From be8fcee399997f20c4b50f1955348fe58c18b1c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Wed, 3 Dec 2025 11:47:11 +0100 Subject: [PATCH 1/4] Use newest Ubuntu as action runner --- .github/workflows/build.yml | 4 ++-- .github/workflows/dependency-review.yml | 2 +- .github/workflows/docker-image-security-scan.yml | 2 +- .github/workflows/lint.yml | 6 +++--- .github/workflows/release.yml | 4 ++-- .github/workflows/security.yml | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b7d29cd..5d3b2e7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,7 +6,7 @@ permissions: jobs: go-version: name: Lookup go versions - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: minimal: ${{ steps.go-version.outputs.minimal }} matrix: ${{ steps.go-version.outputs.matrix }} @@ -17,7 +17,7 @@ jobs: go_generate: name: Check generated code is up to date needs: go-version - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: workdir: go/src/${{ github.repository }} steps: diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 838dbb3..4c67c12 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -6,7 +6,7 @@ permissions: jobs: dependency-review: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: 'Checkout Repository' uses: actions/checkout@v6 diff --git a/.github/workflows/docker-image-security-scan.yml b/.github/workflows/docker-image-security-scan.yml index b10fd96..8cbe2fb 100644 --- a/.github/workflows/docker-image-security-scan.yml +++ b/.github/workflows/docker-image-security-scan.yml @@ -7,7 +7,7 @@ jobs: security-scan: name: Docker build and scan if: '!github.event.deleted' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v6 - name: Set up Docker Buildx diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f6dc4e4..c65b598 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -7,7 +7,7 @@ permissions: jobs: dockerfile: name: dockerfile - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v6 - name: Run hadolint @@ -17,7 +17,7 @@ jobs: markdownlint: name: markdown - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v6 - name: Run markdownlint @@ -25,7 +25,7 @@ jobs: golangci: name: lint - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v6 - uses: arnested/go-version-action@v1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f4f1863..bcd1bf4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ permissions: actions: read jobs: bump-version: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v6 with: @@ -95,7 +95,7 @@ jobs: message: "Released `${{ github.repository }}`@`${{ github.sha }}` as ${{ steps.version.outputs.tag }}: *${{ job.status }}*." docker-build: name: Docker build and push - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v6 - name: Set up Docker Buildx diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 353e261..3762c70 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -16,7 +16,7 @@ permissions: jobs: gosec: name: Golang Security Checker - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: GO111MODULE: on steps: @@ -33,7 +33,7 @@ jobs: sarif_file: results.sarif govulncheck: name: Govulncheck - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v6 - uses: arnested/go-version-action@v1 From 8bf47189fded72fd17b764a1cddd437f83cb309b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Wed, 3 Dec 2025 11:49:18 +0100 Subject: [PATCH 2/4] Update govulncheck step --- .github/workflows/security.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 3762c70..ab8b3c9 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -36,20 +36,18 @@ jobs: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v6 - - uses: arnested/go-version-action@v1 - id: go-version + - name: Setup Go + uses: actions/setup-go@v6 with: - patch-level: true + go-version-file: go.mod - id: govulncheck - uses: golang/govulncheck-action@master + uses: arnested/govulncheck-action@main with: - go-version-input: ${{ steps.go-version.outputs.latest }} output-format: sarif output-file: results.sarif + setup-go: false repo-checkout: false - - name: Fix SARIF format - run: yq --inplace --output-format json '.runs |= map ({"results":[]} + .)' results.sarif - - name: Upload SARIF file + - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v4 with: sarif_file: results.sarif From 7f04df2ab70ebc65a4f4ede848e36317a3866595 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Wed, 3 Dec 2025 11:52:49 +0100 Subject: [PATCH 3/4] Use actions/setup-go Since it's version 6.1 it supports dowbnloading from go.dev which should ensure we always can get the newest Go version installed. --- .github/workflows/build.yml | 5 ++--- .github/workflows/lint.yml | 2 +- .github/workflows/release.yml | 3 +-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5d3b2e7..5db29ff 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: with: path: ${{env.workdir}} - name: Install Go ${{ needs.go-version.outputs.minimal }} - uses: WillAbides/setup-go-faster@v1.14.0 + uses: actions/setup-go@v6 with: go-version: ${{ needs.go-version.outputs.minimal }} - run: go version @@ -48,10 +48,9 @@ jobs: steps: - uses: actions/checkout@v6 - name: Install Go ${{ matrix.go-version }} - uses: WillAbides/setup-go-faster@v1.14.0 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }}.x - ignore-local: true - run: go version - name: go test env: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c65b598..d850557 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -31,7 +31,7 @@ jobs: - uses: arnested/go-version-action@v1 id: go-version - name: Install Go ${{ steps.go-version.outputs.minimal }} - uses: WillAbides/setup-go-faster@v1.14.0 + uses: actions/setup-go@v6 with: go-version: ${{ steps.go-version.outputs.minimal }} - run: go version diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bcd1bf4..b67c92d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,10 +29,9 @@ jobs: DEFAULT_BUMP: patch DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} - name: Set up Go ${{ steps.go-version.outputs.latest }} - uses: WillAbides/setup-go-faster@v1.14.0 + uses: actions/setup-go@v6 with: go-version: ${{ steps.go-version.outputs.latest }}.x - ignore-local: true - run: go version - name: Install changelog management tool run: go install github.com/goreleaser/chglog/cmd/chglog@main From f81a4e3a37c8bd521bf8de32d2534496bc816c3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Wed, 3 Dec 2025 11:54:08 +0100 Subject: [PATCH 4/4] No need to use special workdir --- .github/workflows/build.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5db29ff..96bf5c7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,12 +18,8 @@ jobs: name: Check generated code is up to date needs: go-version runs-on: ubuntu-24.04 - env: - workdir: go/src/${{ github.repository }} steps: - uses: actions/checkout@v6 - with: - path: ${{env.workdir}} - name: Install Go ${{ needs.go-version.outputs.minimal }} uses: actions/setup-go@v6 with: @@ -32,11 +28,8 @@ jobs: - name: go generate env: GO111MODULE: 'on' - GOPATH: ${{ github.workspace }}/go - working-directory: ${{env.workdir}} run: go generate -x - name: Diff after go generate - working-directory: ${{env.workdir}} run: git diff --exit-code build_and_test: name: Build and test