name: image-build on: push: branches: - 'main' - 'release*' permissions: contents: read packages: write id-token: write jobs: pre-checks: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 with: go-version: 1.18 - name: Cache Go modules uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # pin@v3 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: gofmt check run: | if [ "$(gofmt -s -l . | wc -l)" -ne 0 ] then echo "The following files were found to be not go formatted:" gofmt -s -l . echo "Please run 'make fmt' to go format the above files." exit 1 fi - name: goimports run: | if [ "$(goimports -l . | wc -l)" -ne 0 ] then echo "The following files were found to have import formatting issues:" goimports -l -l . echo "Please run 'make fmt' to go format the above files." exit 1 fi - name: golangci-lint uses: reviewdog/action-golangci-lint@02bcf8c1a9febe8620f1ca523b18dd64f82296db # v1.25.0 - name: Checking unused pkgs using go mod tidy run: | make unused-package-check build-init-kyverno: runs-on: ubuntu-latest needs: pre-checks steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 with: go-version: 1.18 - name: Cache Go modules uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # pin@v3 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: ko build run: make ko-build-kyvernopre build-kyverno: runs-on: ubuntu-latest needs: pre-checks steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 with: go-version: 1.18 - name: Cache Go modules uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # pin@v3 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: ko build run: make ko-build-kyverno - name: Trivy Scan Image uses: aquasecurity/trivy-action@40c4ca9e7421287d0c5576712fdff370978f9c3c with: scan-type: 'fs' ignore-unfixed: true format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' build-kyverno-cli: runs-on: ubuntu-latest needs: pre-checks steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 with: go-version: 1.18 - name: Cache Go modules uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # pin@v3 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: ko build run: make ko-build-cli