Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix workflow #207

Merged
merged 3 commits into from
Sep 6, 2024
Merged

Fix workflow #207

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
957e5a6
Format action
VOID404 Sep 6, 2024
64f6124
Add fallback file detection, fix setup checkout
VOID404 Sep 6, 2024
63043f3
Fix workflow
VOID404 Sep 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
120 changes: 66 additions & 54 deletions .github/workflows/compass-manager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ on:
branches:
- main
tags:
- '[0-9]+.[0-9]+.[0-9]+'
- '[0-9]+.[0-9]+.[0-9]+-*'
- "[0-9]+.[0-9]+.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-*"
paths-ignore:
- .reuse
- hack/
Expand Down Expand Up @@ -36,22 +36,31 @@ jobs:
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.tag.outputs.tag }}
code: ${{ steps.detect-files.outputs.code_any_changed }}
code: ${{ steps.detect-files.outputs.code_any_changed || steps.fallback-values.outputs.code_any_changed}}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- id: tag
if: github.event_name == 'push' && github.ref_type == 'tag'
run: echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
- name: Detect files
id: detect-files
continue-on-error: true
uses: tj-actions/changed-files@d6babd6899969df1a11d14c368283ea4436bca78
with:
files_yaml: |
code:
- ./**.go
- ./go.mod
- ./go.sum
- name: Fallback values
id: fallback-values
if: steps.detect-files.outcome != 'success'
run: |
echo "code_any_changed=true" >> $GITHUB_OUTPUT

unit-tests:
permissions:
Expand All @@ -60,29 +69,35 @@ jobs:
if: needs.setup.outputs.code == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up go environment
uses: actions/setup-go@v4
with:
cache-dependency-path: go.sum
go-version-file: go.mod
- name: Run unit tests
run: make test | tee test.log
- name: Upload test logs artifact
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: test.log
path: test.log
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Set up go environment
uses: actions/setup-go@v4
with:
cache-dependency-path: go.sum
go-version-file: go.mod
- name: Run unit tests
run: make test | tee unit-test.log
- name: Upload test logs artifact
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: unit-test.log
path: test.log

trivy:
permissions:
contents: read
runs-on: "ubuntu-20.04"
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}

- name: Install trivy
run: |
Expand All @@ -93,38 +108,24 @@ jobs:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: 'fs'
scan-ref: '.'
scan-type: "fs"
scan-ref: "."

exit-code: 1
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
ignore-unfixed: false
timeout: '5m0s'
vuln-type: 'os,library'

format: json
output: 'trivy-results.json'

- name: Convert results
if: success() || failure()
run: |
./trivy/trivy convert -f table -o trivy-results.txt trivy-results.json
./trivy/trivy convert -f sarif -o trivy-results.sarif trivy-results.json
timeout: "5m0s"
vuln-type: "os,library"

- name: Upload Trivy scan results to GitHub Security tab
if: (success() || failure()) && github.ref == 'refs/heads/main'
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
format: table
output: "trivy-results.txt"

- name: Upload trivy table
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: trivy-results.txt
path: trivy-results.txt


build-image:
needs: setup
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main
Expand All @@ -136,31 +137,42 @@ jobs:

summary:
runs-on: ubuntu-latest
needs: [setup, build-image, unit-tests, trivy]
needs: [build-image, unit-tests, trivy]
if: success() || failure()
steps:
- name: "Download test log"
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: test.log
- name: "Download trivy log"
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: trivy-results.txt
- name: "Generate summary"
run: |
{
echo '# Compass Manager'
echo '## Trivy'
echo '```txt'
cat trivy-results.txt
echo '```'
echo '## Test Log'
echo '```'
cat test.log
echo '```'
echo '## Images'
echo '```json'
echo '${{ needs.build-image.outputs.images }}' | jq
echo '```'
} >> $GITHUB_STEP_SUMMARY
# if trivy-results.txt exists
if [ -f trivy-results.txt ]; then
echo '## Trivy'
printf '\n```txt\n'
cat trivy-results.txt
printf '\n```\n'
fi
# if test.log exists
if [ -f test.log ]; then
echo '## Unit Tests'
printf '\n```\n'
cat test.log
printf '\n```\n'
fi
# if build-image was successful
if [ "${{ needs.build-image.result }}" == "success" ]; then
echo '## Image'
echo '```json'
echo '${{ needs.build-image.outputs.images }}' | jq
echo '```'
fi
} >> $GITHUB_STEP_SUMMARY
Loading