chore(deps): update aquasecurity/trivy-action action to v0.23.0 #1646
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 12 * * *' | |
push: | |
branches: | |
- 'main' | |
- 'renovate/**' | |
tags: | |
- 'v*.*.*' | |
pull_request: | |
branches: | |
- 'main' | |
permissions: | |
contents: read | |
jobs: | |
lint-charts: | |
name: Lint Helm charts | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout GitHub Repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Helm lint | |
run: | | |
make lint-charts | |
- name: Install Helm Docs | |
# Use syntax ${version} instead of $version | |
# In certain contexts, only the less ambiguous ${version} form works | |
# Source: https://tldp.org/LDP/abs/html/parameter-substitution.html | |
run: | | |
version="v1.13.1" | |
stripped=$( echo "${version}" | sed s'/v//' ) | |
wget https://github.com/norwoodj/helm-docs/releases/download/${version}/helm-docs_${stripped}_Linux_x86_64.tar.gz | |
tar --extract --verbose --file="helm-docs_${stripped}_Linux_x86_64.tar.gz" helm-docs | |
sudo mv helm-docs /usr/local/sbin | |
- name: Verify Helm docs are up to date | |
run: | | |
make validate-helm-docs | |
golangci-lint: | |
name: Lint Go files | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout GitHub Repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
fetch-depth: '0' | |
- name: Set up Go | |
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: './go.mod' | |
- name: Run golangci-lint | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
# Require: The version of golangci-lint to use. | |
# When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version. | |
# When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit. | |
version: latest | |
# Optional: golangci-lint command line arguments. | |
# | |
# Note: by default the `.golangci.yml` file should be at the root of the repository. | |
# The location of the configuration file can be changed by using `--config=` | |
args: --config=./.github/.golangci.yml | |
# Optional: if set to true, then all caching functionality will be completely disabled, | |
# takes precedence over all other caching options. | |
# Skip cache because of flaky behavior. Source: | |
# https://github.com/golangci/golangci-lint/blob/master/.github/workflows/pr.yml#L49 | |
skip-cache: true | |
# Optional: if set to true, then the action won't cache or restore ~/go/pkg. | |
skip-pkg-cache: true | |
# Optional: if set to true, then the action won't cache or restore ~/.cache/go-build. | |
skip-build-cache: true | |
tests: | |
name: Unit and integration tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout GitHub Repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Go | |
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: './go.mod' | |
- name: Set up tests | |
run: | | |
make clean | |
make format | |
make validate-modules | |
- name: Run unit tests for Go | |
run: | | |
make test | |
- name: Run integration tests for Go | |
run: | | |
make integration | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
with: | |
files: ./tmp/cover-unit.out,./tmp/cover-integration.out | |
build: | |
name: Build Docker image | |
runs-on: ubuntu-latest | |
needs: [tests] | |
steps: | |
- name: Checkout GitHub Repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Docker metadata | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
# List of Docker images to use as base name for tags | |
images: | | |
juanjjaramillo/testbed | |
# Generate Docker tags based on the following events/attributes | |
tags: | | |
# workflow_dispatch, schedule, push branches events | |
# reflects the last commit of the active branch | |
type=edge | |
# schedule event, nightly tag | |
type=schedule | |
# push tag event | |
type=semver,pattern={{version}} | |
# push tag event | |
type=semver,pattern={{major}}.{{minor}} | |
# push tag event, disabled if major is zero | |
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} | |
- name: Login to Docker Hub | |
if: github.event_name != 'pull_request' && !startsWith(github.ref, 'refs/heads/renovate') | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
- name: Build and push | |
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
file: ./Dockerfile | |
push: ${{ github.event_name != 'pull_request' && !startsWith(github.ref, 'refs/heads/renovate') }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |