Bump aquasecurity/trivy-action from 0.14.0 to 0.22.0 #299
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go | |
on: | |
pull_request: | |
branches: | |
- main | |
- release-* | |
- feature/* | |
push: | |
branches: | |
- main | |
- release-* | |
- feature/* | |
jobs: | |
check-changes: | |
name: Check whether tests need to be run based on diff | |
runs-on: [ubuntu-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
show-progress: false | |
- uses: antrea-io/has-changes@v2 | |
id: check_diff | |
with: | |
paths-ignore: docs/* ci/jenkins/* *.md hack/.notableofcontents | |
outputs: | |
has_changes: ${{ steps.check_diff.outputs.has_changes }} | |
# test-unit-ubuntu and test-unit-windows are intentionally not merged into one job with os matrix, otherwise the job | |
# wouldn't be expanded if it's skipped and the report of the required check would be missing. | |
# See https://github.com/antrea-io/antrea/issues/3563. | |
test-unit-ubuntu: | |
needs: check-changes | |
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }} | |
name: Unit test (ubuntu-latest) | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Run unit tests | |
run: make test-unit | |
- name: Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
file: .coverage/coverage-unit.txt | |
flags: unit-tests | |
name: codecov-unit-test | |
fail_ci_if_error: ${{ github.event_name == 'push' }} | |
test-unit-windows: | |
needs: check-changes | |
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }} | |
name: Unit test (windows-2022) | |
runs-on: [windows-2022] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Run unit tests | |
run: make test-unit | |
- name: Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
file: .coverage/coverage-unit.txt | |
flags: unit-tests | |
name: codecov-unit-test | |
fail_ci_if_error: ${{ github.event_name == 'push' }} | |
test-integration: | |
needs: check-changes | |
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }} | |
name: Integration test | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Run integration tests | |
run: | | |
./build/images/ovs/build.sh | |
NO_PULL=1 make docker-test-integration | |
- name: Run integration tests for multicluster | |
run: | | |
cd multicluster | |
make test-integration | |
- name: Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: .coverage/coverage-integration.txt,multicluster/.coverage/coverage-integration.txt | |
flags: integration-tests | |
name: codecov-integration-test | |
fail_ci_if_error: ${{ github.event_name == 'push' }} | |
# golangci-lint-ubuntu and golangci-lint-macos are intentionally not merged into one job with os matrix, otherwise the | |
# job wouldn't be expanded if it's skipped and the report of the required check would be missing. | |
# See https://github.com/antrea-io/antrea/issues/3563. | |
golangci-lint-ubuntu: | |
needs: check-changes | |
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }} | |
name: Golangci-lint (ubuntu-latest) | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Run golangci-lint | |
run: make golangci | |
golangci-lint-macos: | |
needs: check-changes | |
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }} | |
name: Golangci-lint (macos-latest) | |
runs-on: [macos-latest] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Run golangci-lint | |
run: make golangci | |
bin: | |
needs: check-changes | |
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }} | |
name: Build Antrea and antctl binaries | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Build Antrea binaries for amd64 | |
run: GOARCH=amd64 make bin | |
- name: Build Antrea binaries for arm64 | |
run: GOARCH=arm64 make bin | |
- name: Build Antrea binaries for arm | |
run: GOARCH=arm make bin | |
- name: Build antctl binaries | |
run: make antctl | |
- name: Build Multi-cluster binaries | |
run: | | |
cd multicluster | |
make bin | |
windows-bin: | |
needs: check-changes | |
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }} | |
name: Build Antrea Windows binaries | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Build Antrea windows binaries | |
run: make windows-bin | |
tidy-codegen-manifest: | |
needs: check-changes | |
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }} | |
name: Check tidy, code generation and manifest | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
# tidy check need to be run before code generation which will regenerate codes. | |
- name: Check tidy | |
run: make test-tidy | |
- name: Check code generation | |
run: ./ci/check-codegen.sh | |
- name: Check manifest | |
run: ./ci/check-manifest.sh | |
- name: Check copyright | |
run: ./ci/check-copyright.sh | |
verify: | |
name: Verify docs and spelling | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Run verify scripts | |
run: make verify | |
- name: Checking for broken Markdown links | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: gaurav-nelson/github-action-markdown-link-check@v1 | |
with: | |
# Check modified files only for pull requests. Cronjob "Verify docs" takes care of checking all markdown files. | |
check-modified-files-only: yes | |
base-branch: ${{ github.base_ref }} | |
config-file: 'hack/.md_links_config.json' | |
- name: Markdownlint | |
run: | | |
sudo npm install -g markdownlint-cli@0.31.1 | |
make markdownlint | |
- name: Checking whether autogenerated Helm chart documentation is up-to-date | |
working-directory: build/charts/ | |
run: | | |
make helm-docs | |
DIFF=$(git diff .) | |
if [ -n "$DIFF" ]; then | |
echo "The Helm chart documentation is out-of-date; please run 'make helm-docs' in 'build/charts/' and commit the changes" | |
exit 1 | |
fi | |
benchmark: | |
needs: check-changes | |
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }} | |
name: Go benchmark test | |
runs-on: [ubuntu-latest] | |
steps: | |
- name: Check-out code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Go using version from go.mod | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Run Go benchmark test | |
run: go test -run '^$' -bench . -benchtime 1x -timeout 10m -cpu 4 -v -benchmem ./pkg/... |