Bump gorm.io/gorm from 1.23.10 to 1.25.4 #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Validations" | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| # needed for running release pre-checks on merges to the main branch | |
| push: | |
| branches: | |
| - main | |
| env: | |
| CGO_ENABLED: "0" | |
| jobs: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| Static-Analysis: | |
| name: "Static analysis" | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| python: false | |
| - name: Run static analysis | |
| run: make static-analysis | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| Unit-Test: | |
| name: "Unit tests" | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| - name: Install dependencies and package | |
| run: | | |
| cd publish && poetry install | |
| - name: Run unit tests | |
| run: make unit | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| Build-Snapshot-Artifacts: | |
| name: "Build snapshot artifacts" | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| # why have another build cache key? We don't want unit/integration/etc test build caches to replace | |
| # the snapshot build cache, which includes builds for all OSs and architectures. As long as this key is | |
| # unique from the build-cache-key-prefix in other CI jobs, we should be fine. | |
| # | |
| # note: ideally this value should match what is used in release (just to help with build times). | |
| build-cache-key-prefix: "snapshot" | |
| bootstrap-apt-packages: "" | |
| python: false | |
| - name: Build snapshot artifacts | |
| run: make snapshot | |
| # why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach). | |
| # see https://github.com/actions/upload-artifact/issues/199 for more info | |
| - name: Upload snapshot artifacts | |
| uses: actions/cache/save@v3 | |
| with: | |
| path: snapshot | |
| key: snapshot-build-${{ github.run_id }} | |
| Discover-Schema-Versions: | |
| name: "Discover supported schema versions" | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| schema-versions: ${{ steps.read-schema-versions.outputs.schema-versions }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Read supported schema versions | |
| id: read-schema-versions | |
| run: | | |
| content=`cat grype-schema-version-mapping.json | jq -c 'keys'` | |
| echo "schema-versions=$content" >> $GITHUB_OUTPUT | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| Acceptance-Test: | |
| name: "Acceptance tests" | |
| needs: Discover-Schema-Versions | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| schema-version: ${{fromJson(needs.Discover-Schema-Versions.outputs.schema-versions)}} | |
| # set the permissions granted to the github token to read the pull cache from ghcr.io | |
| permissions: | |
| contents: read | |
| packages: read | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| # this downloads and initializes LFS, but does not pull the objects | |
| lfs: true | |
| - name: Checkout LFS objects | |
| # lfs pull does a lfs fetch and lfs checkout, this is NOT the same as "git pull" | |
| run: git lfs pull | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| - name: Install dependencies and package | |
| run: | | |
| cd test/acceptance && poetry install | |
| - name: Login to ghcr.io | |
| run: | | |
| echo ${{ secrets.GITHUB_TOKEN }} | oras login ghcr.io --username ${{ github.actor }} --password-stdin | |
| - name: Pull vulnerability data | |
| run: make download-all-provider-cache | |
| - name: Build DB | |
| run: | | |
| cd test/acceptance && \ | |
| poetry run python grype-ingest.py generate --schema-version ${{ matrix.schema-version }} | |
| - name: Test DB | |
| run: | | |
| cd test/acceptance && \ | |
| poetry run python grype-ingest.py test --schema-version ${{ matrix.schema-version }} | |
| Cli-Linux: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "CLI tests (Linux)" | |
| needs: [Build-Snapshot-Artifacts] | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| - name: Restore CLI test-fixture cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ github.workspace }}/test/cli/test-fixtures/cache | |
| key: ${{ runner.os }}-cli-test-cache-${{ hashFiles('test/cli/test-fixtures/cache.fingerprint') }} | |
| - name: Download snapshot build | |
| uses: actions/cache/restore@v3 | |
| with: | |
| path: snapshot | |
| key: snapshot-build-${{ github.run_id }} | |
| - name: Run CLI Tests (Linux) | |
| run: make cli |