Mohammed Al Sahaf
56282c5737
ci: implement new release flow ( #7341 )
...
* ci: implement new release flow
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* remove redundant validation
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* extract key sha
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* pin github-scripts
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* switch to PR-based flow
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* don't use top-level permissions
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* restricted global perms + specific local perms
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* make PR draft
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-11-14 14:55:30 -07:00
dependabot[bot]
afbdcec08b
build(deps): bump the actions-deps group with 8 updates ( #7284 )
...
Bumps the actions-deps group with 8 updates:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner ) | `2.13.0` | `2.13.1` |
| [actions/setup-go](https://github.com/actions/setup-go ) | `5.5.0` | `6.0.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) | `4.7.3` | `4.8.0` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.9.2` | `3.10.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.20.5` | `0.20.6` |
| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch ) | `3.0.0` | `4.0.0` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) | `2.4.2` | `2.4.3` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.30.0` | `3.30.5` |
Updates `step-security/harden-runner` from 2.13.0 to 2.13.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](ec9f2d5744...f4a75cfd61https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582https://github.com/actions/dependency-review-action/releases )
- [Commits](595b5aeba7...56339e523chttps://github.com/sigstore/cosign-installer/releases )
- [Commits](d58896d6a1...d7543c93d8https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](da167eac91...f8bdd1d8achttps://github.com/peter-evans/repository-dispatch/releases )
- [Commits](ff45666b94...5fc4efd1a4https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](05b42c6244...4eaacf0543https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d92b76c45...3599b3baa1
2025-10-01 23:11:09 +00:00
dependabot[bot]
2d0f3f887b
build(deps): bump the actions-deps group with 5 updates ( #7237 )
...
Bumps the actions-deps group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `4.2.2` | `5.0.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) | `6.3.0` | `6.4.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) | `4.7.1` | `4.7.3` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.20.4` | `0.20.5` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.29.7` | `3.30.0` |
Updates `actions/checkout` from 4.2.2 to 5.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.2.2...08c6903cd8c0fde910a37f88322edcfb5dd907a8 )
Updates `goreleaser/goreleaser-action` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](9c156ee8a1...e435ccd777https://github.com/actions/dependency-review-action/releases )
- [Commits](da24556b54...595b5aeba7https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](7b36ad622f...da167eac91https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](51f77329af...2d92b76c45
2025-09-02 13:05:58 -06:00
Kévin Dunglas
05acc5131e
chore: bump Go to v1.25 ( #7184 )
2025-08-14 08:38:42 -06:00
dependabot[bot]
5bc2afbbb6
build(deps): bump the actions-deps group with 6 updates ( #7142 )
...
Bumps the actions-deps group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner ) | `2.12.1` | `2.13.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.6.1` | `4.6.2` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `e9a05e6d32d7ed22b5656cd874ef31af58d05bfa` | `d58896d6a1865668819e1d91763c7751a165e159` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.20.1` | `0.20.4` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) | `2.4.1` | `2.4.2` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.29.0` | `3.29.4` |
Updates `step-security/harden-runner` from 2.12.1 to 2.13.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](002fdce3c6...ec9f2d5744https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...ea165f8d65b6e75b540449e92b4886f43607fa02 )
Updates `sigstore/cosign-installer` from e9a05e6d32d7ed22b5656cd874ef31af58d05bfa to d58896d6a1865668819e1d91763c7751a165e159
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](e9a05e6d32...d58896d6a1https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](9246b90769...7b36ad622fhttps://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](f49aabe0b5...05b42c6244https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ce28f5bb42...4e828ff8d4
2025-08-01 04:34:14 +03:00
Mohammed Al Sahaf
2f0fc62b34
chore: apply security best practices for CI ( #7066 )
...
* chore: apply security best practices for CI
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* remove redundant codeql job
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* run scorecard flow on PRs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-06-16 20:14:09 +00:00
Kévin Dunglas
d2a2311bfd
ci: fix Go matrix ( #6846 )
...
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2025-03-07 10:40:51 -07:00
Matt Holt
d7764dfdbb
caddytls: Encrypted ClientHello (ECH) ( #6862 )
...
* caddytls: Initial commit of Encrypted ClientHello (ECH)
* WIP Caddyfile
* Fill out Caddyfile support
* Enhance godoc comments
* Augment, don't overwrite, HTTPS records
* WIP
* WIP: publication history
* Fix republication logic
* Apply global DNS module to ACME challenges
This allows DNS challenges to be enabled without locally-configured DNS modules
* Ignore false positive from prealloc linter
* ci: Use only latest Go version (1.24 currently)
We no longer support older Go versions, for security benefits.
* Remove old commented code
Static ECH keys for now
* Implement SendAsRetry
2025-03-05 17:04:10 -07:00
Mohammed Al Sahaf
6a8d4f1d60
chore: ci: upgrade Go version to 1.24 ( #6839 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-02-17 07:58:20 -07:00
Mohammed Al Sahaf
01be1b54a8
ci: install xcaddy to fix release flow ( #6602 )
2024-10-02 16:12:29 +00:00
Kévin Dunglas
2028da4e74
ci: build and test with Go 1.23 ( #6526 )
...
* chore: build and test with Go 1.23
* ci: bump golangci-lint to v1.60
* fix: make properly wrap errors
* ci: remove Go 1.21
2024-08-23 11:01:28 -06:00
Mohammed Al Sahaf
5db2f81695
ci: add version key for .goreleaser.yml ( #6376 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-06-06 11:33:19 +03:00
Francis Lavoie
874d0ce822
chore: Bump Go version in CI ( #6310 )
2024-05-10 14:56:18 +00:00
dependabot[bot]
4f3f6e35e8
build(deps): bump actions/setup-go from 4 to 5 ( #6012 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-02 07:13:31 +00:00
dependabot[bot]
1405683c2b
build(deps): bump goreleaser/goreleaser-action from 4 to 5 ( #5847 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 00:34:43 +00:00
dependabot[bot]
89c407aa34
build(deps): bump actions/checkout from 3 to 4 ( #5846 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-01 20:13:54 -04:00
Matt Holt
6cdcc2a782
ci: Update to Go 1.21 ( #5719 )
...
* ci: Update to Go 1.21
* Bump quic-go to v0.37.4
* Check EnableFullDuplex err
* Linter bug suppression
See https://github.com/timakin/bodyclose/issues/52
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-08-09 12:34:28 -04:00
Mohammed Al Sahaf
b07b198764
chore: use --clean instead of --rm-dist for goreleaser ( #5691 )
2023-08-04 16:08:54 +00:00
Marten Seemann
f45a6de20d
go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum ( #5644 )
...
* update quic-go to v0.37.0
* Bump to Go 1.20
* Bump golangci-lint version, yml syntax consistency
* Use skip-pkg-cache workaround
* Workaround needed for both?
* Seeding weakrand is no longer necessary
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-07-21 22:00:48 -06:00
Francis Lavoie
998c6e06a7
chore: Adjustments to CI caching ( #5495 )
2023-04-14 21:38:33 -04:00
dependabot[bot]
b1366c7e46
build(deps): bump actions/setup-go from 3 to 4 ( #5474 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-02 00:36:16 -04:00
Matthew Holt
167981d258
ci: Update minimum Go version to 1.19
2023-02-24 13:45:44 -07:00
Francis Lavoie
e62b5fb586
chore: Build with Go 1.20, keep minimum at 1.18 for now ( #5353 )
2023-02-06 11:29:20 -05:00
TAKAHASHI Shuuji
4e54e48409
ci: Update GitHub Actions to avoid set-output deprecation ( #5271 )
2022-12-28 12:05:42 -05:00
dependabot[bot]
af93517c2d
build(deps): bump goreleaser/goreleaser-action from 2 to 4 ( #5264 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 19:47:33 -05:00
dependabot[bot]
329af5ced9
build(deps): bump actions/cache from 2 to 3 ( #5263 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 18:56:52 -05:00
Mohammed Al Sahaf
eead00f54a
ci: extend goreleaser timeout to 1-hour ( #5067 )
2022-09-22 15:09:18 +00:00
Mohammed Al Sahaf
487217519c
ci: grant the release workflow the write permission to contents ( #5017 )
2022-09-05 21:35:47 +00:00
Mohammed Al Sahaf
0499d9c1c4
ci: add id-token permission and update the signing command ( #5016 )
2022-09-05 20:57:27 +00:00
Mohammed Al Sahaf
d6b3c7d262
ci: generate SBOM and sign artifacts using cosign ( #4910 )
...
* ci: sign artifacts using cosign
* include SBOM
2022-09-03 03:37:10 +03:00
Francis Lavoie
141872ed80
chore: Bump up to Go 1.19, minimum 1.18 ( #4925 )
2022-08-02 16:39:09 -04:00
Francis Lavoie
ef0aaca0d6
ci: Fix build caching on Windows ( #4811 )
...
* ci: Fix build caching on Windows
I was getting tired of Windows being slow as molasses in our CI jobs, so I went to look at our trusty source of github actions + golang information, and found a somewhat recent commit that actually fixed it. See 4b754729ba
2022-05-25 11:56:39 -06:00
Matthew Holt
0d13173071
ci: Fix typo
2022-04-13 14:11:03 -06:00
Francis Lavoie
c3a82f53d5
ci: Ensure we always check for latest version of Go ( #4703 )
...
* ci: Ensure we always check for latest version of Go
* Try to force 1.18.1, 1.17.9
* Use includes for the actual go semver
* Use `~` for semver here, apparently
* Try to make tests still run on 1.18.0 for Mac, for now
2022-04-13 14:03:38 -06:00
cui fliter
e2535233bb
fix typo ( #4702 )
...
Signed-off-by: cuishuang <imcusg@gmail.com>
2022-04-13 10:13:28 -06:00
Francis Lavoie
4e9fbee1e2
ci: Build on Go 1.18, bump actions versions ( #4637 )
...
* ci: Build on Go 1.18, bump actions versions
* Revert linter version bump for now
* Try linter again
2022-03-15 22:09:19 +00:00
Mohammed Al Sahaf
e0fc46a911
ci: revert workaround implemented in #4306 ( #4328 )
2021-09-03 10:05:04 -04:00
Mohammed Al Sahaf
19a55d6aeb
chore: promote creating 'caddy-build' to the release action ( #4306 )
...
The commit goreleaser/goreleaser@013bd69126 of GoReleaser is now checking the `go version` prior to executing any of the pre-hooks, which involves setting the current dir of the command to the `build.dir` of the build config. At the time of version check, the buil dir does not exist. It's created in the pre-hook. As a workaround, the build-dir is now created in the Github Action prior to executing goreleaser action.
2021-08-25 17:30:24 +00:00
Francis Lavoie
6bc87ea2ff
ci: Start testing on Go 1.17, drop 1.15 ( #4283 )
2021-08-16 21:56:20 -06:00
Francis Lavoie
5376e5113e
ci: Build and test on Go 1.16, bump minimum to 1.15 ( #4024 )
...
* ci: Build and test on Go 1.16
* ci: Drop Go 1.14 support
2021-02-18 07:09:49 -05:00
Mohammed Al Sahaf
1b453dd4fb
ci: force fetch the upstream tags ( #3947 )
2020-12-30 21:02:54 +00:00
Francis Lavoie
79f3af9927
ci: Add pushing to cloudsmith ( #3941 )
...
* ci: Add pushing to cloudsmith
* ci: Update comments, remove env TODO
* ci: Fix Cloudsmith installation by setting PATH
* docs: Add Cloudsmith attribution to README
* ci: Switch to keeping armv7 as the armhf .deb
2020-12-30 10:54:58 -07:00
Mohammed Al Sahaf
2b90cdba52
ci: reject tags if not signed by Matthew Holt's key ( #3932 )
...
* ci: reject tags if not signed by Matthew Holt's key
* ci: don't reject tags if an intermediate commits are not signed
2020-12-29 12:52:13 -07:00
Francis Lavoie
ecbc1f85c5
ci: Tweaks for multi go version tests ( #3673 )
2020-08-20 22:40:26 -04:00
Francis Lavoie
61b7002d26
ci: Apparently only single-quote strings are supported ( #3523 )
...
https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#literals
https://github.com/caddyserver/caddy/actions/runs/147953515
2020-06-25 21:58:44 +00:00
Francis Lavoie
7211101c52
ci: Fix gemfury upload condition, move triggers to publish event ( #3483 )
2020-06-08 12:21:20 -06:00
Francis Lavoie
21c1da101c
ci: Disable publishing .deb on beta tags ( #3473 )
2020-06-05 10:23:15 -06:00
Francis Lavoie
07c6076ea0
ci: Add release tagged event triggers to sister repos ( #3321 )
2020-05-06 16:42:55 -04:00
Francis Lavoie
768383a610
ci: Enable GoReleaser .deb support ( #3309 )
...
* ci: Enable GoReleaser .deb support
* ci: Test .deb build
* ci: Fix typo
* ci: Turn off snapshot (breaks due to go mod edit)
* ci: Force the tag to rc3 for now
* ci: Let's try to publish the .debs
* ci: Attempt to enable build cache, rebuild after fixed line endings
* ci: Fix yml dupe ID issue, add caddy-api.service
* ci: Split cache keys between files so they're separate
* ci: Fix bindir
* ci: Update the script files
* ci: Retrigger
* ci: Push to gemfury
* ci: Use loop, fix bad env var
* ci: Retrigger
* ci: Try to force blank password?
* ci: Check if the token is actually present
* ci: Cleanup, remove debugging stuff
* ci: Remove useless comment
2020-04-26 20:20:14 -06:00
Mohammed Al Sahaf
fdfe2ae53b
chore: ci: fix release action script ( #3216 )
...
* chore: ci: fixing the step name that captures the pushed tag
* chrore: ci: exclude commits prefixed with `ci:` from changelog
2020-04-02 16:44:44 -06:00
