Merge pull request #1448 from mloiseleur/docs/autocomplete #2642

Workflow file for this run

	name: Scan
	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]
	schedule:
	- cron: '18 10 * * 3'

	permissions:
	contents: read # for actions/checkout to fetch code

	jobs:
	fossa:
	name: FOSSA
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.0.0
	- name: Run FOSSA scan and upload build data
	uses: fossa-contrib/fossa-action@cdc5065bcdee31a32e47d4585df72d66e8e941c2 # v3.0.0
	with:
	# FOSSA Push-Only API Token
	fossa-api-key: b429fea44d610229ac091ed8d1223bb9
	github-token: ${{ github.token }}

	codeql:
	name: CodeQL
	runs-on: ubuntu-latest
	permissions:
	security-events: write # for codeQL to write security events
	steps:
	- name: Checkout repository
	uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.0.0
	- name: Setup Go
	uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
	with:
	go-version-file: go.mod
	cache-dependency-path: \|
	**/go.sum
	**/go.mod
	- name: Initialize CodeQL
	uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
	with:
	languages: go
	- name: Autobuild
	uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7

	trivy:
	name: Trivy
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.0.0
	- name: Build tofu-controller image
	run: \|
	make docker-buildx
	- name: Run Trivy vulnerability scanner on controller image
	uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
	with:
	image-ref: 'ghcr.io/flux-iac/tofu-controller:latest'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	- name: Run Trivy vulnerability scanner on runner image
	uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
	with:
	image-ref: 'ghcr.io/flux-iac/tf-runner:latest'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	skip-files: '/usr/local/bin/terraform' # false positive
	- name: Run Trivy vulnerability scanner on runner image
	uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
	with:
	image-ref: 'ghcr.io/flux-iac/tf-runner-azure:latest'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	skip-files: '/usr/local/bin/terraform' # false positive
	- name: Run Trivy vulnerability scanner on planner image
	uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
	with:
	image-ref: 'ghcr.io/flux-iac/branch-planner:latest'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	skip-files: '/usr/local/bin/terraform' # false positive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1448 from mloiseleur/docs/autocomplete #2642

Workflow file

Merge pull request #1448 from mloiseleur/docs/autocomplete #2642

Jobs

Run details

Workflow file for this run