[backport] CVE-2024-21626 to 1.0.0-rc95 #193
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: validate | |
on: | |
push: | |
tags: | |
- v* | |
branches: | |
- master | |
pull_request: | |
jobs: | |
lint: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: install deps | |
run: | | |
sudo apt -q update | |
sudo apt -q install libseccomp-dev | |
- uses: golangci/golangci-lint-action@v2 | |
with: | |
# must be specified without patch version | |
version: v1.36 | |
# Only show new issues for a pull request. | |
only-new-issues: true | |
shfmt: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: vars | |
run: | | |
echo "VERSION=3.2.4" >> $GITHUB_ENV | |
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH | |
- name: cache go mod and $GOCACHE | |
uses: actions/cache@v2 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-shfmt-${{ env.VERSION }} | |
restore-keys: ${{ runner.os }}-shfmt- | |
- name: install shfmt | |
run: | | |
command -v shfmt || \ | |
(cd ~ && GO111MODULE=on time go get mvdan.cc/sh/v3/cmd/shfmt@v$VERSION) | |
- name: shfmt | |
run: make shfmt | |
shellcheck: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: vars | |
run: | | |
echo 'VERSION=v0.7.2' >> $GITHUB_ENV | |
echo 'BASEURL=https://github.com/koalaman/shellcheck/releases/download' >> $GITHUB_ENV | |
echo 'SHA256SUM=12ee2e0b90a3d1e9cae24ac9b2838be66b48573cb2c8e8f3c566b959df6f050c' >> $GITHUB_ENV | |
echo ~/bin >> $GITHUB_PATH | |
- name: install shellcheck | |
run: | | |
mkdir ~/bin | |
curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz | | |
tar xfJ - -C ~/bin --strip 1 shellcheck-$VERSION/shellcheck | |
sha256sum ~/bin/shellcheck | grep -q $SHA256SUM | |
# make sure to remove the old version | |
sudo rm -f /usr/bin/shellcheck | |
- uses: lumaxis/shellcheck-problem-matchers@v1 | |
- name: shellcheck | |
run: | | |
make shellcheck | |
deps: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: cache go mod and $GOCACHE | |
uses: actions/cache@v2 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go.sum-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-go.sum- | |
- name: verify deps | |
run: make verify-dependencies | |
commit: | |
runs-on: ubuntu-20.04 | |
# Only check commits on pull requests. | |
if: github.event_name == 'pull_request' | |
steps: | |
- name: get pr commits | |
id: 'get-pr-commits' | |
uses: tim-actions/[email protected] | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: check subject line length | |
uses: tim-actions/[email protected] | |
with: | |
commits: ${{ steps.get-pr-commits.outputs.commits }} | |
pattern: '^.{0,72}(\n.*)*$' | |
error: 'Subject too long (max 72)' | |
cross: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
# We have to run this under Docker as Ubuntu (host) does not support all | |
# the architectures we want to compile test against, and Dockerfile uses | |
# Debian (which does). | |
# | |
# XXX: as currently this is the only job that is using Docker, we are | |
# building and using the runcimage locally. In case more jobs running | |
# under Docker will emerge, it will be good to have a separate make | |
# runcimage job and share its result (the docker image) with whoever | |
# needs it. | |
- uses: satackey/[email protected] | |
continue-on-error: true | |
- name: build docker image | |
run: make runcimage | |
- name: cross | |
run: make cross | |
cfmt: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: install deps | |
run: | | |
sudo apt -qq update | |
sudo apt -qq install indent | |
- name: cfmt | |
run: | | |
make cfmt | |
git diff --exit-code | |
release: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: install deps | |
run: | | |
sudo apt -qq update | |
sudo apt -qq install gperf | |
- name: make release | |
run: make release | |
- name: upload artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: release-${{ github.run_id }} | |
path: release/* |