Skip to content

Bump aquasecurity/trivy-action from 0.14.0 to 0.22.0 #299

Bump aquasecurity/trivy-action from 0.14.0 to 0.22.0

Bump aquasecurity/trivy-action from 0.14.0 to 0.22.0 #299

Workflow file for this run

name: Go
on:
pull_request:
branches:
- main
- release-*
- feature/*
push:
branches:
- main
- release-*
- feature/*
jobs:
check-changes:
name: Check whether tests need to be run based on diff
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
show-progress: false
- uses: antrea-io/has-changes@v2
id: check_diff
with:
paths-ignore: docs/* ci/jenkins/* *.md hack/.notableofcontents
outputs:
has_changes: ${{ steps.check_diff.outputs.has_changes }}
# test-unit-ubuntu and test-unit-windows are intentionally not merged into one job with os matrix, otherwise the job
# wouldn't be expanded if it's skipped and the report of the required check would be missing.
# See https://github.com/antrea-io/antrea/issues/3563.
test-unit-ubuntu:
needs: check-changes
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }}
name: Unit test (ubuntu-latest)
runs-on: [ubuntu-latest]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Run unit tests
run: make test-unit
- name: Codecov
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: .coverage/coverage-unit.txt
flags: unit-tests
name: codecov-unit-test
fail_ci_if_error: ${{ github.event_name == 'push' }}
test-unit-windows:
needs: check-changes
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }}
name: Unit test (windows-2022)
runs-on: [windows-2022]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Run unit tests
run: make test-unit
- name: Codecov
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: .coverage/coverage-unit.txt
flags: unit-tests
name: codecov-unit-test
fail_ci_if_error: ${{ github.event_name == 'push' }}
test-integration:
needs: check-changes
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }}
name: Integration test
runs-on: [ubuntu-latest]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Run integration tests
run: |
./build/images/ovs/build.sh
NO_PULL=1 make docker-test-integration
- name: Run integration tests for multicluster
run: |
cd multicluster
make test-integration
- name: Codecov
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: .coverage/coverage-integration.txt,multicluster/.coverage/coverage-integration.txt
flags: integration-tests
name: codecov-integration-test
fail_ci_if_error: ${{ github.event_name == 'push' }}
# golangci-lint-ubuntu and golangci-lint-macos are intentionally not merged into one job with os matrix, otherwise the
# job wouldn't be expanded if it's skipped and the report of the required check would be missing.
# See https://github.com/antrea-io/antrea/issues/3563.
golangci-lint-ubuntu:
needs: check-changes
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }}
name: Golangci-lint (ubuntu-latest)
runs-on: [ubuntu-latest]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Run golangci-lint
run: make golangci
golangci-lint-macos:
needs: check-changes
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }}
name: Golangci-lint (macos-latest)
runs-on: [macos-latest]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Run golangci-lint
run: make golangci
bin:
needs: check-changes
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }}
name: Build Antrea and antctl binaries
runs-on: [ubuntu-latest]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Build Antrea binaries for amd64
run: GOARCH=amd64 make bin
- name: Build Antrea binaries for arm64
run: GOARCH=arm64 make bin
- name: Build Antrea binaries for arm
run: GOARCH=arm make bin
- name: Build antctl binaries
run: make antctl
- name: Build Multi-cluster binaries
run: |
cd multicluster
make bin
windows-bin:
needs: check-changes
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }}
name: Build Antrea Windows binaries
runs-on: [ubuntu-latest]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Build Antrea windows binaries
run: make windows-bin
tidy-codegen-manifest:
needs: check-changes
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }}
name: Check tidy, code generation and manifest
runs-on: [ubuntu-latest]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
# tidy check need to be run before code generation which will regenerate codes.
- name: Check tidy
run: make test-tidy
- name: Check code generation
run: ./ci/check-codegen.sh
- name: Check manifest
run: ./ci/check-manifest.sh
- name: Check copyright
run: ./ci/check-copyright.sh
verify:
name: Verify docs and spelling
runs-on: [ubuntu-latest]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Run verify scripts
run: make verify
- name: Checking for broken Markdown links
if: ${{ github.event_name == 'pull_request' }}
uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
# Check modified files only for pull requests. Cronjob "Verify docs" takes care of checking all markdown files.
check-modified-files-only: yes
base-branch: ${{ github.base_ref }}
config-file: 'hack/.md_links_config.json'
- name: Markdownlint
run: |
sudo npm install -g markdownlint-cli@0.31.1
make markdownlint
- name: Checking whether autogenerated Helm chart documentation is up-to-date
working-directory: build/charts/
run: |
make helm-docs
DIFF=$(git diff .)
if [ -n "$DIFF" ]; then
echo "The Helm chart documentation is out-of-date; please run 'make helm-docs' in 'build/charts/' and commit the changes"
exit 1
fi
benchmark:
needs: check-changes
if: ${{ needs.check-changes.outputs.has_changes == 'yes' }}
name: Go benchmark test
runs-on: [ubuntu-latest]
steps:
- name: Check-out code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Go using version from go.mod
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: Run Go benchmark test
run: go test -run '^$' -bench . -benchtime 1x -timeout 10m -cpu 4 -v -benchmem ./pkg/...