ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 08:55:27 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

🌱 Use a matrix for when building binaries in main.yml (#3291)

Browse Source 
* Use matrix for build jobs.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* These build targets dont seem to need protoc.

This lets us save the API quota.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
This commit is contained in:
Spencer Schrock 2023-07-21 09:32:54 -07:00 committed by GitHub
parent 32e11dcc38
commit 2255c88656
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 447 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

467
.github/workflows/main.yml vendored
View File

@ -216,23 +216,30 @@ jobs:
command: |
go env -w GOFLAGS=-mod=mod
make build-proto
build-scorecard:
name: build-scorecard
build-matrix:
strategy:
matrix:
target:
- 'build-scorecard'
- 'build-controller'
- 'build-worker'
- 'build-cii-worker'
- 'build-shuffler'
- 'build-bq-transfer'
- 'build-github-server'
- 'build-webhook'
- 'build-add-script'
- 'build-validate-script'
name: ${{ matrix.target }}
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
@ -246,456 +253,22 @@ jobs:
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: Run build
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-scorecard
build-controller:
name: build-controller
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: build cron
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-controller
build-worker:
name: build-worker
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: build worker
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-worker
build-cii-worker:
name: build-cii-worker
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: build cii-worker
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-cii-worker
build-shuffler:
name: build-shuffler
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: build shuffler
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-shuffler
build-bq-transfer:
name: build-bq-transfer
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: build bq transfer
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-bq-transfer
build-github-server:
name: build-github-server
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: build bq transfer
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-github-server
build-webhook:
name: build-webhook
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: build webhook
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-webhook
build-add-script:
name: build-add-script
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: build-add-script
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-add-script
build-validate-script:
name: build-validate-script
runs-on: ubuntu-latest
needs: build-proto
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Install Protoc
uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Cache builds
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Clone the code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: build-validate-script
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: |
go env -w GOFLAGS=-mod=mod
make build-validate-script
make ${{ matrix.target }}
validate-docs:
name: validate-docs
runs-on: ubuntu-latest