chore: bump golang from ecb3fe7
to 1002103
in /build/tooling
#3705
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test | |
on: | |
push: | |
paths-ignore: | |
- "**.md" | |
- "hack/**" | |
- "docs/**" | |
pull_request: | |
paths-ignore: | |
- "**.md" | |
- "hack/**" | |
- "docs/**" | |
env: | |
REGISTRY: ghcr.io | |
permissions: read-all | |
jobs: | |
generate-bucket-id: | |
name: "Generate build id for storage" | |
uses: ./.github/workflows/build-id.yaml | |
build-images: | |
name: "Build images for e2e tests" | |
uses: ./.github/workflows/e2e-build.yaml | |
needs: | |
- generate-bucket-id | |
with: | |
bucket-id: ${{ needs.generate-bucket-id.outputs.bucket-id }} | |
e2e-test: | |
name: "Run e2e tests" | |
uses: ./.github/workflows/e2e-test.yaml | |
permissions: | |
contents: write | |
needs: | |
- build-images | |
- generate-bucket-id | |
with: | |
bucket-id: ${{ needs.generate-bucket-id.outputs.bucket-id }} | |
lint: | |
name: "Lint" | |
runs-on: ubuntu-latest | |
timeout-minutes: 40 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: "1.21" | |
check-latest: true | |
- name: lint manager | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: latest | |
args: --timeout=10m | |
- name: lint remover | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: latest | |
working-directory: pkg/remover | |
skip-pkg-cache: true | |
args: --timeout=10m | |
- name: lint collector | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: latest | |
working-directory: pkg/collector | |
skip-pkg-cache: true | |
args: --timeout=10m | |
- name: lint trivvy scanner | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: latest | |
working-directory: pkg/scanners/trivy | |
skip-pkg-cache: true | |
args: --timeout=10m | |
unit-test: | |
name: "Unit Tests" | |
runs-on: ubuntu-latest | |
timeout-minutes: 40 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 | |
with: | |
egress-policy: audit | |
- name: Set up Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: "1.21" | |
check-latest: true | |
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Unit test | |
run: make test | |
- name: Codecov upload | |
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 | |
with: | |
flags: unittests | |
file: ./cover.out | |
fail_ci_if_error: false | |
check-manifest: | |
name: "Check codegen and manifest" | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: "1.21" | |
check-latest: true | |
- name: Check go.mod and manifests | |
run: | | |
go mod tidy | |
git diff --exit-code | |
make generate manifests | |
git diff --exit-code | |
scan_vulnerabilities: | |
name: "[Trivy] Scan for vulnerabilities" | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
permissions: | |
contents: read | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Get repo | |
run: | | |
echo "REPO=$(echo $GITHUB_REPOSITORY | awk '{print tolower($0)}')" >> $GITHUB_ENV | |
- name: Build eraser-manager | |
run: | | |
make docker-build-manager MANAGER_REPO=${{ env.REGISTRY }}/${REPO}-manager MANAGER_TAG=test | |
- name: Build remover | |
run: | | |
make docker-build-remover REMOVER_REPO=${{ env.REGISTRY }}/remover REMOVER_TAG=test | |
- name: Build collector | |
run: | | |
make docker-build-collector COLLECTOR_REPO=${{ env.REGISTRY }}/collector COLLECTOR_TAG=test | |
- name: Build trivy scanner | |
run: | | |
make docker-build-trivy-scanner TRIVY_SCANNER_REPO=${{ env.REGISTRY }}/${REPO}-trivy-scanner TRIVY_SCANNER_TAG=test | |
- name: Run trivy for remover | |
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 | |
with: | |
image-ref: ${{ env.REGISTRY }}/remover:test | |
exit-code: "1" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
- name: Run trivy for eraser-manager | |
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 | |
with: | |
image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-manager:test | |
exit-code: "1" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
- name: Run trivy for collector | |
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 | |
with: | |
image-ref: ${{ env.REGISTRY }}/collector:test | |
exit-code: "1" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
- name: Run trivy for trivy-scanner | |
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 | |
with: | |
image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-trivy-scanner:test | |
exit-code: "1" | |
ignore-unfixed: true | |
vuln-type: "os,library" |