Add trivy vulnerability scanner build step #1328
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: [push, pull_request] | |
name: Test | |
jobs: | |
test: | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- name: Get all changed files excluding docs and README | |
id: changed-files | |
uses: tj-actions/changed-files@v45 | |
with: | |
files_ignore: | | |
**/*.md | |
doc/*.{json,png,svg} | |
- name: Run Revive Action by building from repository | |
uses: morphy2k/[email protected] | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
exclude: "./vendor/..." | |
name: "Revive" | |
- name: Install kubebuilder tools | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: ./hack/install-kubebuilder-tools.sh | |
- name: Generate code | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: chmod +x vendor/k8s.io/code-generator/generate-internal-groups.sh && ./hack/generate-code.sh && hack/verify-codegen.sh | |
- name: Run go fmt | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: go fmt ./... | |
#run: diff -u <(echo -n) <(gofmt -d -s .) | |
- name: Run go vet | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: go vet --tags=test ./... | |
- name: Install static check | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: go install honnef.co/go/tools/cmd/staticcheck@latest | |
- name: Test | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: sudo PATH=${PATH}:./bin ./hack/test-go.sh | |
- name: Send coverage | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: shogo82148/actions-goveralls@v1 | |
with: | |
path-to-profile: coverage.out | |
flag-name: Go-${{ matrix.go }} | |
env: | |
KUBEBUILDER_ASSETS: "$(pwd)/bin" | |
e2e-test: | |
name: e2e test | |
runs-on: ubuntu-latest | |
env: | |
NUMBER_OF_COMPUTE_NODES: 5 | |
steps: | |
- name: Checkout code into the Go module directory | |
uses: actions/checkout@v4 | |
- name: Set up Go version | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- name: Get all changed files excluding docs and README | |
id: changed-files | |
uses: tj-actions/changed-files@v45 | |
with: | |
files_ignore: | | |
**/*.md | |
doc/*.{json,png,svg} | |
- name: Install requirements | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: sudo apt-get install nmap jq && ./hack/build-go.sh | |
- name: Get tools, setup KinD cluster test environment | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: source hack/e2e-get-test-tools.sh && ./hack/e2e-setup-kind-cluster.sh --number-of-compute $NUMBER_OF_COMPUTE_NODES | |
- name: Clear test-cache | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: go clean -testcache | |
- name: Execute golang based E2E tests | |
if: steps.changed-files.outputs.any_changed == 'true' | |
env: | |
KUBECONFIG: /home/runner/.kube/config | |
NUMBER_OF_THRASH_ITER: 20 | |
FILL_PERCENT_CAPACITY: 20 | |
run: pushd e2e; go test -v . -timeout 1h; popd | |