chore(deps-dev): Update coverage[toml] requirement from <8.0.0,>=7.6.10 to >=7.13.5,<8.0.0 #2508
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Validations" | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| # needed for running release pre-checks on merges to the main branch | |
| push: | |
| branches: | |
| - main | |
| env: | |
| CGO_ENABLED: "0" | |
| permissions: | |
| contents: read | |
| jobs: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| Static-Analysis: | |
| name: "Static analysis" | |
| permissions: | |
| contents: read | |
| runs-on: runs-on=${{ github.run_id }}/cpu=2/ram=8/family=m5+m6+m7+t3+t4/spot=price-capacity-optimized | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| - name: Run static analysis | |
| run: make static-analysis | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| Unit-Test-Go: | |
| name: "Unit tests (Go)" | |
| permissions: | |
| contents: read | |
| runs-on: runs-on=${{ github.run_id }}/cpu=2/ram=8/family=m5+m6+m7+t3+t4/spot=price-capacity-optimized | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| python: false | |
| - name: Run go unit tests | |
| run: make unit | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| Unit-Test-Python: | |
| name: "Unit tests (Python)" | |
| permissions: | |
| contents: read | |
| runs-on: runs-on=${{ github.run_id }}/cpu=2/ram=8/family=m5+m6+m7+t3+t4/spot=price-capacity-optimized | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| go: false | |
| - name: Run python unit tests | |
| run: make unit-python | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| Build-Snapshot-Artifacts: | |
| name: "Build snapshot artifacts" | |
| permissions: | |
| contents: read | |
| runs-on: runs-on=${{ github.run_id }}/cpu=16/ram=32/family=c5+c6+c7/spot=price-capacity-optimized | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| # why have another build cache key? We don't want unit/integration/etc test build caches to replace | |
| # the snapshot build cache, which includes builds for all OSs and architectures. As long as this key is | |
| # unique from the build-cache-key-prefix in other CI jobs, we should be fine. | |
| # | |
| # note: ideally this value should match what is used in release (just to help with build times). | |
| build-cache-key-prefix: "snapshot" | |
| bootstrap-apt-packages: "" | |
| python: false | |
| - name: Build snapshot artifacts | |
| run: make snapshot | |
| # why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach). | |
| # see https://github.com/actions/upload-artifact/issues/199 for more info | |
| - name: Upload snapshot artifacts | |
| uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 #v5.0.4 | |
| with: | |
| path: snapshot | |
| key: snapshot-build-${{ github.run_id }} | |
| Discover-Schema-Versions: | |
| name: "Discover supported schema versions" | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| schema-versions: ${{ steps.read-schema-versions.outputs.schema-versions }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Read supported schema versions | |
| id: read-schema-versions | |
| run: | | |
| content=`cat manager/src/grype_db_manager/data/schema-info.json | jq -c '[.available[] | select(.supported == true) | select(.validate != false) | .schema]'` | |
| echo "schema-versions=$content" >> $GITHUB_OUTPUT | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| Acceptance-Test: | |
| name: "Acceptance tests" | |
| needs: Discover-Schema-Versions | |
| runs-on: runs-on=${{ github.run_id }}-acceptance-${{ strategy.job-index }}/family=i7ie/cpu=4+16/ram=32+64/spot=price-capacity-optimized | |
| strategy: | |
| matrix: | |
| schema-version: ${{fromJson(needs.Discover-Schema-Versions.outputs.schema-versions)}} | |
| # set the permissions granted to the github token to read the pull cache from ghcr.io | |
| permissions: | |
| contents: read | |
| packages: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| submodules: true | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| - name: Login to ghcr.io | |
| run: make ci-oras-ghcr-login | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITHUB_USERNAME: ${{ github.actor }} | |
| - name: Pull latest vulnerability data | |
| run: make download-all-provider-cache date=latest | |
| - name: Build and validate the DB | |
| env: | |
| FORCE_COLOR: true | |
| SCHEMA_VERSION: ${{ matrix.schema-version }} | |
| run: make db-acceptance schema="$SCHEMA_VERSION" | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| # and possibly in branch protection rules | |
| Acceptance-Test-Gate: | |
| name: "DB acceptance tests" | |
| needs: Acceptance-Test | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check acceptance test results | |
| env: | |
| ACCEPTANCE_RESULT: ${{ needs.Acceptance-Test.result }} | |
| run: | | |
| if [[ "$ACCEPTANCE_RESULT" != "success" ]]; then | |
| echo "Acceptance tests failed with result: $ACCEPTANCE_RESULT" | |
| exit 1 | |
| fi | |
| echo "All acceptance tests passed" | |
| Cli-Go-Linux: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "CLI tests (Go-Linux)" | |
| permissions: | |
| contents: read | |
| needs: [Build-Snapshot-Artifacts] | |
| runs-on: runs-on=${{ github.run_id }}/cpu=2/ram=8/family=m5+m6+m7+t3+t4/spot=price-capacity-optimized | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| python: false | |
| - name: Restore CLI test-fixture cache | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 #v5.0.4 | |
| with: | |
| path: ${{ github.workspace }}/test/cli/test-fixtures/cache | |
| key: ${{ runner.os }}-cli-test-cache-${{ hashFiles('test/cli/test-fixtures/cache.fingerprint') }} | |
| - name: Download snapshot build | |
| uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 #v5.0.4 | |
| with: | |
| path: snapshot | |
| key: snapshot-build-${{ github.run_id }} | |
| - name: Run Go CLI Tests (Linux) | |
| run: make cli-go | |
| Cli-Python: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "CLI tests (Python)" | |
| permissions: | |
| contents: read | |
| runs-on: runs-on=${{ github.run_id }}/cpu=8/ram=32/family=m5+m6+m7+t3+t4/spot=price-capacity-optimized | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| submodules: true | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| - name: Run Python CLI Tests | |
| run: make cli-python |