chore: resolve cosign cves #12559
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Big Bang extension | |
| on: | |
| pull_request: | |
| paths-ignore: | |
| - "**.md" | |
| - "**.jpg" | |
| - "**.png" | |
| - "**.gif" | |
| - "**.svg" | |
| - "adr/**" | |
| - "docs/**" | |
| - "CODEOWNERS" | |
| merge_group: | |
| paths-ignore: | |
| - "**.md" | |
| - "**.jpg" | |
| - "**.png" | |
| - "**.gif" | |
| - "**.svg" | |
| - "adr/**" | |
| - "docs/**" | |
| - "CODEOWNERS" | |
| permissions: | |
| contents: read | |
| # Abort prior jobs in the same workflow / PR | |
| concurrency: | |
| group: e2e-bb-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-bigbang: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup golang | |
| uses: ./.github/actions/golang | |
| - name: Build Zarf binary | |
| uses: ./.github/actions/packages | |
| with: | |
| init-package: "false" | |
| build-examples: "false" | |
| - name: Login to Iron Bank | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} | |
| env: | |
| IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} | |
| with: | |
| registry: registry1.dso.mil | |
| username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} | |
| password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} | |
| - name: Build a registry1.dso.mil Zarf 'init' package | |
| if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} | |
| env: | |
| IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} | |
| run: make ib-init-package | |
| # Upload the contents of the build directory for later stages to use | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
| with: | |
| name: build-artifacts | |
| path: build/ | |
| retention-days: 1 | |
| validate-bigbang: | |
| runs-on: ubuntu-latest | |
| needs: build-bigbang | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: build-artifacts | |
| path: build/ | |
| - name: Setup golang | |
| uses: ./.github/actions/golang | |
| - name: Make Zarf executable | |
| run: | | |
| chmod +x build/zarf | |
| # Before we run the tests we need to aggressively cleanup files to reduce disk pressure | |
| - name: Cleanup files | |
| uses: ./.github/actions/cleanup-files | |
| - name: Setup K3d | |
| uses: ./.github/actions/k3d | |
| - name: Login to Iron Bank | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} | |
| env: | |
| IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} | |
| with: | |
| registry: registry1.dso.mil | |
| username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} | |
| password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} | |
| - name: Run tests | |
| if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} | |
| env: | |
| IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} | |
| run: | | |
| sudo mkdir /mnt/zarf-tmp | |
| sudo chown -R runner:runner /mnt/zarf-tmp | |
| CI=true go test ./src/extensions/bigbang/test -failfast -v -timeout 30m | |
| - name: Save logs | |
| uses: ./.github/actions/save-logs |