bump all dependencies in go (#160) #469
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: true | |
| - name: Set up Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: | | |
| go mod download | |
| npm ci | |
| echo "$PWD/node_modules/.bin" >> $GITHUB_PATH | |
| - name: Build WASM | |
| run: make wasm | |
| - name: Test | |
| run: go test -v ./... | |
| - name: Lint | |
| run: make lint | |
| - name: Build | |
| run: make build | |
| - name: Get Playwright version | |
| id: playwright-version | |
| run: echo "version=$(npm ls @playwright/test --json | jq -r '.dependencies["@playwright/test"].version')" >> $GITHUB_OUTPUT | |
| - name: Cache Playwright browsers | |
| id: playwright-cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.cache/ms-playwright | |
| key: ${{ runner.os }}-playwright-${{ steps.playwright-version.outputs.version }} | |
| - name: Install Playwright Browsers | |
| if: steps.playwright-cache.outputs.cache-hit != 'true' | |
| run: npx playwright install --with-deps | |
| - name: Install Playwright OS dependencies | |
| if: steps.playwright-cache.outputs.cache-hit == 'true' | |
| run: npx playwright install-deps | |
| - name: Run Playwright E2E tests | |
| run: make test-e2e | |
| - name: Test tlock integration | |
| run: make test-tlock | |
| docker: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.head_ref || github.ref }} | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v31 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-25.11 | |
| - name: Build Docker images (fix Nix hashes if needed) | |
| run: | | |
| # Build amd64, auto-fixing hash mismatches (up to 3 rounds for | |
| # npmDeps + vendorHash + verify) | |
| for attempt in 1 2 3; do | |
| echo "=== Build attempt $attempt ===" | |
| if nix build .#docker -o result-amd64 2>build-err.log; then | |
| break | |
| fi | |
| cat build-err.log >&2 | |
| NEW_HASH=$(grep -oE 'got:[[:space:]]+[^ ]+' build-err.log | sed 's/got:[[:space:]]*//') | |
| if [ -z "$NEW_HASH" ]; then | |
| echo "Build failed without a hash mismatch" | |
| exit 1 | |
| fi | |
| if grep -q 'npm-deps' build-err.log; then | |
| echo "Fixing npmDeps hash: $NEW_HASH" | |
| sed -i "/fetchNpmDeps/,/};/ s|hash = \".*\"|hash = \"$NEW_HASH\"|" flake.nix | |
| else | |
| echo "Fixing vendorHash: $NEW_HASH" | |
| sed -i "s|vendorHash = \".*\"|vendorHash = \"$NEW_HASH\"|" flake.nix | |
| fi | |
| done | |
| nix build .#docker-arm64 -o result-arm64 | |
| - name: Commit hash fix | |
| run: | | |
| git diff --quiet flake.nix && exit 0 | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add flake.nix | |
| git commit -m "fix: update Nix hashes for dependency changes" | |
| git push |