Skip to content
CI/CD Pipeline

Chore/repo maintanance #144

Sign in to view logs

Chore/repo maintanance

Chore/repo maintanance #144

Workflow file for this run

.github/workflows/ci.yaml at c78180d
name: CI/CD Pipeline
on:
pull_request:
paths:
- go.mod
- '**.go'
- .github/workflows/**
- website/**
- build/**
permissions:
id-token: write
contents: read
jobs:
code-quality:
name: Code Quality Checks and Static Code Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
submodules: recursive
# - name: Code Quality Checks and Static Code Analysis
# run: make go-lint
unit-tests:
name: Unit Testing
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
submodules: recursive
# - name: Unit Testing
# env:
# GOCACHE: ${{ runner.temp }}/go-build-cache
# run: make go-test
security-scanning:
name: Security Scanning
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
submodules: recursive
- id: trivy-db
name: Check Trivy DB SHA
env:
GH_TOKEN: ${{ github.token }}
run: |
endpoint='/orgs/aquasecurity/packages/container/trivy-db/versions'
headers='Accept: application/vnd.github+json'
jqFilter='.[] | select(.metadata.container.tags[] | contains("latest")) | .name | sub("sha256:";"")'
sha=$(gh api -H "${headers}" "${endpoint}" | jq --raw-output "${jqFilter}")
echo "Trivy DB sha256:${sha}"
echo "SHA=${sha}" >> "$GITHUB_OUTPUT"
- name: Cache Trivy Database
id: trivy-cache
uses: actions/cache@v4
with:
path: trivy/.cache
key: trivy-db-${{ runner.os }}-${{ steps.trivy-db.outputs.SHA }}
restore-keys: |
trivy-db-${{ runner.os }}-
- name: Security Scanning with Trivy
if: steps.trivy-cache.outputs.cache-hit != 'true'
run: make trivy-scan TRIVY_ARGS="fs --cache-dir trivy/.cache ."
package:
name: Package and Push Docker Image
uses: ./.github/workflows/package.yaml
secrets:
provider_name: ${{ secrets.PROVIDER_NAME }}
service_account_email: ${{ secrets.SA_EMAIL }}