Bump dependencies (fixes trivy) #38
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Compass Manager | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "[0-9]+.[0-9]+.[0-9]+" | |
| - "[0-9]+.[0-9]+.[0-9]+-*" | |
| paths-ignore: | |
| - .reuse | |
| - hack/ | |
| - LICENSES/ | |
| - LICENSE | |
| - .gitignore | |
| - "**.md" | |
| pull_request_target: | |
| types: [opened, synchronize, reopened] | |
| paths-ignore: | |
| - .reuse | |
| - hack/ | |
| - LICENSES/ | |
| - LICENSE | |
| - .gitignore | |
| - "**.md" | |
| permissions: | |
| id-token: write # This is required for requesting the JWT token | |
| contents: read # This is required for actions/checkout | |
| env: | |
| unit-test-log: unit-test.log | |
| trivy-table: trivy-table.txt | |
| jobs: | |
| setup: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| tag: ${{ steps.tag.outputs.tag }} | |
| code: ${{ steps.detect-files.outputs.code_any_changed || steps.fallback-values.outputs.code_any_changed}} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - id: tag | |
| if: github.event_name == 'push' && github.ref_type == 'tag' | |
| run: echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT | |
| - name: Detect files | |
| id: detect-files | |
| continue-on-error: true | |
| uses: tj-actions/changed-files@d6babd6899969df1a11d14c368283ea4436bca78 | |
| with: | |
| files_yaml: | | |
| code: | |
| - ./**.go | |
| - ./go.mod | |
| - ./go.sum | |
| - name: Fallback values | |
| id: fallback-values | |
| if: steps.detect-files.outcome != 'success' | |
| run: | | |
| echo "code_any_changed=true" >> $GITHUB_OUTPUT | |
| unit-tests: | |
| permissions: | |
| contents: read | |
| needs: setup | |
| if: needs.setup.outputs.code == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Set up go environment | |
| uses: actions/setup-go@v4 | |
| with: | |
| cache-dependency-path: go.sum | |
| go-version-file: go.mod | |
| - name: Run unit tests | |
| run: make test | tee ${{ env.unit-test-log }} | |
| - name: Upload test logs artifact | |
| uses: actions/upload-artifact@v4 | |
| if: success() || failure() | |
| with: | |
| name: ${{ env.unit-test-log }} | |
| path: ${{ env.unit-test-log }} | |
| trivy: | |
| permissions: | |
| contents: read | |
| runs-on: "ubuntu-20.04" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Install trivy | |
| run: | | |
| mkdir ./trivy | |
| curl -L https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar xvz --directory=./trivy | |
| ./trivy/trivy --version | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@0.24.0 | |
| with: | |
| scan-type: "fs" | |
| scan-ref: "." | |
| exit-code: 1 | |
| severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL" | |
| ignore-unfixed: false | |
| timeout: "5m0s" | |
| vuln-type: "os,library" | |
| format: table | |
| output: ${{ env.trivy-table }} | |
| - name: Upload trivy table | |
| if: success() || failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.trivy-table }} | |
| path: ${{ env.trivy-table }} | |
| - name: Print trivy table | |
| if: success() || failure() | |
| run: cat ${{ env.trivy-table }} | |
| build-image: | |
| needs: setup | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: compass-manager | |
| dockerfile: Dockerfile | |
| context: . | |
| tags: ${{ needs.setup.outputs.tag }} | |
| summary: | |
| runs-on: ubuntu-latest | |
| needs: [build-image, unit-tests, trivy] | |
| if: success() || failure() | |
| steps: | |
| - name: "Download test log" | |
| uses: actions/download-artifact@v4 | |
| continue-on-error: true | |
| with: | |
| name: ${{ env.unit-test-log }} | |
| - name: "Download trivy log" | |
| uses: actions/download-artifact@v4 | |
| continue-on-error: true | |
| with: | |
| name: ${{ env.trivy-table }} | |
| - name: "Generate summary" | |
| run: | | |
| { | |
| echo '# Compass Manager' | |
| # if trivy results table exists | |
| if [ -f ${{ env.trivy-table }} ]; then | |
| echo '## Trivy' | |
| printf '\n```txt\n' | |
| cat ${{ env.trivy-table }} | |
| printf '\n```\n' | |
| fi | |
| # if test log exists | |
| if [ -f ${{ env.unit-test-log }} ]; then | |
| echo '## Unit Tests' | |
| printf '<details>\n<summary>click to expand logs</summary>\n```\n' | |
| cat ${{ env.unit-test-log }} | |
| printf '\n```\n</details>\n' | |
| fi | |
| # if build-image was successful | |
| if [ "${{ needs.build-image.result }}" == "success" ]; then | |
| echo '## Image' | |
| echo '```json' | |
| echo '${{ needs.build-image.outputs.images }}' | jq | |
| echo '```' | |
| fi | |
| } >> $GITHUB_STEP_SUMMARY |