chore: found vulnerabilities. #3058
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# This workflow is triggered on push or pull request for the main branch. | |
# It runs tests and various checks to validate that the proposed changes | |
# will not introduce any regression after merging the code to the main branch. | |
name: Build | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- '.github/ISSUE_TEMPLATE/*.md' | |
- '*.md' | |
- 'docs/**' | |
- 'mkdocs.yml' | |
- 'LICENSE' | |
- 'NOTICE' | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- '.github/ISSUE_TEMPLATE/*.md' | |
- '*.md' | |
- 'docs/**' | |
- 'mkdocs.yml' | |
- 'LICENSE' | |
- 'NOTICE' | |
env: | |
GO_VERSION: "1.23.1" | |
KIND_VERSION: "v0.17.0" | |
KIND_IMAGE: "kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6" | |
# Disable permissions granted to the GITHUB_TOKEN for all the available scopes. | |
permissions: {} | |
# Cancel any in-flight jobs for the same PR branch so there's only one active at a time. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
verify-code: | |
name: Verify code | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Verify Go code | |
uses: golangci/golangci-lint-action@v3.4.0 | |
with: | |
args: --verbose | |
version: latest | |
skip-pkg-cache: true | |
skip-build-cache: true | |
- name: Verify YAML code | |
uses: ibiqlik/action-yamllint@v3 | |
- name: Vendor Go modules | |
run: go mod vendor | |
- name: Verify generated Go code | |
run: GOPATH="$(go env GOPATH)" ./hack/verify-codegen.sh | |
unit-tests: | |
name: Run unit tests | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Run unit tests | |
run: make unit-tests | |
- name: Upload code coverage | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./coverage.txt | |
itest-starboard-cli: | |
name: Run integration tests / Starboard CLI | |
needs: | |
- unit-tests | |
- verify-code | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 15 | |
steps: | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Setup Kubernetes cluster (KIND) | |
uses: engineerd/setup-kind@v0.5.0 | |
with: | |
version: ${{ env.KIND_VERSION }} | |
image: ${{ env.KIND_IMAGE }} | |
- name: Test connection to Kubernetes cluster | |
run: | | |
kubectl cluster-info | |
kubectl wait --for=condition=Ready nodes --all --timeout=300s | |
kubectl describe node | |
- name: Run integration tests | |
run: | | |
make itests-starboard | |
env: | |
KUBECONFIG: /home/runner/.kube/config | |
STARBOARD_TEST_CLI_LOG_LEVEL: "0" | |
- name: Upload code coverage | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./itest/starboard/coverage.txt | |
itest-starboard-operator: | |
name: Run integration tests / Starboard Operator | |
needs: | |
- unit-tests | |
- verify-code | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 15 | |
steps: | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Setup Kubernetes cluster (KIND) | |
uses: engineerd/setup-kind@v0.5.0 | |
with: | |
version: ${{ env.KIND_VERSION }} | |
image: ${{ env.KIND_IMAGE }} | |
- name: Test connection to Kubernetes cluster | |
run: | | |
kubectl cluster-info | |
kubectl wait --for=condition=Ready nodes --all --timeout=300s | |
kubectl describe node | |
- name: Run integration tests | |
run: | | |
kubectl apply -f deploy/crd/vulnerabilityreports.crd.yaml \ | |
-f deploy/crd/configauditreports.crd.yaml \ | |
-f deploy/crd/clusterconfigauditreports.crd.yaml \ | |
-f deploy/crd/clustercompliancereports.crd.yaml \ | |
-f deploy/crd/clustercompliancedetailreports.crd.yaml \ | |
-f deploy/crd/ciskubebenchreports.crd.yaml | |
kubectl apply -f deploy/static/01-starboard-operator.ns.yaml \ | |
-f deploy/static/02-starboard-operator.rbac.yaml | |
kubectl apply -f deploy/static/03-starboard-operator.config.yaml \ | |
-f deploy/static/04-starboard-operator.policies.yaml | |
make itests-starboard-operator | |
env: | |
KUBECONFIG: /home/runner/.kube/config | |
OPERATOR_NAMESPACE: starboard-system | |
OPERATOR_TARGET_NAMESPACES: default | |
- name: Upload code coverage | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./itest/starboard-operator/coverage.txt | |
integration-operator-conftest: | |
name: Integration / Operator / Conftest | |
needs: | |
- unit-tests | |
- verify-code | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 15 | |
steps: | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Setup Kubernetes cluster (KIND) | |
uses: engineerd/setup-kind@v0.5.0 | |
with: | |
version: ${{ env.KIND_VERSION }} | |
image: ${{ env.KIND_IMAGE }} | |
- name: Test connection to Kubernetes cluster | |
run: | | |
kubectl cluster-info | |
kubectl wait --for=condition=Ready nodes --all --timeout=300s | |
kubectl describe node | |
- name: Run integration tests | |
run: | | |
kubectl apply -f deploy/crd/vulnerabilityreports.crd.yaml \ | |
-f deploy/crd/configauditreports.crd.yaml \ | |
-f deploy/crd/clusterconfigauditreports.crd.yaml \ | |
-f deploy/crd/clustercompliancereports.crd.yaml \ | |
-f deploy/crd/clustercompliancedetailreports.crd.yaml \ | |
-f deploy/crd/ciskubebenchreports.crd.yaml | |
kubectl apply -f deploy/static/01-starboard-operator.ns.yaml \ | |
-f deploy/static/02-starboard-operator.rbac.yaml | |
kubectl apply -f deploy/static/03-starboard-operator.config.yaml | |
make integration-operator-conftest | |
env: | |
KUBECONFIG: /home/runner/.kube/config | |
- name: Upload code coverage | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./itest/starboard-operator/configauditreport/conftest/coverage.txt | |
test-helm-chart: | |
if: "false" # TODO It's broken on a release candidate PRs because it's using container image that has not been released yet. | |
name: Test Helm Chart | |
needs: | |
- itest-starboard-cli | |
- itest-starboard-operator | |
- integration-operator-conftest | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Install Helm | |
uses: azure/setup-helm@18bc76811624f360dbd7f18c2d4ecb32c7b87bab # v1.1 | |
with: | |
version: v3.5.0 | |
- name: Set up python | |
uses: actions/setup-python@98f2ad02fd48d057ee3b4d4f66525b231c3e52b6 # v2.3.0 | |
with: | |
python-version: 3.7 | |
- name: Setup Chart Linting | |
id: lint | |
uses: helm/chart-testing-action@dae259e86a35ff09145c0805e2d7dd3f7207064a # v2.1.0 | |
- name: Setup Kubernetes cluster (KIND) | |
uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478 # v1.2.0 | |
with: | |
version: ${{ env.KIND_VERSION }} | |
image: ${{ env.KIND_IMAGE }} | |
- name: Run chart-testing | |
run: ct lint-and-install --validate-maintainers=false --charts deploy/helm |