mirror of
https://github.com/kyverno/policy-reporter.git
synced 2024-12-14 11:57:32 +00:00
94c99152d5
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](6e7b7d1fd3...f781cce5aa)
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
89 lines
No EOL
2.5 KiB
YAML
89 lines
No EOL
2.5 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
paths-ignore:
|
|
- README.md
|
|
- charts/**
|
|
- manifest/**
|
|
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
coverage:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.2.0
|
|
with:
|
|
go-version-file: go.mod
|
|
cache-dependency-path: go.sum
|
|
|
|
- name: Check go.mod
|
|
run: |
|
|
set -e
|
|
go mod tidy && git diff --exit-code
|
|
|
|
- name: Check code format
|
|
run: |
|
|
set -e
|
|
make fmt
|
|
git diff --exit-code
|
|
|
|
- name: Calc coverage
|
|
run: make coverage
|
|
|
|
- name: Convert coverage to lcov
|
|
uses: jandelgado/gcov2lcov-action@c680c0f7c7442485f1749eb2a13e54a686e76eb5 #v1.0.9
|
|
|
|
- name: Coveralls
|
|
uses: coverallsapp/github-action@643bc377ffa44ace6394b2b5d0d3950076de9f63 # v2.3.0
|
|
with:
|
|
github-token: ${{ secrets.github_token }}
|
|
file: coverage.lcov
|
|
|
|
trivy-scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.2.0
|
|
with:
|
|
go-version-file: go.mod
|
|
cache-dependency-path: go.sum
|
|
|
|
- name: Run Trivy vulnerability scanner in repo mode
|
|
uses: aquasecurity/trivy-action@f781cce5aab226378ee181d764ab90ea0be3cdd8 # v0.25.0
|
|
with:
|
|
scan-type: 'fs'
|
|
ignore-unfixed: true
|
|
format: 'sarif'
|
|
output: 'trivy-results.sarif'
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
check-actions:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
|
|
- name: Ensure SHA pinned actions
|
|
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@40ba2d51b6b6d8695f2b6bd74e785172d4f8d00f # v3.0.14
|
|
with:
|
|
# slsa-github-generator requires using a semver tag for reusable workflows.
|
|
# See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
|
|
allowlist: |
|
|
slsa-framework/slsa-github-generator |