Skip to content

chore: bump the all group with 2 updates #3718

chore: bump the all group with 2 updates

chore: bump the all group with 2 updates #3718

Workflow file for this run

name: test
on:
push:
paths-ignore:
- "**.md"
- "hack/**"
- "docs/**"
pull_request:
paths-ignore:
- "**.md"
- "hack/**"
- "docs/**"
env:
REGISTRY: ghcr.io
permissions: read-all
jobs:
generate-bucket-id:
name: "Generate build id for storage"
uses: ./.github/workflows/build-id.yaml
build-images:
name: "Build images for e2e tests"
uses: ./.github/workflows/e2e-build.yaml
needs:
- generate-bucket-id
with:
bucket-id: ${{ needs.generate-bucket-id.outputs.bucket-id }}
e2e-test:
name: "Run e2e tests"
uses: ./.github/workflows/e2e-test.yaml
permissions:
contents: write
needs:
- build-images
- generate-bucket-id
with:
bucket-id: ${{ needs.generate-bucket-id.outputs.bucket-id }}
lint:
name: "Lint"
runs-on: ubuntu-latest
timeout-minutes: 40
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: "1.21"
check-latest: true
- name: lint manager
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
args: --timeout=10m
- name: lint remover
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
working-directory: pkg/remover
skip-pkg-cache: true
args: --timeout=10m
- name: lint collector
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
working-directory: pkg/collector
skip-pkg-cache: true
args: --timeout=10m
- name: lint trivvy scanner
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
working-directory: pkg/scanners/trivy
skip-pkg-cache: true
args: --timeout=10m
unit-test:
name: "Unit Tests"
runs-on: ubuntu-latest
timeout-minutes: 40
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
with:
egress-policy: audit
- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: "1.21"
check-latest: true
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
path: |
~/go/pkg/mod
~/.cache/go-build
- name: Check out code into the Go module directory
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Unit test
run: make test
- name: Codecov upload
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e
with:
flags: unittests
file: ./cover.out
fail_ci_if_error: false
check-manifest:
name: "Check codegen and manifest"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: "1.21"
check-latest: true
- name: Check go.mod and manifests
run: |
go mod tidy
git diff --exit-code
make generate manifests
git diff --exit-code
scan_vulnerabilities:
name: "[Trivy] Scan for vulnerabilities"
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Get repo
run: |
echo "REPO=$(echo $GITHUB_REPOSITORY | awk '{print tolower($0)}')" >> $GITHUB_ENV
- name: Build eraser-manager
run: |
make docker-build-manager MANAGER_REPO=${{ env.REGISTRY }}/${REPO}-manager MANAGER_TAG=test
- name: Build remover
run: |
make docker-build-remover REMOVER_REPO=${{ env.REGISTRY }}/remover REMOVER_TAG=test
- name: Build collector
run: |
make docker-build-collector COLLECTOR_REPO=${{ env.REGISTRY }}/collector COLLECTOR_TAG=test
- name: Build trivy scanner
run: |
make docker-build-trivy-scanner TRIVY_SCANNER_REPO=${{ env.REGISTRY }}/${REPO}-trivy-scanner TRIVY_SCANNER_TAG=test
- name: Run trivy for remover
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
with:
image-ref: ${{ env.REGISTRY }}/remover:test
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
- name: Run trivy for eraser-manager
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
with:
image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-manager:test
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
- name: Run trivy for collector
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
with:
image-ref: ${{ env.REGISTRY }}/collector:test
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
- name: Run trivy for trivy-scanner
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
with:
image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-trivy-scanner:test
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"