From 97f8ac76c465f143fad311866d9aec8d09108c85 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 14:15:37 +0100 Subject: [PATCH 01/24] add ci file --- .github/workflows/release.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..ba71565 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,19 @@ +name: Release +on: push +jobs: + release: + runs-on: ubuntu-18.04 + steps: + - name: Source checkout + uses: actions/checkout@v1 + with: + fetch-depth: 1 + - name: Release + shell: bash + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + export GIT_TAG="v$(npx semantic-release --dry-run --plugins=@semantic-release/commit-analyzer --analize-commits | grep "The next release version is" | sed -ne 's/.*The\ next\ release\ version\ is\ \([0-9]\+\.[0-9]\+\.[0-9]\+\)$/\1/p')" + [[ "$GIT_TAG" == "v" ]] && echo "Exiting, as no new version needs to be released" && exit 0 + echo "Insert Go test & Build Here" ## Insert Go test & Build Here + npx semantic-release \ No newline at end of file From a91607b4e1673b61ae0c2dfd184689c9fde9f937 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 14:18:46 +0100 Subject: [PATCH 02/24] seperate test and release --- .github/workflows/release.yml | 5 ++++- .github/workflows/test.yml | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ba71565..04a374e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,8 @@ name: Release -on: push +on: + push: + branches: + - master jobs: release: runs-on: ubuntu-18.04 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..ab54a86 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,20 @@ +name: Test +on: + push: + branches: + - !master +jobs: + release: + runs-on: ubuntu-18.04 + steps: + - name: Source checkout + uses: actions/checkout@v1 + with: + fetch-depth: 1 + - name: Release + shell: bash + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "Insert Go test & Build Here" ## Insert Go test & Build Here + npx semantic-release \ No newline at end of file From 27a9c8fdcb3cb98187a953ed8dd7fe94eee258d7 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 14:23:29 +0100 Subject: [PATCH 03/24] change to matrix build --- .github/workflows/test.yml | 30 +++++++++++++----------------- .gitignore | 2 ++ 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ab54a86..772ffab 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,20 +1,16 @@ name: Test -on: - push: - branches: - - !master +on: push jobs: - release: - runs-on: ubuntu-18.04 + build: + runs-on: ubuntu-108.04 + strategy: + matrix: + go: ['1.11', '1.12', '1.13'] + name: Go ${{ matrix.go }} sample steps: - - name: Source checkout - uses: actions/checkout@v1 - with: - fetch-depth: 1 - - name: Release - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo "Insert Go test & Build Here" ## Insert Go test & Build Here - npx semantic-release \ No newline at end of file + - uses: actions/checkout@master + - name: Setup go + uses: actions/setup-go@v1 + with: + go-version: ${{ matrix.go }} + - run: echo "i am groot" \ No newline at end of file diff --git a/.gitignore b/.gitignore index f1c181e..217eeb7 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,5 @@ # Output of the go coverage tool, specifically when used with LiteIDE *.out + +.DS_Store \ No newline at end of file From 931956f95a6d2fa717e67abc7b3bd586c003ea96 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 14:25:09 +0100 Subject: [PATCH 04/24] add file to test CI --- .github/workflows/test.yml | 2 +- main.go | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 main.go diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 772ffab..679abd5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,4 +13,4 @@ jobs: uses: actions/setup-go@v1 with: go-version: ${{ matrix.go }} - - run: echo "i am groot" \ No newline at end of file + - run: go run main.go \ No newline at end of file diff --git a/main.go b/main.go new file mode 100644 index 0000000..4734979 --- /dev/null +++ b/main.go @@ -0,0 +1,5 @@ +package main +import "fmt" +func main() { + fmt.Println("hello world") +} \ No newline at end of file From 41cf7deb96cf99a8cccd02d908f592cab3725603 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 14:26:34 +0100 Subject: [PATCH 05/24] fix version --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 679abd5..70c3322 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,7 +2,7 @@ name: Test on: push jobs: build: - runs-on: ubuntu-108.04 + runs-on: ubuntu-18.04 strategy: matrix: go: ['1.11', '1.12', '1.13'] From 2449f3fc40f1fc43120b98546d3bce0fdd6766d1 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 14:31:34 +0100 Subject: [PATCH 06/24] add test build --- .github/workflows/release.yml | 16 +++++++++++++--- .github/workflows/test.yml | 2 +- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 04a374e..0d2192b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,19 @@ on: branches: - master jobs: + build: + runs-on: ubuntu-18.04 + strategy: + matrix: + go: ['1.11', '1.12', '1.13'] + name: Go ${{ matrix.go }} sample + steps: + - uses: actions/checkout@master + - name: Setup go + uses: actions/setup-go@v1 + with: + go-version: ${{ matrix.go }} + - run: go run main.go release: runs-on: ubuntu-18.04 steps: @@ -13,10 +26,7 @@ jobs: fetch-depth: 1 - name: Release shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | export GIT_TAG="v$(npx semantic-release --dry-run --plugins=@semantic-release/commit-analyzer --analize-commits | grep "The next release version is" | sed -ne 's/.*The\ next\ release\ version\ is\ \([0-9]\+\.[0-9]\+\.[0-9]\+\)$/\1/p')" [[ "$GIT_TAG" == "v" ]] && echo "Exiting, as no new version needs to be released" && exit 0 - echo "Insert Go test & Build Here" ## Insert Go test & Build Here npx semantic-release \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 70c3322..f5e9c29 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,4 +1,4 @@ -name: Test +name: Test & Build on: push jobs: build: From fd677e9d4a5bae185ae3dc7ae0c93837d9308467 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 14:34:37 +0100 Subject: [PATCH 07/24] add badge --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index cefa308..1498fd6 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # oidc + +![Release Badge](https://github.com/caos/oidc/workflows/Release/badge.svg) + OpenID Connect SDK (client and server) for Go From 013b1989db3f3a65b6ca0c881b6aabbb9332eaa6 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 14:53:07 +0100 Subject: [PATCH 08/24] Create SECURITY.md --- SECURITY.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..e36896b --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 1.x.x | :white_check_mark: (note yet available) | +| 0.x.x | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From 151df41ae036008b8472ee97568a9489a1a73354 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 15:02:12 +0100 Subject: [PATCH 09/24] initial securtiy file --- SECURITY.md | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index e36896b..62b1cff 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,19 +1,26 @@ # Security Policy +At @caos we are extremely grateful for security aware people that disclose vulnerabilities to us and the Open Source Community. All reports are thoroughly investigated by our engineering team. + ## Supported Versions -Use this section to tell people about which versions of your project are -currently being supported with security updates. +After the initial Release the following version support will aplly | Version | Supported | | ------- | ------------------ | | 1.x.x | :white_check_mark: (note yet available) | | 0.x.x | :x: | -## Reporting a Vulnerability +## Reporting a vulnerability -Use this section to tell people how to report a vulnerability. +To file a incident, please disclose by email to security@caos.ch a list with the security details. -Tell them where to go, how often they can expect to get an update on a -reported vulnerability, what to expect if the vulnerability is accepted or -declined, etc. +At the moment GPG encryption is no yet supported, however you may sign your message at will. + +### When should I report a vulnerability? + +### When should I NOT report a vulnerability? + +## Security Vulnerability Response + +## Public Disclosure Timing From f73b1b2d7ab9110981efb80b3baca610a2903e70 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 15:07:36 +0100 Subject: [PATCH 10/24] minor text changes --- SECURITY.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 62b1cff..7727307 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -19,8 +19,16 @@ At the moment GPG encryption is no yet supported, however you may sign your mess ### When should I report a vulnerability? +* You think you discovered a ... + * ... potential security vulnerability in the SDK + * ... vulnerability in another project that this SDK bases on +* For projects with their own vulnerability reporting and disclosure process, please report it directly there + ### When should I NOT report a vulnerability? +* You need help applying security related updates +* Your issue is not security related + ## Security Vulnerability Response ## Public Disclosure Timing From e6729a0dba73702dcefc8a7ff071a2bcb9922ab3 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 15:30:02 +0100 Subject: [PATCH 11/24] some more text --- SECURITY.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7727307..2ab2445 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -17,18 +17,24 @@ To file a incident, please disclose by email to security@caos.ch a list with the At the moment GPG encryption is no yet supported, however you may sign your message at will. -### When should I report a vulnerability? +### When should I report a vulnerability * You think you discovered a ... * ... potential security vulnerability in the SDK * ... vulnerability in another project that this SDK bases on * For projects with their own vulnerability reporting and disclosure process, please report it directly there -### When should I NOT report a vulnerability? +### When should I NOT report a vulnerability * You need help applying security related updates * Your issue is not security related ## Security Vulnerability Response -## Public Disclosure Timing +## Public Disclosure + +All accepted and mitigated vulnerabilitys will be published on the [Github Security Page](https://github.com/caos/oidc/security/advisories) + +### Timing + +We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknow nature of the discloures the time frame can range from 7 to 90 days. From ed04290a620fb63224d5ec59e01398b16db1b14f Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Fri, 15 Nov 2019 15:49:56 +0100 Subject: [PATCH 12/24] add sematic-release (#3) * add sematic-release * refactor * job release depends on job test * seperate step * add badge --- .github/workflows/release.yml | 38 ++++++++++++++++++++--------------- .github/workflows/test.yml | 16 --------------- README.md | 1 + releaserc.js | 7 +++++++ 4 files changed, 30 insertions(+), 32 deletions(-) delete mode 100644 .github/workflows/test.yml create mode 100644 releaserc.js diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0d2192b..42e6685 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,15 +1,26 @@ name: Release -on: - push: - branches: - - master +on: push jobs: - build: + test: runs-on: ubuntu-18.04 strategy: matrix: go: ['1.11', '1.12', '1.13'] - name: Go ${{ matrix.go }} sample + name: Go ${{ matrix.go }} test + steps: + - uses: actions/checkout@master + - name: Setup go + uses: actions/setup-go@v1 + with: + go-version: ${{ matrix.go }} + - run: go run main.go + build: + runs-on: ubuntu-18.04 + needs: test + strategy: + matrix: + go: ['1.11', '1.12', '1.13'] + name: Go ${{ matrix.go }} build steps: - uses: actions/checkout@master - name: Setup go @@ -19,14 +30,9 @@ jobs: - run: go run main.go release: runs-on: ubuntu-18.04 + needs: [test, build] steps: - - name: Source checkout - uses: actions/checkout@v1 - with: - fetch-depth: 1 - - name: Release - shell: bash - run: | - export GIT_TAG="v$(npx semantic-release --dry-run --plugins=@semantic-release/commit-analyzer --analize-commits | grep "The next release version is" | sed -ne 's/.*The\ next\ release\ version\ is\ \([0-9]\+\.[0-9]\+\.[0-9]\+\)$/\1/p')" - [[ "$GIT_TAG" == "v" ]] && echo "Exiting, as no new version needs to be released" && exit 0 - npx semantic-release \ No newline at end of file + - name: Semantic Release + uses: cycjimmy/semantic-release-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index f5e9c29..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Test & Build -on: push -jobs: - build: - runs-on: ubuntu-18.04 - strategy: - matrix: - go: ['1.11', '1.12', '1.13'] - name: Go ${{ matrix.go }} sample - steps: - - uses: actions/checkout@master - - name: Setup go - uses: actions/setup-go@v1 - with: - go-version: ${{ matrix.go }} - - run: go run main.go \ No newline at end of file diff --git a/README.md b/README.md index 1498fd6..4d372dd 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # oidc +[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)] ![Release Badge](https://github.com/caos/oidc/workflows/Release/badge.svg) OpenID Connect SDK (client and server) for Go diff --git a/releaserc.js b/releaserc.js new file mode 100644 index 0000000..cf2f499 --- /dev/null +++ b/releaserc.js @@ -0,0 +1,7 @@ +module.exports = { + branch: 'master', + plugins: [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator" + ] + }; \ No newline at end of file From ce1a54ad19ccfb829e6360555122f0f7b9cf20de Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Mon, 18 Nov 2019 15:50:04 +0100 Subject: [PATCH 13/24] small changes --- SECURITY.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 2ab2445..09cd1f9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,6 @@ # Security Policy -At @caos we are extremely grateful for security aware people that disclose vulnerabilities to us and the Open Source Community. All reports are thoroughly investigated by our engineering team. +At @caos we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team. ## Supported Versions @@ -13,7 +13,7 @@ After the initial Release the following version support will aplly ## Reporting a vulnerability -To file a incident, please disclose by email to security@caos.ch a list with the security details. +To file a incident, please disclose by email to security@caos.ch with the security details. At the moment GPG encryption is no yet supported, however you may sign your message at will. @@ -31,10 +31,12 @@ At the moment GPG encryption is no yet supported, however you may sign your mess ## Security Vulnerability Response +TBD + ## Public Disclosure All accepted and mitigated vulnerabilitys will be published on the [Github Security Page](https://github.com/caos/oidc/security/advisories) ### Timing -We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknow nature of the discloures the time frame can range from 7 to 90 days. +We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days. \ No newline at end of file From eb5027ae51a921df763d2186171d96815b0a5250 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 08:18:19 +0100 Subject: [PATCH 14/24] Update SECURITY.md Co-Authored-By: livio-a --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 09cd1f9..0df2a81 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,6 @@ # Security Policy -At @caos we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team. +At caos we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team. ## Supported Versions @@ -39,4 +39,4 @@ All accepted and mitigated vulnerabilitys will be published on the [Github Secur ### Timing -We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days. \ No newline at end of file +We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days. From 4f50f011d58c8cc30d425b543eb3b0242850894a Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 08:18:37 +0100 Subject: [PATCH 15/24] correct typo Co-Authored-By: livio-a --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 0df2a81..6d84309 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ At caos we are extremely grateful for security aware people that disclose vulner ## Supported Versions -After the initial Release the following version support will aplly +After the initial Release the following version support will apply | Version | Supported | | ------- | ------------------ | From 0e3a46bad95b08f83d14a9d61989131ba151467a Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 08:18:56 +0100 Subject: [PATCH 16/24] Update SECURITY.md Co-Authored-By: livio-a --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 6d84309..f7ecc88 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -17,7 +17,7 @@ To file a incident, please disclose by email to security@caos.ch with the securi At the moment GPG encryption is no yet supported, however you may sign your message at will. -### When should I report a vulnerability +### When should I report a vulnerability * You think you discovered a ... * ... potential security vulnerability in the SDK From 228395c4eb68647022af2b64ba07bb538d471aae Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 10:05:26 +0100 Subject: [PATCH 17/24] chore:change semantic release --- .github/workflows/release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 42e6685..f4ecb2e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-18.04 needs: [test, build] steps: - - name: Semantic Release - uses: cycjimmy/semantic-release-action@v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + - uses: brpaz/action-semantic-release@v1 + with: + dry_run: "false" + branch: master From d7d4cb790af871844019b66a064ebbf843afd601 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 10:09:48 +0100 Subject: [PATCH 18/24] cleanup old file --- .github/workflows/release.yml | 1 + releaserc.js | 7 ------- 2 files changed, 1 insertion(+), 7 deletions(-) delete mode 100644 releaserc.js diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f4ecb2e..3410c2c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,4 +35,5 @@ jobs: - uses: brpaz/action-semantic-release@v1 with: dry_run: "false" + install_plugins: "semantic-release-docker semantic-release-gcr" branch: master diff --git a/releaserc.js b/releaserc.js deleted file mode 100644 index cf2f499..0000000 --- a/releaserc.js +++ /dev/null @@ -1,7 +0,0 @@ -module.exports = { - branch: 'master', - plugins: [ - "@semantic-release/commit-analyzer", - "@semantic-release/release-notes-generator" - ] - }; \ No newline at end of file From 3187a413b23039098c7220eb84cb15f50cbcd509 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 10:10:15 +0100 Subject: [PATCH 19/24] remove dependecies in semrelease --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3410c2c..f4ecb2e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,5 +35,4 @@ jobs: - uses: brpaz/action-semantic-release@v1 with: dry_run: "false" - install_plugins: "semantic-release-docker semantic-release-gcr" branch: master From 74648d8b46e907f13a0b1c43963257dfa4a0498d Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 10:27:07 +0100 Subject: [PATCH 20/24] chore:trying to fix semrelease --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f4ecb2e..9a65c0f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,6 +31,8 @@ jobs: release: runs-on: ubuntu-18.04 needs: [test, build] + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - uses: brpaz/action-semantic-release@v1 with: From d7ddf53f9c84799315d884e5fb9527e0b2abae23 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 10:56:43 +0100 Subject: [PATCH 21/24] chore:fixci --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9a65c0f..3765026 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,6 +34,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: + - uses: actions/checkout@master - uses: brpaz/action-semantic-release@v1 with: dry_run: "false" From a43160348ac94a9b857c912dad698e45bdd44322 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 12:44:39 +0100 Subject: [PATCH 22/24] try original github action --- .github/workflows/release.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3765026..a74759c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,7 +35,14 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - uses: actions/checkout@master - - uses: brpaz/action-semantic-release@v1 + - name: Semantic Release + uses: cycjimmy/semantic-release-action@v2 + id: semantic # Need an `id` for output variables with: - dry_run: "false" branch: master + semantic_version: latest + extra_plugins: | + @semantic-release/git + @semantic-release/changelog@3.0.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 2f5902b35bd4d9367bd58dadd16f12cc16201668 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 12:55:11 +0100 Subject: [PATCH 23/24] chore:use npx instead of GH action --- .github/workflows/release.yml | 28 +++++++++++++--------------- .releaserc.js | 7 +++++++ 2 files changed, 20 insertions(+), 15 deletions(-) create mode 100644 .releaserc.js diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a74759c..2fa3f33 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,21 +28,19 @@ jobs: with: go-version: ${{ matrix.go }} - run: go run main.go - release: + release: release: runs-on: ubuntu-18.04 needs: [test, build] - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@master - - name: Semantic Release - uses: cycjimmy/semantic-release-action@v2 - id: semantic # Need an `id` for output variables - with: - branch: master - semantic_version: latest - extra_plugins: | - @semantic-release/git - @semantic-release/changelog@3.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Source checkout + uses: actions/checkout@v1 + with: + fetch-depth: 1 + - name: Release + shell: bash + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + npx semantic-release + + diff --git a/.releaserc.js b/.releaserc.js new file mode 100644 index 0000000..cf2f499 --- /dev/null +++ b/.releaserc.js @@ -0,0 +1,7 @@ +module.exports = { + branch: 'master', + plugins: [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator" + ] + }; \ No newline at end of file From 4d6568bf34c3b7dca7394f8c821ee2ce207ed48d Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Nov 2019 12:56:34 +0100 Subject: [PATCH 24/24] chore:use npx --- .github/workflows/release.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2fa3f33..c86e9c1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: with: go-version: ${{ matrix.go }} - run: go run main.go - release: release: + release: runs-on: ubuntu-18.04 needs: [test, build] steps: @@ -41,6 +41,4 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - npx semantic-release - - + npx semantic-release \ No newline at end of file