Skip to content

🌱 Bump github.com/google/osv-scanner from 1.9.0 to 1.9.1 #7560

🌱 Bump github.com/google/osv-scanner from 1.9.0 to 1.9.1

🌱 Bump github.com/google/osv-scanner from 1.9.0 to 1.9.1 #7560

Workflow file for this run

# Copyright 2021 OpenSSF Scorecard Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
permissions:
contents: read
name: docker-build
on:
pull_request:
branches:
- main
env:
GO_VERSION: 1.23
jobs:
docs_only_check:
name: Check for docs-only change
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
docs_only: ${{ steps.docs_only_check.outputs.docs_only }}
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
with:
fetch-depth: 2 # needed to diff changed files
- id: docs_only_check
name: Check for docs-only changes
run: |
set +e # dont fail based on grep exit code
git diff --name-only HEAD~1 | grep --ignore-case --invert-match '.md$'
if [ $? -eq 1 ]; then
# no grep match (all files end in .md) produces exit code 1
echo "docs_only=true" >> $GITHUB_OUTPUT
else
echo "docs_only=false" >> $GITHUB_OUTPUT
fi
docker_matrix:
strategy:
matrix:
target:
- 'scorecard-docker'
- 'cron-controller-docker'
- 'cron-worker-docker'
- 'cron-cii-worker-docker'
- 'cron-bq-transfer-docker'
- 'cron-webhook-docker'
- 'cron-github-server-docker'
- 'build-attestor-docker'
name: ${{ matrix.target }}
runs-on: ubuntu-latest
permissions:
contents: read
needs: docs_only_check
# ideally we put one "if" here, but due to how skipped matrix jobs work, we need one for each step
# https://github.com/orgs/community/discussions/9141
steps:
- name: Harden Runner
if: (needs.docs_only_check.outputs.docs_only != 'true')
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Clone the code
if: (needs.docs_only_check.outputs.docs_only != 'true')
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Go # needed for some of the Makefile evaluations, even if building happens in Docker
if: (needs.docs_only_check.outputs.docs_only != 'true')
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: false # the building happens in Docker, so saving this cache would negatively impact other builds
- name: docker build
if: (needs.docs_only_check.outputs.docs_only != 'true')
run: make ${{ matrix.target }}