go }}-${{ hashFiles('**/go.sum') }} + restore-keys: | + go-mod-${{ runner.os }}-${{ matrix.go }}- + - name: Run tests + run: go test -v ./... \ No newline at end of file diff --git a/.github/workflows/typos.yml b/.github/workflows/typos.yml index 253fb063..f0858ea7 100644 --- a/.github/workflows/typos.yml +++ b/.github/workflows/typos.yml @@ -9,17 +9,28 @@ on: branches: - master schedule: - - cron: '45 9 * * 1' + - cron: '45 9 * * 1' # Läuft jeden Montag um 09:45 UTC + +permissions: + contents: read # Erforderlich, um den Code auszuchecken jobs: run: name: Spell Check with Typos runs-on: ubuntu-latest steps: - - name: Checkout Actions Repository - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Cache Typos + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 + with: + path: ~/.cache/typos + key: typos-${{ runner.os }}-${{ hashFiles('.typos.toml') }} + restore-keys: | + typos-${{ runner.os }}- - - name: Use custom config file - uses: crate-ci/typos@master - with: - config: ./.typos.toml + - name: Run Typos with custom config + uses: crate-ci/typos@72f3776b6edc3a10a567b8e43fd0524b2a3f1419 # v1.30.1 + with: + config: ./.typos.toml \ No newline at end of file