Skip to content

Remove reuse/dep5 as depreceated #74

Remove reuse/dep5 as depreceated

Remove reuse/dep5 as depreceated #74

name: Compass Manager
on:
push:
branches:
- main
tags:
- "[0-9]+.[0-9]+.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-*"
paths-ignore:
- .reuse
- hack/
- LICENSES/
- LICENSE
- .gitignore
- "**.md"
pull_request_target:
types: [opened, synchronize, reopened]
paths-ignore:
- .reuse
- hack/
- LICENSES/
- LICENSE
- .gitignore
- "**.md"
permissions:
id-token: write # This is required for requesting the JWT token
contents: read # This is required for actions/checkout
env:
unit-test-log: unit-test.log
trivy-table: trivy-table.txt
jobs:
setup:
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.tag.outputs.tag }}
code: ${{ steps.detect-files.outputs.code_any_changed || steps.fallback-values.outputs.code_any_changed}}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- id: tag
if: github.event_name == 'push' && github.ref_type == 'tag'
run: echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
- name: Detect files
id: detect-files
continue-on-error: true
uses: tj-actions/changed-files@d6babd6899969df1a11d14c368283ea4436bca78
with:
files_yaml: |
code:
- ./**.go
- ./go.mod
- ./go.sum
- name: Fallback values
id: fallback-values
if: steps.detect-files.outcome != 'success'
run: |
echo "code_any_changed=true" >> $GITHUB_OUTPUT
unit-tests:
permissions:
contents: read
needs: setup
if: needs.setup.outputs.code == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Set up go environment
uses: actions/setup-go@v4
with:
cache-dependency-path: go.sum
go-version-file: go.mod
- name: Run unit tests
run: make test | tee ${{ env.unit-test-log }}
- name: Upload test logs artifact
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: ${{ env.unit-test-log }}
path: ${{ env.unit-test-log }}
trivy:
permissions:
contents: read
runs-on: "ubuntu-20.04"
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Install trivy
run: |
mkdir ./trivy
curl -L https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar xvz --directory=./trivy
./trivy/trivy --version
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
scan-type: "fs"
scan-ref: "."
exit-code: 1
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
ignore-unfixed: false
timeout: "5m0s"
vuln-type: "os,library"
format: table
output: ${{ env.trivy-table }}
- name: Upload trivy table
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ env.trivy-table }}
path: ${{ env.trivy-table }}
- name: Print trivy table
if: success() || failure()
run: cat ${{ env.trivy-table }}
build-image:
needs: setup
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: compass-manager
dockerfile: Dockerfile
context: .
tags: ${{ needs.setup.outputs.tag }}
summary:
runs-on: ubuntu-latest
needs: [build-image, unit-tests, trivy]
if: success() || failure()
steps:
- name: "Download test log"
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: ${{ env.unit-test-log }}
- name: "Download trivy log"
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: ${{ env.trivy-table }}
- name: "Generate summary"
run: |
{
echo '# Compass Manager'
# if trivy results table exists
if [ -f ${{ env.trivy-table }} ]; then
echo '## Trivy'
printf '\n```txt\n'
cat ${{ env.trivy-table }}
printf '\n```\n'
fi
# if test log exists
if [ -f ${{ env.unit-test-log }} ]; then
echo '## Unit Tests'
printf '\n<details>\n<summary>click to expand logs</summary>\n'
printf '\n```\n'
cat ${{ env.unit-test-log }}
printf '\n```\n</details>\n'
fi
# if build-image was successful
if [ "${{ needs.build-image.result }}" == "success" ]; then
printf '\n\n## Image\n'
printf '\n```json\n'
echo '${{ needs.build-image.outputs.images }}' | jq
printf '\n```\n'
fi
} >> $GITHUB_STEP_SUMMARY