fix(webhook): normalize endpoint URL before validation #1859
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main and Pull Request Pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| tags: | |
| - "v*.*.*" | |
| pull_request: | |
| paths-ignore: | |
| - "*.md" | |
| - "assets/**" | |
| workflow_dispatch: # Allow manual trigger on existing releases | |
| inputs: | |
| tag: | |
| description: 'Tag to build (e.g., v1.0.0)' | |
| required: true | |
| permissions: | |
| contents: write | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Dagger Version | |
| id: dagger_version | |
| uses: sagikazarmark/dagger-version-action@v0.0.1 | |
| - name: Generate Document | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: run-doc --source=. export --path=doc | |
| - name: Check for changes | |
| run: | | |
| # Check if any docs have been modified | |
| changed_files=$(git ls-files --others --modified --deleted --exclude-standard) | |
| # If there are files changed, fail the workflow | |
| if [ -n "$changed_files" ]; then | |
| echo "file changes found" | |
| echo "please check if docs were added for new commands or updated for new commands" | |
| echo "$changed_files" | |
| exit 1 # This will fail the workflow | |
| else | |
| echo "No file changes found." | |
| fi | |
| continue-on-error: false | |
| - name: Run Dagger golangci-lint | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: lint-report --source=. export --path=golangci-lint.report | |
| - name: Generate lint summary | |
| run: | | |
| echo "<h2> 📝 Lint results</h2>" >> $GITHUB_STEP_SUMMARY | |
| cat golangci-lint.report >> $GITHUB_STEP_SUMMARY | |
| # Check if the lint report contains any content (error or issues) | |
| if [ -s golangci-lint.report ]; then | |
| # If the file contains content, output an error message and exit with code 1 | |
| echo "⚠️ Linting issues found!" >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |
| vulnerability-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Dagger Version | |
| id: dagger_version | |
| uses: sagikazarmark/dagger-version-action@v0.0.1 | |
| - name: Run Vulnerability Check | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: vulnerability-check-report --source=. export --path=vulnerability-check.report | |
| - name: Generate vulnerability summary | |
| run: | | |
| echo "<h2> 🔒 Vulnerability Check Results</h2>" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| if grep -q "No vulnerabilities found." vulnerability-check.report; then | |
| echo "✅ No vulnerabilities found." >> $GITHUB_STEP_SUMMARY | |
| else | |
| vuln_count=$(grep -c "^Vulnerability #" vulnerability-check.report || echo "0") | |
| echo "⚠️ **Vulnerabilities detected:** $vuln_count found" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| # Table header | |
| echo "| Vulnerability ID | Package | Found In | Fixed In | Description | Example Trace | Details |" >> $GITHUB_STEP_SUMMARY | |
| echo "| :--- | :--- | :--- | :--- | :--- | :--- | :--- |" >> $GITHUB_STEP_SUMMARY | |
| # Parse and format each vulnerability as a table row | |
| awk ' | |
| BEGIN { in_vuln = 0; in_trace = 0; desc = ""; trace = "" } | |
| /^Vulnerability #[0-9]+:/ { | |
| if (in_vuln) { | |
| # Print previous vulnerability as table row | |
| gsub(/\|/, "\\|", desc) | |
| gsub(/\|/, "\\|", trace) | |
| if (trace == "") trace = "N/A" | |
| print "| " vuln_id " | " pkg " | " found_ver " | " fixed_ver " | " desc " | `" trace "` | [View](https://pkg.go.dev/vuln/" vuln_id ") |" | |
| } | |
| vuln_id = $NF | |
| in_vuln = 1 | |
| in_trace = 0 | |
| desc = "" | |
| trace = "" | |
| pkg = "" | |
| found_ver = "" | |
| fixed_ver = "" | |
| next | |
| } | |
| in_vuln && /^[[:space:]]*Found in:/ { | |
| found_in = $NF | |
| split(found_in, arr, "@") | |
| pkg = arr[1] | |
| found_ver = arr[2] | |
| next | |
| } | |
| in_vuln && /^[[:space:]]*Fixed in:/ { | |
| fixed_in = $NF | |
| split(fixed_in, arr, "@") | |
| fixed_ver = arr[2] | |
| next | |
| } | |
| in_vuln && /Example traces found:/ { | |
| in_trace = 1 | |
| next | |
| } | |
| in_vuln && in_trace && /^[[:space:]]*#[0-9]+:/ { | |
| sub(/^[[:space:]]*#[0-9]+:[[:space:]]*/, "") | |
| trace = $0 | |
| next | |
| } | |
| in_vuln && /^More info:/ { next } | |
| in_vuln && /^Standard library/ { next } | |
| in_vuln && /^[[:space:]]*Module:/ { next } | |
| in_vuln && /^Your code is affected by/ { next } | |
| in_vuln && !in_trace && !/^[[:space:]]*$/ && !/^[[:space:]]*Found in:/ && !/^[[:space:]]*Fixed in:/ && !/^Vulnerability/ { | |
| if (desc == "") { | |
| desc = $0 | |
| } else { | |
| desc = desc " " $0 | |
| } | |
| } | |
| END { | |
| if (in_vuln) { | |
| gsub(/\|/, "\\|", desc) | |
| gsub(/\|/, "\\|", trace) | |
| if (trace == "") trace = "N/A" | |
| print "| " vuln_id " | " pkg " | " found_ver " | " fixed_ver " | " desc " | `" trace "` | [View](https://pkg.go.dev/vuln/" vuln_id ") |" | |
| } | |
| } | |
| ' vulnerability-check.report >> $GITHUB_STEP_SUMMARY | |
| fi | |
| test-code: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Dagger Version | |
| id: dagger_version | |
| uses: sagikazarmark/dagger-version-action@v0.0.1 | |
| - name: Run Tests | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: test-report --source=. export --path=TestReport.json | |
| - name: Summarize Tests | |
| uses: robherley/go-test-action@v0.6.0 | |
| with: | |
| fromJSONFile: TestReport.json | |
| - name: Run Test Coverage Report | |
| if: github.event_name == 'pull_request' | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: test-coverage-report --source=. export --path=coverage-report.md | |
| - name: Add coverage to step summary | |
| if: github.event_name == 'pull_request' | |
| run: cat coverage-report.md >> $GITHUB_STEP_SUMMARY | |
| - name: Run Test Coverage | |
| if: github.event_name == 'pull_request' | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: test-coverage --source=. export --path=coverage.out | |
| - uses: codecov/codecov-action@v5 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| verbose: true | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Build Binary | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: build-dev --source=. --platform linux/amd64 export --path=./harbor-dev | |
| push-latest-images: | |
| needs: | |
| - lint | |
| - test-code | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Print GitHub ref for debugging | |
| run: | | |
| echo "GitHub ref: $GITHUB_REF" | |
| - name: Checkout repo | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main') | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Publish and Sign Snapshot Image | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main') | |
| uses: ./.github/actions/publish-and-sign | |
| with: | |
| IMAGE_TAGS: latest | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} | |
| REGISTRY_ADDRESS: ${{ vars.REGISTRY_ADDRESS }} | |
| REGISTRY_USERNAME: ${{ vars.REGISTRY_USERNAME }} | |
| publish-release: | |
| needs: | |
| - lint | |
| - test-code | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| steps: | |
| - name: Checkout repo | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }} | |
| - name: Create Build Dir | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| run: mkdir -p dist | |
| - name: Building Binaries | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: "latest" | |
| verb: call | |
| args: "build --build-dir=./dist export --path=./dist" | |
| - name: Archiving Binaries | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: "latest" | |
| verb: call | |
| args: "archive --build-dir=./dist export --path=./dist" | |
| - name: Building SBOM | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: "latest" | |
| verb: call | |
| args: "sbom --build-dir=./dist export --path=./dist" | |
| - name: NFPM Build (deb/rpm) | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: "latest" | |
| verb: call | |
| args: "nfpm-build --build-dir=./dist export --path=./dist" | |
| - name: APK Build (.apk) | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: "latest" | |
| verb: call | |
| args: "apk --build-dir=./dist export --path=./dist" | |
| - name: Creating Checksum | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: "latest" | |
| verb: call | |
| args: "checksum --build-dir=./dist export --path=./dist" | |
| - name: Publish Release | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: dagger/dagger-for-github@v7 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| version: "latest" | |
| verb: call | |
| args: "publish-release --build-dir=./dist --token=env://GITHUB_TOKEN " | |
| - name: Apt Build | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: dagger/dagger-for-github@v7 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| version: "latest" | |
| verb: call | |
| args: "apt-build --build-dir=./dist --token=env://GITHUB_TOKEN " | |
| - name: Upload Build Artifact | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-dir | |
| path: ./dist | |
| - name: Publish and Sign Tagged Image | |
| if: | | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || | |
| (github.event_name == 'workflow_dispatch') | |
| uses: ./.github/actions/publish-and-sign | |
| with: | |
| IMAGE_TAGS: "latest,${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }}" | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} | |
| REGISTRY_ADDRESS: ${{ vars.REGISTRY_ADDRESS }} | |
| REGISTRY_USERNAME: ${{ vars.REGISTRY_USERNAME }} | |
| BUILD_DIR: "dist" |