Skip to content
make

Use file model MIME type instead of S3 content type #4938

Sign in to view logs

Use file model MIME type instead of S3 content type

Use file model MIME type instead of S3 content type #4938

Workflow file for this run

.github/workflows/make.yaml at 84b71af
name: "make"
on:
push:
branches:
- "main"
pull_request:
branches:
- "main"
jobs:
release-snapshot:
name: "release-snapshot"
runs-on: "ubuntu-24.04-64cores"
permissions:
contents: "read"
packages: "write"
id-token: "write"
security-events: "write"
steps:
- uses: "actions/checkout@v6"
with:
fetch-depth: 0
submodules: recursive
- uses: "actions/setup-go@v6"
with:
go-version: "1.26.1"
cache: true
- run: "go mod download"
- uses: "actions/setup-node@v6"
with:
node-version-file: ".nvmrc"
cache: "npm"
- run: "npm i -g npm@11.8.0"
- run: "npm ci"
- uses: "docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130" # v3.7.0
- uses: "docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f" # v3.12.0
- uses: "sigstore/cosign-installer@053f9b74638557590800a301da1ba82351507e2c" # v3.8.1
- name: Cache Trivy database
uses: "actions/cache@v5"
with:
path: ~/.cache/trivy
key: trivy-db-${{ runner.os }}-${{ github.run_id }}
restore-keys: |
trivy-db-${{ runner.os }}-
- uses: "anchore/sbom-action/download-syft@deef08a0db64bfad603422135db61477b16cef56" # v0.22.1
- uses: "goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a" # v6.4.0
with:
distribution: "goreleaser"
version: "~> v2"
args: "release --clean --snapshot"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Scan Docker image with Trivy
if: github.ref == 'refs/heads/main'
uses: "aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1" # 0.35.0
with:
image-ref: "ghcr.io/getprobo/probo:latest-amd64"
format: "sarif"
output: "trivy-results.sarif"
exit-code: 0
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
cache-dir: ~/.cache/trivy
- name: Scan Docker image with Trivy
if: github.ref != 'refs/heads/main'
uses: "aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1" # 0.35.0
with:
image-ref: "ghcr.io/getprobo/probo:latest-amd64"
format: "table"
exit-code: 1
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
cache-dir: ~/.cache/trivy
- name: Upload Trivy scan results to GitHub Security tab
if: github.ref == 'refs/heads/main'
uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1
with:
sarif_file: "trivy-results.sarif"
- uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 #v0.22.1
with:
path: ./
format: cyclonedx-json
output-file: sbom.json
- uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 #v7.3.1
with:
sbom: "sbom.json"
fail-build: true
severity-cutoff: critical
output-format: table
build:
name: "build"
runs-on: "ubuntu-22.04"
permissions:
contents: "read"
steps:
- uses: "actions/checkout@v6"
with:
submodules: recursive
- uses: "actions/setup-go@v6"
with:
go-version: "1.26.1"
cache: true
- run: "go mod download"
- uses: "actions/setup-node@v6"
with:
node-version-file: ".nvmrc"
cache: "npm"
- run: "npm i -g npm@11.8.0"
- run: "npm ci"
- run: "make build"
- uses: "actions/upload-artifact@v6"
with:
name: "build-artifacts"
path: |
bin/probod
apps/console/dist/
apps/trust/dist/
packages/emails/dist/
retention-days: 1
lint:
name: "lint"
needs: [build]
runs-on: "ubuntu-22.04"
permissions:
contents: "read"
pull-requests: "write"
checks: "write"
steps:
- uses: "actions/checkout@v6"
with:
submodules: recursive
- uses: "actions/setup-go@v6"
with:
go-version: "1.26.1"
cache: true
- run: "go mod download"
- uses: "actions/setup-node@v6"
with:
node-version-file: ".nvmrc"
cache: "npm"
- uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
with:
install-only: true
- uses: reviewdog/action-setup@d8a7baabd7f3e8544ee4dbde3ee41d0011c3a93f # v1.5.0
- run: "npm i -g npm@11.8.0"
- run: "npm ci"
- uses: "actions/download-artifact@v6"
with:
name: "build-artifacts"
- run: "chmod +x bin/probod"
- run: "make generate"
- run: "make go-fmt go-fix"
- name: "Run go vet"
run: "go vet ./..."
- name: "Run golangci-lint"
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
golangci-lint run --out-format=line-number ./... 2>&1 | \
reviewdog -f=golangci-lint -reporter=github-pr-review -filter-mode=nofilter -fail-level=error -name="golangci-lint"
else
golangci-lint run ./...
fi
- name: "Run eslint"
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
for dir in apps/console apps/trust packages/ui packages/eslint-config packages/n8n-node; do
(cd "$dir" && npx eslint . --concurrency 4 --format stylish 2>/dev/null) | \
reviewdog -f=eslint -reporter=github-pr-review -filter-mode=nofilter -fail-level=error -name="eslint ($dir)"
done
else
npm run lint
fi
test:
name: "test"
needs: [build]
runs-on: "ubuntu-22.04"
permissions:
contents: "read"
steps:
- uses: "actions/checkout@v6"
with:
submodules: recursive
- uses: "actions/setup-go@v6"
with:
go-version: "1.26.1"
cache: true
- run: "go mod download"
- uses: "actions/download-artifact@v6"
with:
name: "build-artifacts"
- run: "chmod +x bin/probod"
- run: "make generate"
- run: "make test"
env:
GOTESTSUM_JUNITFILE: "junit.xml"
- name: "Upload test results"
uses: "actions/upload-artifact@v6"
if: "always()"
with:
name: "junit-results"
path: "junit.xml"
retention-days: 30
- run: "make coverage-report"
- uses: "actions/upload-artifact@v6"
with:
name: "coverage-reports"
path: |
coverage.out
coverage.html
retention-days: 30
# Trivy ignore does not work for license scanning in Github action
# - uses: "aquasecurity/trivy-action@0.33.1"
# with:
# scan-type: "fs"
# scanners: "license"
# severity: "UNKNOWN,HIGH,CRITICAL"
# exit-code: 1
# trivyignores: ".trivyignore.yaml"
# trivy-config: "trivy.yaml"
test-e2e:
name: "test-e2e"
runs-on: "ubuntu-22.04"
permissions:
contents: "read"
steps:
- uses: "actions/checkout@v6"
with:
submodules: recursive
- uses: "actions/setup-go@v6"
with:
go-version: "1.26.1"
cache: true
- run: "go mod download"
- uses: "actions/setup-node@v6"
with:
node-version-file: ".nvmrc"
cache: "npm"
- run: "npm i -g npm@11.8.0"
- run: "sudo apt-get install -y mkcert"
- run: "sudo mkcert -install 2>&1 | grep -v 'no Firefox and/or Chrome/Chromium security databases found' || true"
- uses: "docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130" # v3.7.0
- uses: "docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f" # v3.12.0
- uses: "docker/setup-compose-action@364cc21a5de5b1ee4a7f5f9d3fa374ce0ccde746" # v1.2.0
- run: "npm ci"
- run: "make stack-up"
- run: "make stack-ps"
- name: "Inject root CA into e2e config"
run: |
# Use Python to properly inject the root CA PEM content into YAML
python3 << 'EOF'
import yaml
with open('compose/pebble/certs/rootCA.pem', 'r') as f:
root_ca = f.read()
with open('e2e/console/testdata/config.yaml', 'r') as f:
config = yaml.safe_load(f)
config['probod']['custom-domains']['acme']['root-ca'] = root_ca
with open('e2e/console/testdata/config.yaml', 'w') as f:
yaml.dump(config, f, default_flow_style=False, allow_unicode=True)
EOF
- run: "SKIP_APPS=1 make test-e2e"
env:
GOTESTSUM_JUNITFILE: "junit-e2e.xml"
- name: "Upload test results"
uses: "actions/upload-artifact@v6"
if: "always()"
with:
name: "junit-e2e-results"
path: "junit-e2e.xml"
retention-days: 30