From 5bde4ea763e78ba9b36708fec1aca72fbfa61c53 Mon Sep 17 00:00:00 2001 From: eaudetcobello Date: Tue, 24 Sep 2024 13:17:26 -0400 Subject: [PATCH 1/5] Update cron-jobs.yaml --- .github/workflows/cron-jobs.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index fc658da51..036d0d443 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -1,12 +1,13 @@ name: Security and quality nightly scan on: - schedule: - - cron: '0 10 * * *' + pull_request: + # schedule: + # - cron: '0 10 * * *' permissions: contents: read - + jobs: TICS: permissions: @@ -47,7 +48,7 @@ jobs: # TICS requires us to have the test results in cobertura xml format under the # directory use below - make go.unit + sudo make go.unit go install github.com/boumenot/gocover-cobertura@latest gocover-cobertura < coverage.txt > coverage.xml mkdir .coverage @@ -62,7 +63,7 @@ jobs: # will try to build parts of the project itself sudo add-apt-repository -y ppa:dqlite/dev sudo apt install dqlite-tools libdqlite-dev -y - make clean + sudo make clean go build -a ./... TICSQServer -project k8s-snap -tmpdir /tmp/tics -branchdir $HOME/work/k8s-snap/k8s-snap/ From 0a2010d0cbf6ae56a0121b3149828b09cce66ae1 Mon Sep 17 00:00:00 2001 From: Etienne Audet-Cobello Date: Thu, 26 Sep 2024 11:42:54 -0400 Subject: [PATCH 2/5] increase log level, print stack trace --- .github/workflows/cron-jobs.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index 036d0d443..affd3ea8e 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -55,7 +55,7 @@ jobs: mv ./coverage.xml ./.coverage/ # Install the TICS and staticcheck - go install honnef.co/go/tools/cmd/staticcheck@v0.4.7 + go install honnef.co/go/tools/cmd/staticcheck@v0.5.1 . <(curl --silent --show-error 'https://canonical.tiobe.com/tiobeweb/TICS/api/public/v1/fapi/installtics/Script?cfg=default&platform=linux&url=https://canonical.tiobe.com/tiobeweb/TICS/') # We need to have our project built @@ -66,7 +66,7 @@ jobs: sudo make clean go build -a ./... - TICSQServer -project k8s-snap -tmpdir /tmp/tics -branchdir $HOME/work/k8s-snap/k8s-snap/ + TICSQServer -project k8s-snap -tmpdir /tmp/tics -branchdir $HOME/work/k8s-snap/k8s-snap/ -log 5 -st Trivy: permissions: From 5b75cc5e22f1ac400b7930b7352d4bcfc22c4268 Mon Sep 17 00:00:00 2001 From: Etienne Audet-Cobello Date: Fri, 27 Sep 2024 12:45:11 -0400 Subject: [PATCH 3/5] add setup python action --- .github/workflows/cron-jobs.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index affd3ea8e..c40f23fbc 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -2,8 +2,6 @@ name: Security and quality nightly scan on: pull_request: - # schedule: - # - cron: '0 10 * * *' permissions: contents: read @@ -28,6 +26,9 @@ jobs: uses: actions/checkout@v4 with: ref: ${{matrix.branch}} + - uses: actions/setup-python@v5 + with: + python-version: '3.12' - name: Install Go uses: actions/setup-go@v5 with: From 1e18cac24df21248f57bb5563c565d3227ea7682 Mon Sep 17 00:00:00 2001 From: Etienne Audet-Cobello Date: Tue, 1 Oct 2024 19:54:34 -0400 Subject: [PATCH 4/5] cleanup changes --- .github/workflows/cron-jobs.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index c40f23fbc..907452165 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -1,7 +1,8 @@ name: Security and quality nightly scan on: - pull_request: + schedule: + - cron: '0 10 * * *' permissions: contents: read @@ -67,7 +68,7 @@ jobs: sudo make clean go build -a ./... - TICSQServer -project k8s-snap -tmpdir /tmp/tics -branchdir $HOME/work/k8s-snap/k8s-snap/ -log 5 -st + TICSQServer -project k8s-snap -tmpdir /tmp/tics -branchdir $HOME/work/k8s-snap/k8s-snap/ Trivy: permissions: From 8378d81a2c21fe80762a3085904ee4234415b44d Mon Sep 17 00:00:00 2001 From: Benjamin Schimke Date: Mon, 14 Oct 2024 11:33:59 +0200 Subject: [PATCH 5/5] login to Github --- .github/workflows/integration.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index d2589b8ca..c6c032fbe 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -128,6 +128,13 @@ jobs: uses: step-security/harden-runner@v2 with: egress-policy: audit + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + # We run into rate limiting issues if we don't authenticate + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Checking out repo uses: actions/checkout@v4 - name: Fetch snap