Skip to content
Test & Build

Track Kubernetes Channels for latest versions #467

Sign in to view logs

Track Kubernetes Channels for latest versions

Track Kubernetes Channels for latest versions #467

Workflow file for this run

.github/workflows/build-test.yaml at 9bbac27
name: Test & Build
on:
pull_request:
branches:
- "main"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
checks: write # for golangci/golangci-lint-action to annotate Pull Requests
name: Lint Go code
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Golang
uses: actions/setup-go@v6
with:
go-version-file: go.mod
- name: Run golangci-lint
uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
with:
version: v2.1.0
args: --timeout 10m --verbose --issues-exit-code=0
only-new-issues: true
code-scan:
name: Code Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/[email protected]
continue-on-error: true
with:
scan-type: "fs"
ignore-unfixed: true
exit-code: "1"
format: "sarif"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH,MEDIUM"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
govulncheck:
runs-on: ubuntu-latest
name: Run govulncheck
steps:
# We only need to checkout as govuln does the go setup...
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: govulncheck
uses: golang/govulncheck-action@v1
with:
go-version-file: go.mod
go-package: ./...
test:
name: Run unit tests for Go packages
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Golang
uses: actions/setup-go@v6
with:
go-version-file: go.mod
- name: Download and required packages
run: |
make deps
- name: Run all unit tests
run: make test
- name: check test coverage
uses: vladopajic/go-test-coverage@v2
with:
config: ./.testcoverage.yml
- name: Trigger Coverage update
uses: ./.github/workflows/coverage-badge.yaml
continue-on-error: true
- name: Generate code coverage artifacts
uses: actions/upload-artifact@v4
with:
name: code-coverage
path: coverage.out
build:
needs:
- test
- lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64
name: Build Images
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: ${{ matrix.platform }}
driver: docker-container
use: true
- name: Build Images
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.platform }}
push: false
tags: quay.io/jetstack/version-checker:${{github.sha}}
cache-from: type=gha
cache-to: type=gha,mode=max
# https://github.com/docker/buildx/issues/1714
# Whilst trivy says it supports .tar etc, it wouldn't work in gha or locally on my machine.
outputs: |-
type=oci,tar=false,compression=uncompressed,dest=./.oci-image
attests: |-
type=sbom
type=provenance,mode=max
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
input: ./.oci-image
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
- name: "Cleanup OCI Image from FS"
run: rm -rf ./.oci-image