build(deps): bump cloud.google.com/go/kms from 1.23.1 to 1.23.2 (#4271) #8387
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | --- | |
| name: Code Health | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| jobs: | |
| golangci: | |
| name: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - uses: actions/checkout@v5 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false # see https://github.com/golangci/golangci-lint-action/issues/807 | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 | |
| with: | |
| version: v2.1.6 | |
| unit-tests: | |
| env: | |
| COVERAGE: coverage.out | |
| TEST_CMD: gotestsum --junitfile unit-tests.xml --format standard-verbose -- | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| if: matrix.os == 'ubuntu-latest' | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - run: | | |
| go install gotest.tools/gotestsum@v1.12.3 | |
| go install github.com/mattn/goveralls@v0.0.12 | |
| - run: make unit-test | |
| - name: Send coverage | |
| if: matrix.os == 'ubuntu-latest' | |
| env: | |
| COVERALLS_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
| run: goveralls -parallel -coverprofile="$COVERAGE" -ignore=test/* -service=github | |
| - name: Test Summary | |
| id: test_summary | |
| uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 | |
| with: | |
| paths: unit-tests.xml | |
| if: always() && matrix.os == 'ubuntu-latest' | |
| coverage: | |
| runs-on: ubuntu-latest | |
| needs: [unit-tests, e2e-tests] | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Install goveralls | |
| run: go install github.com/mattn/goveralls@v0.0.12 | |
| - name: Send coverage | |
| env: | |
| COVERALLS_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
| run: goveralls -parallel-finish -ignore=test/* -service=github | |
| libraryOwners: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Run check-library-owners | |
| run: make check-library-owners | |
| docs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Generate docs | |
| run: make gen-docs > /dev/null | |
| - name: Check for uncommitted files | |
| run: | | |
| export FILES= | |
| FILES=$(git ls-files -o -m --directory --exclude-standard --no-empty-directory) | |
| export LINES= | |
| LINES=$(echo "$FILES" | awk 'NF' | wc -l) | |
| if [ "$LINES" -ne 0 ]; then | |
| echo "Detected files that need to be committed:" | |
| echo "${FILES//^/ }" | |
| echo "" | |
| echo "Try running: make gen-docs" | |
| exit 1 | |
| fi | |
| api: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - run: make devtools | |
| - name: Generate api commands | |
| run: make gen-api-commands > /dev/null | |
| - name: Check for uncommitted files | |
| run: | | |
| export FILES= | |
| FILES=$(git ls-files -o -m --directory --exclude-standard --no-empty-directory) | |
| export LINES= | |
| LINES=$(echo "$FILES" | awk 'NF' | wc -l) | |
| if [ "$LINES" -ne 0 ]; then | |
| echo "Detected files that need to be committed:" | |
| echo "${FILES//^/ }" | |
| echo "" | |
| echo "Try running: make gen-api-commands" | |
| exit 1 | |
| fi | |
| actionlint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - uses: actions/checkout@v5 | |
| - name: Download actionlint | |
| id: get_actionlint | |
| run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) | |
| shell: bash | |
| - name: Check workflow files | |
| run: | | |
| echo "::add-matcher::.github/actionlint-matcher.json" | |
| ${{ steps.get_actionlint.outputs.executable }} -color | |
| shell: bash | |
| mocks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Generate mocks | |
| run: make gen-mocks | |
| - name: Check for uncommitted files | |
| run: | | |
| export FILES= | |
| FILES=$(git ls-files -o -m --directory --exclude-standard --no-empty-directory) | |
| export LINES= | |
| LINES=$(echo "$FILES" | awk 'NF' | wc -l) | |
| if [ "$LINES" -ne 0 ]; then | |
| echo "Detected files that need to be committed:" | |
| echo "${FILES//^/ }" | |
| echo "" | |
| echo "Try running: make gen-mocks" | |
| exit 1 | |
| fi | |
| shellcheck: | |
| name: shellcheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - uses: actions/checkout@v5 | |
| - name: Install ShellCheck | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y shellcheck | |
| - name: Run ShellCheck | |
| run: | | |
| # Find all shell scripts excluding specific patterns or directories | |
| # Add exclusions by adding more -not -path patterns as needed | |
| find . -name "*.sh" \ | |
| -not -path "./.git/*" \ | |
| -not -path "./docs/*" \ | |
| -print0 | xargs -0 shellcheck --format=gcc | |
| # Also check for shell scripts without .sh extension | |
| find . -type f -exec grep -l '^#!/bin/\(ba\)\?sh' {} \; \ | |
| | grep -v '\.sh$' \ | |
| | grep -v './.git/' \ | |
| | grep -v './docs/' \ | |
| | xargs -r shellcheck --format=gcc | |
| tidy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Run 'go mod tidy' | |
| run: go mod tidy | |
| - name: Check for uncommitted files | |
| run: | | |
| export FILES= | |
| FILES=$(git ls-files -o -m --directory --exclude-standard --no-empty-directory) | |
| export LINES= | |
| LINES=$(echo "$FILES" | awk 'NF' | wc -l) | |
| if [ "$LINES" -ne 0 ]; then | |
| echo "Detected files that need to be committed:" | |
| echo "${FILES//^/ }" | |
| echo "" | |
| echo "Try running: go mod tidy" | |
| exit 1 | |
| fi | |
| licensecheck: | |
| name: licensecheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - uses: actions/checkout@v5 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - run: ./build/ci/check-licenses.sh | |
| checktemplates: | |
| name: checktemplates | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - uses: actions/checkout@v5 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - run: make check-templates | |
| verify_image: | |
| name: Build docker image | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Check out the repo | |
| uses: actions/checkout@v5 | |
| - name: Linting | |
| uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 | |
| with: | |
| dockerfile: Dockerfile | |
| - name: Enable containerd image store | |
| uses: docker/setup-docker-action@b60f85385d03ac8acfca6d9996982511d8620a19 | |
| with: | |
| version: v24.0.6 | |
| daemon-config: | | |
| { | |
| "features": { | |
| "containerd-snapshotter": true | |
| } | |
| } | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 | |
| - name: Build image to dockerhub staging registry | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| tags: mongodb/atlas:test | |
| file: Dockerfile | |
| e2e-tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| with: | |
| config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - run: | | |
| go install gotest.tools/gotestsum@v1.12.3 | |
| go install github.com/mattn/goveralls@v0.0.12 | |
| - name: set Apix Bot token | |
| id: app-token | |
| uses: mongodb/apix-action/token@6c3fde402c21942fa46cde003f190c2b23c59530 | |
| with: | |
| app-id: ${{ secrets.APIXBOT_APP_ID }} | |
| private-key: ${{ secrets.APIXBOT_APP_PEM }} | |
| - run: make build | |
| - id: config-path | |
| env: | |
| EDITOR: echo | |
| run: echo "CONFIG_PATH=$(./bin/atlas config edit 2>/dev/null)" >> "$GITHUB_OUTPUT" | |
| - env: | |
| CONFIG_PATH: ${{ steps.config-path.outputs.CONFIG_PATH }} | |
| CONFIG_CONTENT: | | |
| skip_update_check = true | |
| silence_storage_warning = true | |
| telemetry_enabled = false | |
| [__e2e] | |
| org_id = 'a0123456789abcdef012345a' | |
| project_id = 'b0123456789abcdef012345b' | |
| public_api_key = 'ABCDEF01' | |
| private_api_key = '12345678-abcd-ef01-2345-6789abcdef01' | |
| ops_manager_url = 'http://localhost:8080/' | |
| service = 'cloud' | |
| output = 'plaintext' | |
| [__e2e_snapshot] | |
| org_id = 'a0123456789abcdef012345a' | |
| project_id = 'b0123456789abcdef012345b' | |
| public_api_key = 'ABCDEF01' | |
| private_api_key = '12345678-abcd-ef01-2345-6789abcdef01' | |
| ops_manager_url = 'http://localhost:8080/' | |
| service = 'cloud' | |
| output = 'plaintext' | |
| run: | | |
| echo "$CONFIG_CONTENT" > "$CONFIG_PATH" | |
| - run: | | |
| set +e | |
| make e2e-test-snapshots | |
| EXIT_CODE=$? | |
| if [ $EXIT_CODE -ne 0 ]; then | |
| echo "::error::Snapshot tests failed, consider adding label 'update-snapshots' to re-generate them" | |
| fi | |
| exit $EXIT_CODE | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| TEST_CMD: gotestsum --junitfile e2e-tests.xml --format standard-verbose -- | |
| COVERAGE: coverage.out | |
| - name: Send coverage | |
| env: | |
| COVERALLS_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
| COVERAGE: coverage.out | |
| run: goveralls -parallel -coverprofile="$COVERAGE" -ignore=test/* -service=github | |
| - name: Test Summary | |
| if: always() | |
| uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 | |
| with: | |
| paths: e2e-tests.xml |