Skip to content

Address potential misuse of external state in SSH callbacks #969

Address potential misuse of external state in SSH callbacks

Address potential misuse of external state in SSH callbacks #969

Workflow file for this run

name: build
on:
pull_request:
branches:
- main
permissions: {}
jobs:
build-snapshot:
permissions:
contents: read
packages: write
runs-on: ubuntu-latest
strategy:
matrix:
binary:
- ssh-portal
- ssh-portal-api
- ssh-token
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: stable
- run: echo "GOVERSION=$(go version)" >> "$GITHUB_ENV"
- uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
id: goreleaser
with:
version: latest
args: build --clean --verbose --single-target --snapshot
- name: Login to GHCR
if: github.actor != 'dependabot[bot]'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get Docker metadata
if: github.actor != 'dependabot[bot]'
id: docker_metadata
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with:
images: ghcr.io/${{ github.repository }}/${{ matrix.binary }}
- run: echo "GITHUB_REPOSITORY_NAME=$(basename ${{ github.repository }})" >> "$GITHUB_ENV"
- name: Build and push ${{ matrix.binary }} container image
if: github.actor != 'dependabot[bot]'
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
push: true
tags: ${{ steps.docker_metadata.outputs.tags }}
labels: ${{ steps.docker_metadata.outputs.labels }}
file: Dockerfile
build-args: BINARY=${{ matrix.binary }}
context: dist/${{ matrix.binary }}_linux_amd64_v1
check-tag:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- id: ccv
uses: smlx/ccv@d3de774e9b607b079940a7a86952f44643743336 # v0.9.0
with:
write-tag: false
- run: |
echo "new-tag=$NEW_TAG"
echo "new-tag-version=$NEW_TAG_VERSION"
env:
NEW_TAG: ${{steps.ccv.outputs.new-tag}}
NEW_TAG_VERSION: ${{steps.ccv.outputs.new-tag-version}}