diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3284bd1..5b03ccc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,16 +16,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Test - uses: docker/bake-action@f6acc70fe0da9b200315017ca49a08c0de03aa0b # v5.1.0 + uses: docker/bake-action@212c36739681a6271d58dcfe0d001d2ad13f8e75 # v6.7.0 with: targets: test diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 7cb829d..3139894 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -15,21 +15,22 @@ jobs: prepare: runs-on: ubuntu-latest outputs: - targets: ${{ steps.targets.outputs.matrix }} + targets: ${{ steps.generate.outputs.targets }} steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Targets matrix - id: targets - run: | - echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT + name: List targets + id: generate + uses: docker/bake-action/subaction/list-targets@212c36739681a6271d58dcfe0d001d2ad13f8e75 # v6.7.0 + with: + target: validate validate: runs-on: ubuntu-latest @@ -41,15 +42,12 @@ jobs: target: ${{ fromJson(needs.prepare.outputs.targets) }} steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit - - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Validate - uses: docker/bake-action@f6acc70fe0da9b200315017ca49a08c0de03aa0b # v5.1.0 + uses: docker/bake-action@212c36739681a6271d58dcfe0d001d2ad13f8e75 # v6.7.0 with: targets: ${{ matrix.target }} diff --git a/docker-bake.hcl b/docker-bake.hcl index 2942972..3d72178 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,3 +1,9 @@ +target "_common" { + args = { + BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1 + } +} + group "default" { targets = ["build"] } @@ -11,42 +17,49 @@ group "validate" { } target "build" { + inherits = ["_common"] dockerfile = "dev.Dockerfile" target = "build-update" output = ["."] } target "build-validate" { + inherits = ["_common"] dockerfile = "dev.Dockerfile" target = "build-validate" output = ["type=cacheonly"] } target "format" { + inherits = ["_common"] dockerfile = "dev.Dockerfile" target = "format-update" output = ["."] } target "lint" { + inherits = ["_common"] dockerfile = "dev.Dockerfile" target = "lint" output = ["type=cacheonly"] } target "vendor-update" { + inherits = ["_common"] dockerfile = "dev.Dockerfile" target = "vendor-update" output = ["."] } target "vendor-validate" { + inherits = ["_common"] dockerfile = "dev.Dockerfile" target = "vendor-validate" output = ["type=cacheonly"] } target "test" { + inherits = ["_common"] dockerfile = "dev.Dockerfile" target = "test-coverage" output = ["./coverage"]