chore(deps): bump the actions-deps-minor-patch group across 1 directory with 5 updates #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Terraform Provider testing workflow. | |
| name: Tests | |
| # This GitHub action runs your tests for each pull request and push. | |
| # Optionally, you can turn it on using a schedule for regular testing. | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| actions: read | |
| security-events: write | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@e80931f0826124db0a241ba9876c8e8eb3ca4d75 # v1.0.2-beta2 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: true | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 | |
| with: | |
| languages: go | |
| build-mode: manual | |
| queries: security-extended,security-and-quality | |
| - run: go mod download | |
| - run: go build -v . | |
| - name: Run linters | |
| uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0 | |
| with: | |
| version: latest | |
| skip-cache: true | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 | |
| with: | |
| category: "/language:go" | |
| - name: Archive Build | |
| uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 | |
| with: | |
| name: build | |
| path: | | |
| terraform-provider-quicknode | |
| pr-scan: | |
| uses: circlefin/circle-public-github-workflows/.github/workflows/pr-scan.yaml@v1 | |
| trivy-scan: | |
| name: Trivy Scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| actions: read | |
| contents: read | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@e80931f0826124db0a241ba9876c8e8eb3ca4d75 # v1.0.2-beta2 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Trivy Scan | |
| uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0 | |
| with: | |
| scan-type: fs | |
| scan-ref: '.' | |
| exit-code: '1' | |
| output: trivy-results.sarif | |
| format: sarif | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| generate: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@e80931f0826124db0a241ba9876c8e8eb3ca4d75 # v1.0.2-beta2 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: true | |
| - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
| with: | |
| terraform_wrapper: false | |
| - run: make generate | |
| - name: git diff | |
| run: | | |
| git diff --compact-summary --exit-code || \ | |
| (echo; echo "Unexpected difference in directories after code generation. Run 'make generate' command and commit."; exit 1) | |
| - name: setup goreleaser | |
| uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 | |
| with: | |
| install-only: true | |
| - run: make validate | |
| test: | |
| name: Terraform Provider Unit Tests | |
| needs: build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@e80931f0826124db0a241ba9876c8e8eb3ca4d75 # v1.0.2-beta2 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: true | |
| - run: go mod download | |
| - run: go test -v -cover ./... -run Test -skip TestAcc | |
| # Run acceptance tests in a matrix with Terraform CLI versions | |
| acctest: | |
| # skip when triggered by dependabot, due to no access to secrets | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| name: Terraform Provider Acceptance Tests | |
| needs: build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # list whatever Terraform versions here you would like to support | |
| terraform: | |
| - '1.8.*' | |
| - '1.9.*' | |
| - '1.10.*' | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@e80931f0826124db0a241ba9876c8e8eb3ca4d75 # v1.0.2-beta2 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: true | |
| - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
| with: | |
| terraform_version: ${{ matrix.terraform }} | |
| terraform_wrapper: false | |
| - run: go mod download | |
| - env: | |
| TF_ACC: "1" | |
| QUICKNODE_APIKEY: ${{ secrets.QUICKNODE_APIKEY }} | |
| run: go test -v -cover ./... -run TestAcc | |
| timeout-minutes: 10 | |
| rollup: | |
| name: Success Rollup | |
| if: always() | |
| needs: | |
| - build | |
| - pr-scan | |
| - trivy-scan | |
| - generate | |
| - test | |
| - acctest | |
| runs-on: ubuntu-latest | |
| permissions: {} | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@e80931f0826124db0a241ba9876c8e8eb3ca4d75 # v1.0.2-beta2 | |
| - run: exit 1 | |
| if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} |