-
Notifications
You must be signed in to change notification settings - Fork 108
97 lines (96 loc) · 4.58 KB
/
pr-checker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
name: pullrequest-build-and-scan
on:
pull_request:
types: [opened, synchronize, reopened]
branches:
- ci_dev
- ci_prod
jobs:
LINUX-build-and-scan:
runs-on: ubuntu-latest
steps:
- name: Set-workflow-initiator
run: echo "Initiated by - ${GITHUB_ACTOR}"
- name: Set-branch-name-for-pr
if: ${{ github.event_name == 'pull_request' }}
run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / _)" >> $GITHUB_ENV
- name: Set-Env
run: echo "ENV=dev" >> $GITHUB_ENV
- name: Set-ACR-Registry
run: echo "ACR_REGISTRY=containerinsightsprod.azurecr.io" >> $GITHUB_ENV
- name: Set-ACR-Repository
run: echo "ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev" >> $GITHUB_ENV
- name: Set-image-tag-name
run: echo "IMAGE_TAG_NAME=cidev" >> $GITHUB_ENV
- name: Set-image-tag-suffix
run: echo "IMAGE_TAG_DATE=$(date +%m-%d-%Y)" >> $GITHUB_ENV
- name: Set-commit-sha
run: echo "COMMIT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV
- name: Set-image-tag
run: echo "IMAGETAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV
- name: Set-image-telemetry-tag
run: echo "IMAGETAG_TELEMETRY=${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV
- name: Set-Helm-OCI-Experimental-feature
run: echo "HELM_EXPERIMENTAL_OCI=1" >> $GITHUB_ENV
- name: Set-Helm-chart-version
run: echo "HELM_CHART_VERSION=0.0.1" >> $GITHUB_ENV
- name: Set-Helm-tag
run: echo "HELMTAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-chart-${BRANCH_NAME}-${HELM_CHART_VERSION}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV
- name: Checkout-code
uses: actions/checkout@v2
- name: Show-versions-On-build-machine
run: lsb_release -a && go version && helm version && docker version
- name: Install-build-dependencies
run: sudo apt-get install build-essential -y
- name: Build-source-code
run: cd ./build/linux/ && make
- name: Create-docker-image
run: |
cd ./kubernetes/linux/ && docker build . --file Dockerfile.multiarch -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY
- name: List-docker-images
run: docker images --digests --all
- name: Run-trivy-scanner-on-docker-image
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ env.IMAGETAG }}"
format: 'table'
severity: 'CRITICAL,HIGH'
vuln-type: 'os,library'
exit-code: '1'
timeout: '5m0s'
ignore-unfixed: true
WINDOWS-build:
runs-on: windows-2019
steps:
- name: Set-workflow-initiator
run: echo ("Initiated by -" + $env:GITHUB_ACTOR)
- name: Set-branch-name-for-pr
if: ${{ github.event_name == 'pull_request' }}
run: echo ("BRANCH_NAME=" + $env:GITHUB_HEAD_REF.replace('/','_')) >> $env:GITHUB_ENV
- name: Set-Env
run: echo ("ENV=dev") >> $env:GITHUB_ENV
- name: Set-ACR-Registry
run: echo ("ACR_REGISTRY=containerinsightsprod.azurecr.io") >> $env:GITHUB_ENV
- name: Set-ACR-Repository
run: echo ("ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev") >> $env:GITHUB_ENV
- name: Set-image-tag-name
run: echo ("IMAGE_TAG_NAME=cidev-win") >> $env:GITHUB_ENV
- name: Set-image-tag-suffix
run: echo ("IMAGE_TAG_DATE="+ (Get-Date -Format "MM-dd-yyyy")) >> $env:GITHUB_ENV
- name: Set-commit-sha
run: echo ("COMMIT_SHA=" + $env:GITHUB_SHA.SubString(0,8)) >> $env:GITHUB_ENV
- name: Set-image-tag
run: echo ("IMAGETAG=" + $env:ACR_REGISTRY + $env:ACR_REPOSITORY + ":" + $env:IMAGE_TAG_NAME + "-" + $env:BRANCH_NAME + "-" + $env:IMAGE_TAG_DATE + "-" + $env:COMMIT_SHA) >> $env:GITHUB_ENV
- name: Set-image-telemetry-tag
run: echo ("IMAGETAG_TELEMETRY=" + $env:IMAGE_TAG_NAME + "-" + $env:BRANCH_NAME + "-" + $env:IMAGE_TAG_DATE + "-" + $env:COMMIT_SHA) >> $env:GITHUB_ENV
- name: Checkout-code
uses: actions/checkout@v2
- name: Show-versions-On-build-machine
run: systeminfo && go version && docker version
- name: Build-source-code
run: cd ./build/windows/ && & .\Makefile.ps1
- name: Create-docker-image
run: |
cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $env:IMAGETAG --build-arg WINDOWS_VERSION=ltsc2019 --build-arg IMAGE_TAG=$env:IMAGETAG_TELEMETRY
- name: List-docker-images
run: docker images --digests --all