Create dependabot.yml #698
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Workflow | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| code-check: | |
| name: Check Go formatting, linting, vetting | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Checkout dell-csi-extensions | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'dell/dell-csi-extensions' | |
| path: dell-csi-extensions | |
| - name: Run the formatter, linter, and vetter | |
| uses: dell/common-github-actions/go-code-formatter-linter-vetter@main | |
| with: | |
| directories: ./... | |
| sanitize: | |
| name: Check for forbidden words | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Run the forbidden words scan | |
| uses: dell/common-github-actions/code-sanitizer@main | |
| with: | |
| args: /github/workspace | |
| test: | |
| name: Run Go unit tests and check package coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Checkout dell-csi-extensions | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'dell/dell-csi-extensions' | |
| path: dell-csi-extensions | |
| - name: Run unit tests and check package coverage | |
| uses: dell/common-github-actions/go-code-tester@main | |
| with: | |
| threshold: 90 | |
| skip-list: "podmon/test/ssh" | |
| race-detector: "false" | |
| go_security_scan: | |
| name: Go security | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Run Go Security | |
| uses: securego/gosec@master | |
| with: | |
| args: -exclude-dir=test ./... | |
| malware_security_scan: | |
| name: Malware Scanner | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Run malware scan | |
| uses: dell/common-github-actions/malware-scanner@main | |
| with: | |
| directories: . | |
| options: -ri | |
| image_security_scan: | |
| name: Image Scanner | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go stable version | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.23" | |
| cache: false | |
| id: go | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Checkout dell-csi-extensions | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'dell/dell-csi-extensions' | |
| path: dell-csi-extensions | |
| - name: Install Mockgen | |
| run: go get github.com/golang/mock/mockgen@v1.6.0 | |
| - name: Get dependencies | |
| run: go mod download ; sudo apt update -y && sudo apt -y install dnf | |
| - name: Mod tidy | |
| run: go mod tidy | |
| - name: Build podmon Docker Image | |
| run: | | |
| chmod +x ./scripts/buildubimicro.sh | |
| make build-base-image | |
| podman build -t docker.io/podmon -f ./Dockerfile --build-arg GOIMAGE=golang:latest --build-arg BASEIMAGE="localhost/resiliency-ubimicro" | |
| podman save docker.io/library/podmon -o /tmp/podmon.tar | |
| docker load -i /tmp/podmon.tar | |
| - name: Trivy image scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: podmon | |
| severity: 'HIGH,CRITICAL' | |
| ignore-unfixed: true | |
| exit-code: '1' | |
| trivyignores: '.github/workflows/.trivyignore' |