Update devbox, remove go tools #453
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build PR | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| actions: read | |
| concurrency: | |
| group: pull-request-ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| # Expose matched filters as job 'src' output variable | |
| paths: ${{ steps.filter.outputs.changes }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: .github/filters.yml | |
| yamllint: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: ${{ contains(fromJSON(needs.changes.outputs.paths), 'src') }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Validate YAML file | |
| run: yamllint templates | |
| go-build: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: ${{ contains(fromJSON(needs.changes.outputs.paths), 'src') }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| golang.org:443 | |
| proxy.golang.org:443 | |
| sum.golang.org:443 | |
| *.githubusercontent.com:443 | |
| storage.googleapis.com:443 | |
| cli.codecov.io:443 | |
| api.codecov.io:443 | |
| ingest.codecov.io:443 | |
| dl.k8s.io:443 | |
| cdn.dl.k8s.io:443 | |
| - uses: actions/checkout@v5 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| - name: Build | |
| run: make build | |
| - name: Check for generated diff | |
| run: make check-gen-diff | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: ${{ contains(fromJSON(needs.changes.outputs.paths), 'src') }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| proxy.golang.org:443 | |
| sum.golang.org:443 | |
| go.dev:443 | |
| dl.google.com:443 | |
| golang.org:443 | |
| *.githubusercontent.com:443 | |
| registry-1.docker.io:443 | |
| auth.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| gcr.io:443 | |
| storage.googleapis.com:443 | |
| - uses: actions/checkout@v5 | |
| - name: Docker cache | |
| uses: ScribeMD/[email protected] | |
| with: | |
| key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }} | |
| - name: Build the Docker image | |
| run: make docker-build |