summaryrefslogtreecommitdiff
path: root/.github
diff options
context:
space:
mode:
authorMathijs van Veluw <[email protected]>2024-06-19 13:06:58 +0200
committerGitHub <[email protected]>2024-06-19 13:06:58 +0200
commit55fdee3bf8f45ccc7a5a188ab17855ac9866a979 (patch)
tree8df8d5bd8cb4f821bdb456b8e48b1619e9ec6b36 /.github
parent377969ea6769bccd008203c5464eb361f685b787 (diff)
downloadvaultwarden-55fdee3bf8f45ccc7a5a188ab17855ac9866a979.tar.gz
vaultwarden-55fdee3bf8f45ccc7a5a188ab17855ac9866a979.zip
Update crates, web-vault and GHA (#4648)
- Updated all crates including Diesel and the new mysqlclient-sys - Updated the MSRV to v1.78 as that is what Diesel mandates - Added the mimalloc crate as a patch for now to fix armv6 static builds This probably makes #4606 possible - Updated web-vault to v2024.5.1 - Updated GitHub Actions Fixed an issue with the localhost images for extracting the musl binaries.
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/build.yml6
-rw-r--r--.github/workflows/hadolint.yml2
-rw-r--r--.github/workflows/release.yml30
-rw-r--r--.github/workflows/trivy.yml6
4 files changed, 22 insertions, 22 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f3cf942e..7956c382 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,7 +46,7 @@ jobs:
steps:
# Checkout the repo
- name: "Checkout"
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b #v4.1.4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
# End Checkout the repo
@@ -74,7 +74,7 @@ jobs:
# Only install the clippy and rustfmt components on the default rust-toolchain
- name: "Install rust-toolchain version"
- uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # master @ Apr 14, 2024, 9:02 PM GMT+2
+ uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # master @ Jun 13, 2024, 6:20 PM GMT+2
if: ${{ matrix.channel == 'rust-toolchain' }}
with:
toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
@@ -84,7 +84,7 @@ jobs:
# Install the any other channel to be used for which we do not execute clippy and rustfmt
- name: "Install MSRV version"
- uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # master @ Apr 14, 2024, 9:02 PM GMT+2
+ uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # master @ Jun 13, 2024, 6:20 PM GMT+2
if: ${{ matrix.channel != 'rust-toolchain' }}
with:
toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
index 923d8372..bd890580 100644
--- a/.github/workflows/hadolint.yml
+++ b/.github/workflows/hadolint.yml
@@ -13,7 +13,7 @@ jobs:
steps:
# Checkout the repo
- name: Checkout
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# End Checkout the repo
# Download hadolint - https://github.com/hadolint/hadolint/releases
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index baf48763..b7eb5564 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -58,7 +58,7 @@ jobs:
steps:
# Checkout the repo
- name: Checkout
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
@@ -71,11 +71,11 @@ jobs:
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
# https://github.com/moby/buildkit/issues/3969
- # Also set max parallelism to 2, the default of 4 breaks GitHub Actions
+ # Also set max parallelism to 3, the default of 4 breaks GitHub Actions and causes OOMKills
with:
buildkitd-config-inline: |
[worker.oci]
- max-parallelism = 2
+ max-parallelism = 3
driver-opts: |
network=host
@@ -102,7 +102,7 @@ jobs:
# Login to Docker Hub
- name: Login to Docker Hub
- uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+ uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -116,7 +116,7 @@ jobs:
# Login to GitHub Container Registry
- name: Login to GitHub Container Registry
- uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+ uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -137,7 +137,7 @@ jobs:
# Login to Quay.io
- name: Login to Quay.io
- uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+ uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
@@ -171,7 +171,7 @@ jobs:
echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}localhost:5000/vaultwarden/server" | tee -a "${GITHUB_ENV}"
- name: Bake ${{ matrix.base_image }} containers
- uses: docker/bake-action@73b0efa7a0e8ac276e0a8d5c580698a942ff10b5 # v4.4.0
+ uses: docker/bake-action@1c5f18a523c4c68524cfbc5161494d8bb5b29d20 # v5.0.1
env:
BASE_TAGS: "${{ env.BASE_TAGS }}"
SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}"
@@ -204,28 +204,28 @@ jobs:
# This is needed because using different platforms doesn't trigger a new pull/download
# Extract amd64 binary
- docker create --name amd64 --platform=linux/amd64 "vaultwarden/server:${EXTRACT_TAG}-alpine"
+ docker create --name amd64 --platform=linux/amd64 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
docker cp amd64:/vaultwarden vaultwarden-amd64
docker rm --force amd64
- docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
+ docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
# Extract arm64 binary
- docker create --name arm64 --platform=linux/arm64 "vaultwarden/server:${EXTRACT_TAG}-alpine"
+ docker create --name arm64 --platform=linux/arm64 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
docker cp arm64:/vaultwarden vaultwarden-arm64
docker rm --force arm64
- docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
+ docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
# Extract armv7 binary
- docker create --name armv7 --platform=linux/arm/v7 "vaultwarden/server:${EXTRACT_TAG}-alpine"
+ docker create --name armv7 --platform=linux/arm/v7 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
docker cp armv7:/vaultwarden vaultwarden-armv7
docker rm --force armv7
- docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
+ docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
# Extract armv6 binary
- docker create --name armv6 --platform=linux/arm/v6 "vaultwarden/server:${EXTRACT_TAG}-alpine"
+ docker create --name armv6 --platform=linux/arm/v6 "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
docker cp armv6:/vaultwarden vaultwarden-armv6
docker rm --force armv6
- docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
+ docker rmi --force "localhost:5000/vaultwarden/server:${EXTRACT_TAG}-alpine"
# Upload artifacts to Github Actions
- name: "Upload amd64 artifact"
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 86448485..2c957994 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -25,10 +25,10 @@ jobs:
actions: read
steps:
- name: Checkout code
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b #v4.1.4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
- name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
+ uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
with:
scan-type: repo
ignore-unfixed: true
@@ -37,6 +37,6 @@ jobs:
severity: CRITICAL,HIGH
- name: Upload Trivy scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33 # v3.25.3
+ uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33 # v3.25.10
with:
sarif_file: 'trivy-results.sarif'