Bump github.com/aws/smithy-go from 1.23.2 to 1.24.0 #941
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Docs: https://docs.github.com/en/actions | |
| name: CI/CD | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: ["master"] | |
| pull_request: | |
| branches: ["master"] | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| AWS_DEPLOY_ROLE: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ranger-gha-deploy" | |
| AWS_ECR_IMAGE_NAME: "/rangers/ranger-ims-go" | |
| AWS_ECS_CLUSTER: rangers | |
| AWS_ECS_CONTAINER_NAME: ranger-ims-go | |
| AWS_ECS_SERVICE_STAGING: ranger-ims-go-staging-fg | |
| AWS_ECS_TASK_DEFINITION_ARN_STAGING: "arn:aws:ecs:us-west-2:${{ secrets.AWS_ACCOUNT_ID }}:task-definition/ranger-ims-go-staging-fg" | |
| AWS_ECS_TASK_DEFINITION_FAMILY_STAGING: ranger-ims-go-staging-fg | |
| AWS_REGION: us-west-2 | |
| jobs: | |
| lint: | |
| name: Linters | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/[email protected] | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| *.github.com:443 | |
| *.githubusercontent.com:443 | |
| *.go.dev:443 | |
| *.golang.org:443 | |
| cdn.datatables.net:443 | |
| cdn.jsdelivr.net:443 | |
| code.jquery.com:443 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| go.dev:443 | |
| golang.org:443 | |
| pypi.org:443 | |
| storage.googleapis.com:443 | |
| - name: Checkout source code | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: "go.mod" | |
| - name: Fetch external build dependencies | |
| run: go run bin/fetchbuilddeps/fetchbuilddeps.go | |
| - name: Install Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.13" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Run pre-commit checks | |
| run: uvx pre-commit run --all-files | |
| build: | |
| name: Build application | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/[email protected] | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| *.codecov.io:443 | |
| *.docker.com:443 | |
| *.docker.io:443 | |
| *.github.com:443 | |
| *.githubusercontent.com:443 | |
| *.golang.org:443 | |
| *.sentry.io:443 | |
| cdn.datatables.net:443 | |
| cdn.jsdelivr.net:443 | |
| code.jquery.com:443 | |
| github.com:443 | |
| go.dev:443 | |
| golang.org:443 | |
| keybase.io:443 | |
| storage.googleapis.com:443 | |
| - name: Checkout source code | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: "go.mod" | |
| - name: Fetch external build dependencies | |
| run: go run bin/fetchbuilddeps/fetchbuilddeps.go | |
| # TODO: maybe install sqlc, templ, and tsc code generation | |
| # here as well. They would add some additional build time | |
| # (mostly due to fetching their deps and building them), | |
| # which is less than ideal. For now, it should be fine to | |
| # do these on the developer's computer, and this can be | |
| # enforced by pre-commit. | |
| - name: Compile, test, and cover | |
| run: go test -race -covermode=atomic -coverprofile=coverage.txt --coverpkg ./... ./... | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: coverage.txt | |
| env_vars: GITHUB_REF,GITHUB_COMMIT,GITHUB_USER,GITHUB_WORKFLOW | |
| fail_ci_if_error: false | |
| env: | |
| GITHUB_REF: ${{ github.ref }} | |
| GITHUB_COMMIT: ${{ github.sha }} | |
| GITHUB_USER: ${{ github.actor }} | |
| GITHUB_WORKFLOW: ${{ github.workflow }} | |
| docker-build: | |
| name: Build Docker image | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/[email protected] | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| *.docker.com:443 | |
| *.docker.io:443 | |
| *.golang.org:443 | |
| cdn.datatables.net:443 | |
| cdn.jsdelivr.net:443 | |
| code.jquery.com:443 | |
| dl-cdn.alpinelinux.org:443 | |
| github.com:443 | |
| storage.googleapis.com:443 | |
| - name: Checkout source code | |
| uses: actions/checkout@v6 | |
| - name: Build Docker image | |
| run: docker build --tag "ranger-ims-go:${{ github.sha }}" . | |
| - name: Save Docker image | |
| run: docker image save ranger-ims-go | gzip -9 > docker_image.tgz | |
| - name: Upload Docker image artifacts | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: docker | |
| path: docker_image.tgz | |
| docker-test: | |
| name: Test Docker image | |
| needs: [docker-build] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/[email protected] | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| *.docker.com:443 | |
| *.docker.io:443 | |
| *.golang.org:443 | |
| cdn.datatables.net:443 | |
| cdn.jsdelivr.net:443 | |
| code.jquery.com:443 | |
| dl-cdn.alpinelinux.org:443 | |
| github.com:443 | |
| storage.googleapis.com:443 | |
| - name: Checkout source code | |
| uses: actions/checkout@v6 | |
| - name: Download Docker image artifacts | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: docker | |
| - name: Load Docker image | |
| run: gzip --uncompress --stdout docker_image.tgz | docker image load | |
| - name: Test Docker image | |
| run: ./bin/test_docker | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| deploy-staging: | |
| name: Deploy to staging | |
| needs: [lint, build, docker-test] | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/[email protected] | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| *.amazonaws.com:443 | |
| *.docker.io:443 | |
| - name: Download Docker image artifacts | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: docker | |
| - name: Load Docker image | |
| run: gzip --uncompress --stdout docker_image.tgz | docker image load | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: ${{ env.AWS_DEPLOY_ROLE }} | |
| role-session-name: ranger-gha-${{ github.repository_id }}-${{ github.job }}-${{ github.run_id }} | |
| - name: Login to AWS ECR | |
| id: aws-login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Push docker image to Amazon ECR | |
| run: | | |
| image_repository="${{ steps.aws-login-ecr.outputs.registry }}${{ env.AWS_ECR_IMAGE_NAME }}" | |
| docker login | |
| # Push SHA tag | |
| docker tag "ranger-ims-go:${{ github.sha }}" "${image_repository}:${{ github.sha }}" | |
| docker push "${image_repository}:${{ github.sha }}" | |
| # Push staging rollback tag | |
| if docker pull "${image_repository}:staging"; then | |
| echo "Pushing rollback tag for staging" | |
| docker tag "${image_repository}:staging" "${image_repository}:staging_rollback" | |
| docker push "${image_repository}:staging_rollback" | |
| fi | |
| # Push staging tag | |
| echo "Pushing staging tag" | |
| docker tag "${image_repository}:${{ github.sha }}" "${image_repository}:staging" | |
| docker push "${image_repository}:staging" | |
| - name: Get current date | |
| id: date | |
| run: echo "date=$(date "+%Y-%m-%dT%H:%M:%S")" >> "${GITHUB_OUTPUT}" | |
| - name: Fetch and update current task definition | |
| id: new-task-definition | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition-arn: "${{ env.AWS_ECS_TASK_DEFINITION_ARN_STAGING }}" | |
| task-definition-family: "${{ env.AWS_ECS_TASK_DEFINITION_FAMILY_STAGING }}" | |
| container-name: "${{ env.AWS_ECS_CONTAINER_NAME }}" | |
| image: "${{ steps.aws-login-ecr.outputs.registry }}${{ env.AWS_ECR_IMAGE_NAME }}:${{ github.sha }}" | |
| environment-variables: | | |
| GHA_ACTOR_ID=${{ github.actor_id }} | |
| GHA_ACTOR=${{ github.actor }} | |
| GHA_EVENT_NAME=${{ github.event_name }} | |
| GHA_JOB=${{ github.job }} | |
| GHA_REF=${{ github.ref }} | |
| GHA_RUN_ATTEMPT=${{ github.run_attempt }} | |
| GHA_RUN_ID=${{ github.run_id }} | |
| GHA_RUN_NUMBER=${{ github.run_number }} | |
| GHA_TRIGGERING_ACTOR=${{ github.triggering_actor }} | |
| GHA_WORKFLOW=${{ github.workflow }} | |
| GIT_SHA=${{ github.sha }} | |
| TASK_UPDATED=${{ steps.date.outputs.date }} | |
| - name: Update task definition and ECS service | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v2 | |
| with: | |
| task-definition: "${{ steps.new-task-definition.outputs.task-definition }}" | |
| service: "${{ env.AWS_ECS_SERVICE_STAGING }}" | |
| cluster: "${{ env.AWS_ECS_CLUSTER }}" | |
| wait-for-service-stability: true |