Skip to content
Precommit - Scan security vulnerabilities

bump go 1.24.10 #598

Sign in to view logs

bump go 1.24.10

bump go 1.24.10 #598

Workflow file for this run

.github/workflows/trivy.yml at f2b56a5
name: Precommit - Scan security vulnerabilities
on:
pull_request:
branches:
- "*"
paths-ignore:
- "docs/**"
- "README.md"
- "CHANGELOG.md"
- "PROJECT"
- "LICENSE"
- "mesh-worker-service/README.md"
- "tools/README.md"
permissions:
pull-requests: write
issues: write
jobs:
build:
name: Scan
permissions:
pull-requests: write
issues: write
runs-on: ubuntu-latest
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
repository: ${{github.event.pull_request.head.repo.full_name}}
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up GO 1.24.10
uses: actions/setup-go@v1
with:
go-version: 1.24.10
id: go
- name: InstallKubebuilder
run: |
curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.1/kubebuilder_2.3.1_linux_amd64.tar.gz | tar -xz -C /tmp/
sudo mv /tmp/kubebuilder_2.3.1_linux_amd64 /usr/local/kubebuilder
export PATH=$PATH:/usr/local/kubebuilder/bin
- name: Install operator-sdk
run: |
RELEASE_VERSION=v1.29.0
curl -LO "https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk_linux_amd64"
chmod +x operator-sdk_linux_amd64 && sudo mkdir -p /usr/local/bin/ && sudo mv operator-sdk_linux_amd64 /usr/local/bin/operator-sdk
- name: Set up yq
run: |
sudo wget https://github.com/mikefarah/yq/releases/download/v4.30.4/yq_linux_amd64 -O /usr/bin/yq
sudo chmod +x /usr/bin/yq
yq --help
- name: Build operator image
run: |
make generate
make helm-crds
image="function-mesh-operator:latest"
IMG=${image} make docker-build-skip-test
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "function-mesh-operator:latest"
format: "table"
exit-code: "1"
- name: Build runner images
run: |
PULSAR_IMAGE_TAG=3.2.2.6 PULSAR_IMAGE=streamnative/sn-platform KIND_PUSH=false images/build.sh
- name: Run Trivy vulnerability scanner for java
id: scan-java-runner
uses: aquasecurity/trivy-action@master
with:
image-ref: "pulsar-functions-java-runner:latest"
format: "table"
exit-code: "0"
- name: Run Trivy vulnerability scanner for python
id: scan-python-runner
uses: aquasecurity/trivy-action@master
with:
image-ref: "pulsar-functions-python-runner:latest"
format: "table"
exit-code: "0"
- name: Run Trivy vulnerability scanner for go
id: scan-go-runner
uses: aquasecurity/trivy-action@master
with:
image-ref: "pulsar-functions-go-runner:latest"
format: "table"
exit-code: "0"
- name: Run Trivy vulnerability scanner for java with pulsarctl
id: scan-java-pulsarctl-runner
uses: aquasecurity/trivy-action@master
with:
image-ref: "pulsar-functions-pulsarctl-java-runner:latest"
format: "table"
exit-code: "0"
- name: Run Trivy vulnerability scanner for python with pulsarctl
id: scan-python-pulsarctl-runner
uses: aquasecurity/trivy-action@master
with:
image-ref: "pulsar-functions-pulsarctl-python-runner:latest"
format: "table"
exit-code: "0"
- name: Run Trivy vulnerability scanner for go with pulsarctl
id: scan-go-pulsarctl-runner
uses: aquasecurity/trivy-action@master
with:
image-ref: "pulsar-functions-pulsarctl-go-runner:latest"
format: "table"
exit-code: "0"