Skip to content

chore: bump golang from ecb3fe7 to 1002103 in /build/tooling #3704

chore: bump golang from ecb3fe7 to 1002103 in /build/tooling

chore: bump golang from ecb3fe7 to 1002103 in /build/tooling #3704

Workflow file for this run

name: test
on:
push:
paths-ignore:
- "**.md"
- "hack/**"
- "docs/**"
pull_request:
paths-ignore:
- "**.md"
- "hack/**"
- "docs/**"
env:
REGISTRY: ghcr.io
permissions: read-all
jobs:
generate-bucket-id:
name: "Generate build id for storage"
uses: ./.github/workflows/build-id.yaml
build-images:
name: "Build images for e2e tests"
uses: ./.github/workflows/e2e-build.yaml
needs:
- generate-bucket-id
with:
bucket-id: ${{ needs.generate-bucket-id.outputs.bucket-id }}
e2e-test:
name: "Run e2e tests"
uses: ./.github/workflows/e2e-test.yaml
permissions:
contents: write
needs:
- build-images
- generate-bucket-id
with:
bucket-id: ${{ needs.generate-bucket-id.outputs.bucket-id }}
lint:
name: "Lint"
runs-on: ubuntu-latest
timeout-minutes: 40
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: "1.21"
check-latest: true
- name: lint manager
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
args: --timeout=10m
- name: lint remover
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
working-directory: pkg/remover
skip-pkg-cache: true
args: --timeout=10m
- name: lint collector
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
working-directory: pkg/collector
skip-pkg-cache: true
args: --timeout=10m
- name: lint trivvy scanner
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
working-directory: pkg/scanners/trivy
skip-pkg-cache: true
args: --timeout=10m
unit-test:
name: "Unit Tests"
runs-on: ubuntu-latest
timeout-minutes: 40
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
egress-policy: audit
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: "1.21"
check-latest: true
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
path: |
~/go/pkg/mod
~/.cache/go-build
- name: Check out code into the Go module directory
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Unit test
run: make test
- name: Codecov upload
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238
with:
flags: unittests
file: ./cover.out
fail_ci_if_error: false
check-manifest:
name: "Check codegen and manifest"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: "1.21"
check-latest: true
- name: Check go.mod and manifests
run: |
go mod tidy
git diff --exit-code
make generate manifests
git diff --exit-code
scan_vulnerabilities:
name: "[Trivy] Scan for vulnerabilities"
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Get repo
run: |
echo "REPO=$(echo $GITHUB_REPOSITORY | awk '{print tolower($0)}')" >> $GITHUB_ENV
- name: Build eraser-manager
run: |
make docker-build-manager MANAGER_REPO=${{ env.REGISTRY }}/${REPO}-manager MANAGER_TAG=test
- name: Build remover
run: |
make docker-build-remover REMOVER_REPO=${{ env.REGISTRY }}/remover REMOVER_TAG=test
- name: Build collector
run: |
make docker-build-collector COLLECTOR_REPO=${{ env.REGISTRY }}/collector COLLECTOR_TAG=test
- name: Build trivy scanner
run: |
make docker-build-trivy-scanner TRIVY_SCANNER_REPO=${{ env.REGISTRY }}/${REPO}-trivy-scanner TRIVY_SCANNER_TAG=test
- name: Run trivy for remover
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
with:
image-ref: ${{ env.REGISTRY }}/remover:test
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
- name: Run trivy for eraser-manager
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
with:
image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-manager:test
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
- name: Run trivy for collector
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
with:
image-ref: ${{ env.REGISTRY }}/collector:test
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
- name: Run trivy for trivy-scanner
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
with:
image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-trivy-scanner:test
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"