name: image-build on: push: branches: - 'main' - 'release*' permissions: contents: read packages: write id-token: write jobs: pre-checks: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 with: go-version: 1.17 - name: Cache Go modules uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: gofmt check run: | if [ "$(gofmt -s -l . | wc -l)" -ne 0 ] then echo "The following files were found to be not go formatted:" gofmt -s -l . echo "Please run 'make fmt' to go format the above files." exit 1 fi - name: goimports run: | if [ "$(goimports -l . | wc -l)" -ne 0 ] then echo "The following files were found to have import formatting issues:" goimports -l -l . echo "Please run 'make fmt' to go format the above files." exit 1 fi - name: golangci-lint uses: reviewdog/action-golangci-lint@02bcf8c1a9febe8620f1ca523b18dd64f82296db # v1.25.0 - name: Checking unused pkgs using go mod tidy run: | make unused-package-check build-init-kyverno: runs-on: ubuntu-latest needs: pre-checks steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 with: go-version: 1.17 - name: Cache Go modules uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: Set up QEMU uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # v1.2.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0 id: buildx with: install: true - name: docker images build run: | make docker-build-initContainer build-kyverno: runs-on: ubuntu-latest needs: pre-checks steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 with: go-version: 1.17 - name: Cache Go modules uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: Set up QEMU uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # v1.2.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0 id: buildx with: install: true - name: docker images build run: | make docker-build-kyverno - name: Trivy Scan Image uses: aquasecurity/trivy-action@master with: scan-type: 'fs' ignore-unfixed: true format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' build-kyverno-cli: runs-on: ubuntu-latest needs: pre-checks steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5 with: go-version: 1.17 - name: Cache Go modules uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: Set up QEMU uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # v1.2.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0 id: buildx with: install: true - name: docker images build run: | make docker-build-cli