Build(deps): Bump golang.org/x/net from 0.27.0 to 0.28.0 #610
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - "main" | |
| tags: | |
| - "*" | |
| pull_request: {} | |
| release: | |
| types: | |
| - published | |
| name: CI Build & Test | |
| jobs: | |
| review-go: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: "go.mod" | |
| - name: check if go.mod and go.sum are tidy | |
| run: make depscheck | |
| - name: check code format | |
| run: make fmtcheck | |
| - name: check code quality | |
| run: make go-lint | |
| review-docker: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: reviewdog/action-hadolint@v1 | |
| with: | |
| reporter: github-pr-review | |
| level: info | |
| filter_mode: file | |
| tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: "go.mod" | |
| - name: run unit tests | |
| run: make test | |
| - name: upload coverage | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: unit-coverage | |
| path: coverage.out | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - review-go | |
| - review-docker | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # try to log into our Harbor, but continue without pushing when secrets | |
| # not available (e.g. when PR from a fork or dependabot). Sadly, the | |
| # secrets context is not available in jobs/steps.if but we copy the | |
| # HARBOR_USER secret into the environment and check that instead. | |
| - uses: docker/login-action@v3 | |
| id: docker_login | |
| env: | |
| HARBOR_USER: ${{ secrets.HARBOR_USER }} | |
| if: ${{ env.HARBOR_USER != null }} | |
| with: | |
| username: ${{ secrets.HARBOR_USER }} | |
| password: ${{ secrets.HARBOR_SECRET }} | |
| registry: anx-cr.io | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| anx-cr.io/anexia/csi-driver | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v6 | |
| id: docker_build | |
| with: | |
| push: ${{ steps.docker_login.outcome == 'success' }} | |
| build-args: version=${{ github.ref_type == 'tag' && github.ref_name || github.sha }} | |
| tags: | | |
| ${{ steps.meta.outputs.tags }} | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ steps.docker_build.outputs.imageid }} | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| upload-results: | |
| needs: tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| - uses: paambaati/codeclimate-action@v8.0.0 | |
| env: | |
| CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} | |
| with: | |
| prefix: github.com/anexia/csi-driver | |
| coverageLocations: | | |
| ${{ github.workspace }}/unit-coverage/coverage.out:gocov |