redpanda-data · andrewhsu · Aug 17, 2024 · Aug 17, 2024 · Aug 17, 2024 · Aug 17, 2024
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -1,10 +1,10 @@
-name: "Code Scanning - Action"
-
+---
+name: codeql-analysis
 on:
   push:
-    branches: [main]
+    branches: [master]
   pull_request:
-    branches: [main]
+    branches: [master]
   schedule:
     #        ┌───────────── minute (0 - 59)
     #        │  ┌───────────── hour (0 - 23)
@@ -16,29 +16,16 @@ on:
     #        │  │ │ │ │
     #        *  * * * *
     - cron: '30 1 * * 0'
-
 jobs:
-  CodeQL-Build:
-    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
+  codeql:
     runs-on: ubuntu-latest
-
     permissions:
       # required for all workflows
       security-events: write
-
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+      - uses: actions/checkout@v4
+      - uses: github/codeql-action/init@v3
         with:
           languages: go
-
-      # Autobuild attempts to build any compiled languages (C/C++, C#, or Java)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+      - uses: github/codeql-action/autobuild@v3
+      - uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/docker-image.yaml → .github/workflows/docker-image.yml b/.github/workflows/docker-image.yaml → .github/workflows/docker-image.yml
@@ -1,42 +1,38 @@
 ---
-name: Build Docker image
+name: docker-image
 on:
   push:
-    tags:
-      - '*'
-    branches:
-      - "master"
-    paths-ignore:
-      - 'charts/**'
+    tags: ['*']
+    branches: ['master']
+    paths-ignore: ['charts/**']
+permissions:
+  id-token: write
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - name: configure aws credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2
-      - name: get secrets from aws sm
-        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+          aws-region: ${{ vars.RP_AWS_CRED_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.RP_AWS_CRED_ACCOUNT_ID }}:role/${{ vars.RP_AWS_CRED_BASE_ROLE_NAME }}${{ github.event.repository.name }}
+      - uses: aws-actions/aws-secretsmanager-get-secrets@v2
         with:
           secret-ids: |
             ,sdlc/prod/github/dockerhub_token
           parse-json-secrets: true
       - uses: actions/checkout@v4
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
         with:
-          driver-opts: image=moby/buildkit:v0.10.3,network=host
-      - name: Set Release Date
+          driver-opts: |
+            image=moby/buildkit:v0.15.2
+            network=host
+      - name: Set build date
         run: |
           echo "BUILT_AT=$(date --rfc-3339=date)" >> ${GITHUB_ENV}
-      - name: Docker meta
+      - uses: docker/metadata-action@v5
         id: docker_meta
-        uses: docker/metadata-action@v5
         with:
           # list of Docker images to use as base name for tags
           images: |
@@ -48,13 +44,11 @@ jobs:
           tags: |
             type=sha,prefix={{branch}}-,format=short,enable={{is_default_branch}}
             type=semver,pattern={{raw}}
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
+      - uses: docker/login-action@v3
         with:
           username: vectorizedbot
           password: ${{ env.DOCKERHUB_TOKEN }}
-      - name: Build and push
-        uses: docker/build-push-action@v6
+      - uses: docker/build-push-action@v6
         with:
           provenance: false
           push: true

diff --git a/.github/workflows/go-releaser.yaml → .github/workflows/goreleaser.yml b/.github/workflows/go-releaser.yaml → .github/workflows/goreleaser.yml
@@ -1,26 +1,19 @@
-name: GoReleaser
-
+---
+name: goreleaser
 on:
   push:
-    tags:
-      - '*'
-
+    tags: ['*']
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v3
+      - uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+      - uses: goreleaser/goreleaser-action@v6
         if: startsWith(github.ref, 'refs/tags/')
         with:
           version: latest

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,3 +1,5 @@
+---
+version: 2
 release:
   name_template: '{{.Version}} / {{time "2006-01-02"}}'
   prerelease: auto
@@ -9,7 +11,7 @@ release:
     docker pull redpandadata/kminion:{{ .Tag }}
     ```
 changelog:
-  skip: false
+  disable: false
   use: github
   filters:
     # Commit messages matching the regexp listed here will be removed from the changelog
@@ -20,7 +22,6 @@ changelog:
       - '^go.mod:'
       - '^.github:'
       - 'Merge branch'
-
 builds:
   - id: kminion
     binary: kminion
@@ -33,6 +34,5 @@ builds:
       - arm64
     ldflags:
       - -s -w -X main.version={{.Version}} -X main.builtAt={{.Date}} -X main.commit={{.Commit}}
-
 checksum:
   name_template: 'checksums.txt'