SEC-090: Automated trusted workflow pinning (2024-05-13) #234
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Continuous integration handling for Protocol Buffers | |
name: ci-protobuf | |
on: | |
pull_request: | |
paths: | |
- .github/workflows/ci-protobuf.yml | |
- go.mod | |
- go.sum | |
- 'tfprotov5/internal/tfplugin5/*' | |
- 'tfprotov6/internal/tfplugin6/*' | |
- tools/go.mod | |
- tools/go.sum | |
permissions: | |
contents: read | |
jobs: | |
protoc: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: 'go.mod' | |
- uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 | |
with: | |
# The version string is embedded in protoc generated files, so it is | |
# pinned here to prevent unexpected differences. Follow the | |
# https://github.com/protocolbuffers/protobuf repository for protoc | |
# release updates. | |
version: '26.1' | |
- run: go mod download | |
- run: make tools | |
- run: make protoc | |
- name: git diff | |
run: | | |
git diff --compact-summary --exit-code || \ | |
(echo; git diff; echo; echo "Unexpected difference in directories after code generation. Run 'protoc' command and commit."; exit 1) |