fix(cryptoops): add nil check in SecureConnection.Read to prevent panic Prevents a potential nil pointer dereference when sc.readBuffer is uninitialized, ensuring safe access to its .B field in the Read method. #79
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ["v*"] | |
| release: | |
| types: [published] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| PLATFORMS: linux/amd64,linux/arm64,linux/arm64 | |
| jobs: | |
| build-and-push: | |
| name: Build and Push Docker Image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha,enable=true,prefix=sha-,suffix=,format=short | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| platforms: ${{ env.PLATFORMS }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,mode=max | |
| cache-to: type=gha,mode=max | |
| deploy: | |
| name: Deploy to `https://portal.iwanhae.kr` | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| needs: build-and-push | |
| environment: "kubernetes_iwanhae_kr" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - uses: azure/setup-kubectl@v4 | |
| - name: Prepare Kubernetes context | |
| run: | | |
| kubectl config set-cluster default --server ${{ secrets.KUBERNETES_ENDPOINT }} | |
| kubectl config set-credentials default --token ${{ secrets.KUBERNETES_TOKEN }} | |
| kubectl config set-context default --cluster=default --user=default --namespace=${{ secrets.KUBERNETES_NAMESPACE }} | |
| kubectl config use-context default | |
| kubectl version | |
| - name: Get Container Image Tag from metadata action | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: type=sha,enable=true,prefix=sha-,suffix=,format=short | |
| id: meta | |
| - name: Deploy to Kubernetes | |
| run: kubectl set image deployments.apps/portal portal="${{ steps.meta.outputs.tags }}" | |
| - name: Wait for Deployment to be Ready | |
| run: kubectl rollout status deployment/portal --timeout=1m | |
| timeout-minutes: 1 | |
| continue-on-error: true | |
| - name: Rollback Deployment | |
| if: failure() | |
| run: |- | |
| kubectl rollout undo deployment/portal | |
| exit 1 |