Skip to content

Update anchore/sbom-action digest to df80a98 #1677

Update anchore/sbom-action digest to df80a98

Update anchore/sbom-action digest to df80a98 #1677

Workflow file for this run

name: Build
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
build:
name: Build
runs-on: ubuntu-24.04
if: ${{ github.event.head_commit.message != '[Release] Update Chart.yaml' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get head sha
id: parse-commit-sha
run: |
head=$(git rev-parse HEAD)
echo "head_commit_sha=${head}" >> $GITHUB_ENV
echo "Head commit sha ${head}"
- name: Get merge request latest commit
id: parse-commit
if: ${{ github.event_name == 'pull_request' }}
run: |
msg=$(git show -s --format=%s)
echo "head_commit_message=${msg}" >> $GITHUB_ENV
echo "Latest commit: ${msg}"
echo "Env commit ${{env.head_commit_message}}"
echo "Contains msg ${{ contains(env.head_commit_message, '#skip-lint') }}"
- name: Secret Scanning
uses: trufflesecurity/trufflehog@main
with:
extra_args: --only-verified
- name: Setup Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
with:
go-version-file: "go.mod"
- name: Build agent go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-agent
- name: Build controller go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-controller
- name: Build image-scanner go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-image-scanner
- name: Build linter go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-linter
- name: Run golangci-lint
# You may pin to the exact commit or the version.
# uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc
if: ${{ github.event_name == 'pull_request' && !contains(env.head_commit_message, '#skip-lint') }}
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
args: -v --timeout=5m
version: v1.60.3
- name: Test
if: ${{ github.event_name == 'pull_request' && !contains(env.head_commit_message, '#skip-test') }}
run: go test -race -short ./...
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker build and push pr (controller)
if: ${{ github.event_name == 'pull_request' }}
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
context: .
file: ./Dockerfile.controller
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-controller:${{ env.head_commit_sha }}
- name: Docker build and push pr (agent)
if: ${{ github.event_name == 'pull_request' }}
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
context: .
file: ./Dockerfile.agent
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-agent:${{ env.head_commit_sha }}
- name: Docker build and push pr (scanners)
if: ${{ github.event_name == 'pull_request' }}
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
context: .
file: ./Dockerfile.scanners
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-scanners:${{ env.head_commit_sha }}
- name: Docker build and push main (controller)
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release'}}
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
context: .
file: ./Dockerfile.controller
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-controller:${{ env.head_commit_sha }},ghcr.io/castai/kvisor/kvisor-controller:latest
- name: Docker build and push main (agent)
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release'}}
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
context: .
file: ./Dockerfile.agent
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-agent:${{ env.head_commit_sha }},ghcr.io/castai/kvisor/kvisor-agent:latest
- name: Docker build and push main (scanners)
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release'}}
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
context: .
file: ./Dockerfile.scanners
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-scanners:${{ env.head_commit_sha }},ghcr.io/castai/kvisor/kvisor-scanners:latest
- name: Summary
run: |
echo "**Pushed docker images:**" >> $GITHUB_STEP_SUMMARY
echo "ghcr.io/castai/kvisor/kvisor-controller:${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "ghcr.io/castai/kvisor/kvisor-agent:${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "ghcr.io/castai/kvisor/kvisor-scanners:${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Upgrade with helm:**" >> $GITHUB_STEP_SUMMARY
echo "helm upgrade castai-kvisor castai-helm/castai-kvisor -n castai-agent --reuse-values --set image.tag=${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY
# TODO: we might want to run the tests both in ubuntu-22.04, as well as ubuntu-20.04 to test
# if we everything is working with cgroups v1 and v2
e2e:
name: E2E
runs-on: ubuntu-24.04
if: ${{ github.event_name == 'pull_request' }}
needs: build
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get head sha
id: parse-commit-sha
run: |
head=$(git rev-parse HEAD)
echo "head_commit_sha=${head}" >> $GITHUB_ENV
echo "Head commit sha ${head}"
- name: Setup Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
with:
go-version-file: "go.mod"
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
config: ./e2e/kind-config.yaml
cluster_name: kvisor-e2e
- name: Run e2e
shell: bash
run: |
KIND_CONTEXT=kvisor-e2e IMAGE_TAG=${{ env.head_commit_sha }} ./e2e/run.sh