Commit graph

57 commits

Author SHA1 Message Date
Aliaksandr Valialkin
5074cc672a
all: update Go builder from Go1.20.2 to Go1.20.3
See https://github.com/golang/go/issues?q=milestone%3AGo1.20.3+label%3ACherryPickApproved
2023-04-05 13:37:22 -07:00
dependabot[bot]
cc67eb4ff3
build(deps): bump actions/setup-go from 3 to 4 (#3962)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 09:23:24 +01:00
Roman Khavronenko
3de7fc5c71
security: bump go version to 1.20.2 (#3935)
upgrade Go builder from Go1.20.1 to Go1.20.2
See the list of issues addressed in Go1.20.2 here (https://github.com/golang/go/issues?q=milestone%3AGo1.20.2+label%3ACherryPickApproved).

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2023-03-09 13:20:54 +01:00
Aliaksandr Valialkin
11ce30820b
all: update Go builder from Go1.20.0 to Go1.20.1
See https://github.com/golang/go/issues?q=milestone%3AGo1.20.1+label%3ACherryPickApproved
2023-02-14 23:05:16 -08:00
Max Golionko
6495b62866
bump go to 1.20 in ci jobs (#3787) 2023-02-08 14:32:42 +01:00
Max Golionko
6f24fa2055
CI: speedup build by 2.4x. restore nightly build (#3772)
* setup docker buildx
* add snyk integration
* add go cache for docker build
* cancel redundant job if there is new commit into same PR or branch
2023-02-07 10:12:16 +08:00
Max Golionko
df1e545c0e
disable codeql for docs. merge build and test back to one job (#3746) 2023-02-02 20:59:08 +08:00
Max Golionko
e8554cd1cb
ci: checkout correct branch for build step (#3676) 2023-01-19 08:34:20 +01:00
Max Golionko
59b97f26c0
CI: split js and go codeql, split test and build, enable matrix for test (#3670)
* split js and go codeql, split test and build, enable matrix for test

* checkout before go setup

* enable build for PRs as well

* update filter
2023-01-18 11:42:27 -08:00
Aliaksandr Valialkin
c449714c0a
deployment/docker: update Go builder from v1.19.4 to v1.19.5
See https://github.com/golang/go/issues?q=milestone%3AGo1.19.5+label%3ACherryPickApproved
2023-01-10 18:43:04 -08:00
Artem Navoiev
0a519c93ef
run checks only for master/cluster branches (#3581)
Signed-off-by: Artem Navoiev <tenmozes@gmail.com>

Signed-off-by: Artem Navoiev <tenmozes@gmail.com>
2023-01-03 11:08:44 +04:00
Aliaksandr Valialkin
eeacbaf0b6
all: update Go builder from v1.19.3 to v1.19.4
See https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved
2022-12-08 16:41:24 -08:00
Roman Khavronenko
9f8bf524ad
bump go version to 1.19.3 (#3327)
Signed-off-by: hagen1778 <roman@victoriametrics.com>

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-11-08 16:43:59 +01:00
Aliaksandr Valialkin
b47caa86db
all: update the minimum required Go verson from 1.19.1 to 1.19.2
This is needed because of security vulnerabilities found in Go 1.19.1
See https://go.dev/doc/devel/release#go1.19.2
2022-10-07 22:43:37 +03:00
Roman Khavronenko
efea51a9ee
bump Go version to 1.19.1 (#3108)
The reason is to cover vulnerability GO-2022-0969
Found in: net/http@go1.18.5
Fixed in: net/http@go1.19.1
More info: https://pkg.go.dev/vuln/GO-2022-0969

Signed-off-by: hagen1778 <roman@victoriametrics.com>

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-09-14 12:29:19 +02:00
Aliaksandr Valialkin
28b6dec1f4
.github/workflows/main.yml: stop setting GO111MODULE=on env var, since it is unnecessary in Go1.18 and newer versions 2022-09-08 18:41:56 +03:00
Aliaksandr Valialkin
7b8bc8ad59
all: bump the minimum supported version of Go from 1.17 to 1.18
This is needed because some dependencies uses generics, which have been appeared in Go1.18

This is a follow-up for caf3dd4fa2
2022-08-08 13:39:38 +03:00
Roman Khavronenko
caf3dd4fa2
workflows: bump go version (#2955)
Some new dependencies contain generics, so we bump go version for CI.

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2022-08-08 09:24:15 +02:00
Aliaksandr Valialkin
ed93330e66
all: follow-up for d99ba3481b 2022-07-13 16:44:39 +03:00
naveensrinivasan
cb1ded8d9f chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-17 17:04:04 +03:00
dependabot[bot]
d7f86f111b
build(deps): bump codecov/codecov-action from 2.1.0 to 3 (#2407)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v2.1.0...v3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-08 13:08:09 +03:00
Roman Khavronenko
e5b451a66a
ci: bump go version to 1.17 (#1895)
The bump was required for `vmalert` package.
`vmalert` docs now also contain an updated description.

Signed-off-by: hagen1778 <roman@victoriametrics.com>
2021-12-02 14:42:25 +02:00
Aliaksandr Valialkin
1ae7ca848c
.github/workflows/main.yml: checkout code before installing dependencies
Dependencies depend on Makefile rules from the code, so code checkout must run first
2021-10-26 22:08:58 +03:00
Aliaksandr Valialkin
c560a338e8
.github/workflows/main.yml: re-use makefile rules for installing goling, errcheck and golangci-lint 2021-10-26 21:26:39 +03:00
dependabot[bot]
bc2d05be8e
build(deps): bump codecov/codecov-action from 2.0.3 to 2.1.0 (#1615)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.0.3 to 2.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.3...v2.1.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-14 12:23:01 +03:00
dependabot[bot]
66626db92f
build(deps): bump codecov/codecov-action from 2.0.2 to 2.0.3 (#1563)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.2...v2.0.3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-25 13:40:21 +03:00
dependabot[bot]
0ef150c14b build(deps): bump codecov/codecov-action from 2.0.1 to 2.0.2
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.1...v2.0.2)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-26 20:42:21 +03:00
dependabot[bot]
bf25a256c5
build(deps): bump codecov/codecov-action from 1.5.2 to 2.0.1 (#1468)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1.5.2 to 2.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1.5.2...v2.0.1)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-23 12:01:52 +03:00
dependabot[bot]
408fc90b40
build(deps): bump codecov/codecov-action from 1.5.0 to 1.5.2 (#1362)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1.5.0...v1.5.2)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-09 12:16:46 +03:00
Artem Navoiev
c687536956
Add vendor license checker, update codecov action, add dependbot for … (#1280)
* Add vendor license checker, update codecov action, add dependbot for github actions

* update gitingore, temprorary turn on check

* fix action name

* change action rules to trigger only when vendor changes

* remove obsolete line from main action
2021-05-10 11:38:56 +03:00
Aliaksandr Valialkin
90bba22c25 .github/workflows: remove CODECOV_TOKEN 2021-04-19 11:11:14 +03:00
Aliaksandr Valialkin
3792ea4065 .github/workflows/main.yml: update Go version from v1.15 to v1.16 2021-03-01 12:14:20 +02:00
Aliaksandr Valialkin
7cc3d96a41 lib/fs: follow-up after f3a03c4164 2021-02-27 01:01:47 +02:00
Aliaksandr Valialkin
d5c180e680 app/vmctl: move vmctl code from github.com/VictoriaMetrics/vmctl
It is better developing vmctl tool in VictoriaMetrics repository, so it could be released
together with the rest of vmutils tools such as vmalert, vmagent, vmbackup, vmrestore and vmauth.
2021-02-01 01:10:20 +02:00
Aliaksandr Valialkin
b9913e151a .github/workflows/main.yml: fall back to go get instead of go install for installing aux tools
It is unclear why `go install` doesn't work in Github Actions. Needs additional investigation.
The following error is returned now:

cannot find package "golang.org/x/lint/golint" in any of:
	/opt/hostedtoolcache/go/1.15.5/x64/src/golang.org/x/lint/golint (from $GOROOT)
	/home/runner/go/src/golang.org/x/lint/golint (from $GOPATH)
2020-12-15 14:17:52 +02:00
Aliaksandr Valialkin
149511f5e9 Do not set GO111MODULE=off during go install, since this doesnt work in Go1.14 and Go1.15 2020-12-15 13:13:46 +02:00
Aliaksandr Valialkin
4e48067133 .github/workflows/main.yml: set GO111MODULE=off when installing auxiliary tools via go install 2020-12-15 01:03:11 +02:00
Aliaksandr Valialkin
0b2726c3be all: use go install instead of go get for installing auxiliary tools
This is a preparation for Go 1.16, which deprecates `go get` for installing binaries.
See https://tip.golang.org/doc/go1.16#go-command :

  go install, with or without a version suffix (as described above), is now the recommended way
  to build and install packages in module mode. go get should be used with the -d flag to adjust
  the current module's dependencies without building packages, and use of go get to build and install
  packages is deprecated. In a future release, the -d flag will always be enabled.
2020-12-14 20:07:50 +02:00
Artem Navoiev
8e6eb2cd6b update go action 2020-10-07 17:48:42 +03:00
Aliaksandr Valialkin
129b07113e .github/workflows: switch Go version from v1.14 to v1.15 2020-10-05 22:00:51 +03:00
Aliaksandr Valialkin
165c9c6371 .github/workflows: verify builds for vmagent, vmalert, vmbackup and vmrestore 2020-09-29 00:49:20 +03:00
Aliaksandr Valialkin
41f24cdb64 .github/workflows: verify that VictoriaMetrics can be built for GOOS=openbsd 2020-09-29 00:44:44 +03:00
Aliaksandr Valialkin
cf38c3c62f .github/workflows: an attempt to fix loading of golangci-lint 2020-05-15 15:06:24 +03:00
Aliaksandr Valialkin
6d3567d65c .github/workflows: install dependencies before code checkout
Othwerise dependencies' install mangles go.mod
2020-04-24 17:55:17 +03:00
Aliaksandr Valialkin
b80e6b4d56 .github/workflows: enable Go modules when installing dependencies
Disabled Go modules broke golangci-lint build
2020-04-24 17:39:58 +03:00
Aliaksandr Valialkin
ac43075cc9 .github/workflows: install golangci-lint at Dependencies step 2020-04-24 15:37:35 +03:00
Aliaksandr Valialkin
3157fb0186 .github/workflows: update Go version in actions/setup-go from v1.13 to v1.14 2020-04-24 15:31:16 +03:00
Aliaksandr Valialkin
77bea69fab .github/workflows: use master branch for 'actions/setup-go' and 'actions/checkout' 2020-04-24 14:41:21 +03:00
Artem Navoiev
58a3e59d59
bump version of codecov-action to v1.0.6 2020-03-05 23:25:13 +02:00
Artem Navoiev
74b4ccfc91 [ci] push to wiki 2019-11-30 20:36:10 +02:00