kyverno/.github/workflows/images-build.yaml

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

name: Build images

permissions: {}

on:
  pull_request:
    branches:
      - main
      - release-*

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  build-images:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Setup caches
        uses: ./.github/actions/setup-caches
        timeout-minutes: 5
        continue-on-error: true
        with:
          build-cache-key: build-images
      - name: Setup build env
        uses: ./.github/actions/setup-build-env
        timeout-minutes: 10
      - name: ko build
        run: VERSION=${{ github.ref_name }} make ko-build-all
      - name: Trivy Scan Image
        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
        with:
          scan-type: 'fs'
          ignore-unfixed: true
          format: 'sarif'
          output: 'trivy-results.sarif'
          severity: 'CRITICAL,HIGH'
        env:
          # Trivy is returning TOOMANYREQUESTS
          # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
chore: configure gh workflows schemas (#9535) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-01-27 23:32:42 +01:00			`# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json`

chore: simplify images build workflow (#6025) * chore: simplify images build workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-18 18:09:37 +01:00			`name: Build images`

fix: reduce token permissions (#7721) * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reduce token permissions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-06-30 13:44:57 +02:00			`permissions: {}`

chore: simplify images build workflow (#6025) * chore: simplify images build workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-18 18:09:37 +01:00			`on:`
chore: reduce jobs run on push (#11080) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-09-10 16:52:09 +02:00			`pull_request:`
chore: simplify images build workflow (#6025) * chore: simplify images build workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-18 18:09:37 +01:00			`branches:`
chore: reduce jobs run on push (#11080) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-09-10 16:52:09 +02:00			`- main`
			`- release-*`
chore: simplify images build workflow (#6025) * chore: simplify images build workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-18 18:09:37 +01:00
			`concurrency:`
			`group: ${{ github.workflow }}-${{ github.ref }}`
			`cancel-in-progress: true`

			`jobs:`
			`build-images:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Checkout`
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#11351) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/d632683dd7b4114ad314bca15554477dd762a938...eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-10-08 09:20:08 +00:00			`uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1`
fix: cache error in gh workflows (#8518) * fix: cache error in gh workflows Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * setup caches Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-09-27 10:24:27 +02:00			`- name: Setup caches`
			`uses: ./.github/actions/setup-caches`
			`timeout-minutes: 5`
			`continue-on-error: true`
			`with:`
			`build-cache-key: build-images`
chore: simplify images build workflow (#6025) * chore: simplify images build workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-18 18:09:37 +01:00			`- name: Setup build env`
			`uses: ./.github/actions/setup-build-env`
chore: increase setup-build-env timeout (#8187) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-08-30 22:44:51 +02:00			`timeout-minutes: 10`
chore: simplify images build workflow (#6025) * chore: simplify images build workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-18 18:09:37 +01:00			`- name: ko build`
chore: implement expected tagging strategy (#6820) * chore: implement expected tagging strategy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-04-07 14:10:53 +02:00			`run: VERSION=${{ github.ref_name }} make ko-build-all`
chore: simplify images build workflow (#6025) * chore: simplify images build workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-18 18:09:37 +01:00			`- name: Trivy Scan Image`
chore(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (#10631) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/7c2007bcb556501da015201bcba5aa14069b74e2...6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-07-12 08:42:47 +00:00			`uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0`
chore: simplify images build workflow (#6025) * chore: simplify images build workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-18 18:09:37 +01:00			`with:`
			`scan-type: 'fs'`
			`ignore-unfixed: true`
			`format: 'sarif'`
			`output: 'trivy-results.sarif'`
			`severity: 'CRITICAL,HIGH'`
fix: use aws mirror of trivy db to fix rate limiter issue (#11342) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> 2024-10-07 18:09:28 +05:30			`env:`
			`# Trivy is returning TOOMANYREQUESTS`
			`# See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577`
			`TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'`