build(deps): bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 #1217
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: rr_cli_tests | |
on: | |
push: | |
branches: | |
- master | |
- stable | |
pull_request: | |
jobs: | |
validate-config-file: | |
name: Validate config file | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Setup nodejs | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "14" | |
- name: Install linter | |
run: npm install -g ajv-cli # Package page: <https://www.npmjs.com/package/ajv-cli> | |
- name: Run linter | |
run: ajv validate --all-errors --verbose -s ./schemas/config/3.0.schema.json -d ./.rr.yaml | |
golangci-lint: | |
name: Golang-CI (lint) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v4 # action page: <https://github.com/actions/setup-go> | |
with: | |
go-version: stable | |
- name: Run linter | |
uses: golangci/[email protected] | |
with: | |
version: v1.54 # without patch version | |
only-new-issues: false # show only new issues if it's a pull request | |
args: -v --build-tags=race --timeout=10m | |
go-test: | |
name: Unit tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: stable | |
- name: Check out code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 # Fixes codecov error 'Issue detecting commit SHA' | |
- name: Init Go modules Cache # Docs: <https://git.io/JfAKn#go---modules> | |
uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-go- | |
- name: Install Go dependencies | |
run: go mod download | |
- name: Run Unit tests | |
run: go test -race -covermode=atomic -coverprofile /tmp/coverage.txt ./... | |
- name: Upload Coverage report to CodeCov | |
continue-on-error: true | |
uses: codecov/[email protected] # https://github.com/codecov/codecov-action | |
with: | |
file: /tmp/coverage.txt | |
build: | |
name: Build for ${{ matrix.os }} | |
runs-on: ubuntu-latest | |
needs: [ go-test ] | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ linux, darwin, windows, freebsd ] | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v4 # action page: <https://github.com/actions/setup-go> | |
with: | |
go-version: stable | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Init Go modules Cache # Docs: <https://git.io/JfAKn#go---modules> | |
uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-go- | |
- name: Install Go dependencies | |
run: go mod download && go mod verify | |
- name: Generate version value | |
id: values # for PR this value will be `merge@__hash__`, SO: <https://stackoverflow.com/a/59780579/2252921> | |
run: | | |
echo "version=$(echo ${GITHUB_REF##*/} | sed -e 's/^[vV ]*//')" >> $GITHUB_OUTPUT | |
echo "timestamp=$(echo $(date +%FT%T%z))" >> $GITHUB_OUTPUT | |
- name: Compile binary file | |
env: | |
GOOS: ${{ matrix.os }} | |
GOARCH: amd64 | |
CGO_ENABLED: 0 | |
LDFLAGS: -s | |
-X github.com/roadrunner-server/roadrunner/v2023/internal/meta.version=${{ steps.values.outputs.version }} | |
-X github.com/roadrunner-server/roadrunner/v2023/internal/meta.buildTime=${{ steps.values.outputs.timestamp }} | |
run: go build -pgo=roadrunner.pprof -trimpath -ldflags "$LDFLAGS" -o ./rr ./cmd/rr | |
- name: Try to execute | |
if: matrix.os == 'linux' | |
run: ./rr -v | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: rr-${{ matrix.os }} | |
path: ./rr | |
if-no-files-found: error | |
retention-days: 10 | |
docker-image: | |
name: Build docker image | |
runs-on: ubuntu-latest | |
needs: [ go-test ] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Build image | |
run: docker build -t rr:local -f ./Dockerfile . | |
- name: Try to execute | |
run: docker run --rm rr:local -v | |
- uses: aquasecurity/[email protected] # action page: <https://github.com/aquasecurity/trivy-action> | |
with: | |
image-ref: rr:local | |
format: "table" | |
severity: HIGH,CRITICAL | |
exit-code: 1 |