From b48a3471dc1b7f2ebc00a0c565d7a67437647e9f Mon Sep 17 00:00:00 2001 From: shaynafinocchiaro Date: Wed, 2 Oct 2024 11:03:30 -0400 Subject: [PATCH] Call reusable action for go version updates (#715) * add workflow * Update actions.yml * update container scan * update container scan --- .github/containerscan/allowedlist.yaml | 11 ----------- .github/workflows/.trivyignore | 8 ++++++++ .github/workflows/actions.yml | 14 +++++++------- .github/workflows/go-version.yaml | 22 ++++++++++++++++++++++ 4 files changed, 37 insertions(+), 18 deletions(-) delete mode 100644 .github/containerscan/allowedlist.yaml create mode 100644 .github/workflows/.trivyignore create mode 100644 .github/workflows/go-version.yaml diff --git a/.github/containerscan/allowedlist.yaml b/.github/containerscan/allowedlist.yaml deleted file mode 100644 index f1b933e34..000000000 --- a/.github/containerscan/allowedlist.yaml +++ /dev/null @@ -1,11 +0,0 @@ -general: - vulnerabilities: - # list of CVEs that are currently unfixed - bestPracticeViolations: - # list of best practies violatied that needs a fix - - CIS-DI-0009 - - DKL-DI-0006 - - CIS-DI-0005 - - CIS-DI-0006 - - CIS-DI-0008 - - DKL-LI-0003 diff --git a/.github/workflows/.trivyignore b/.github/workflows/.trivyignore new file mode 100644 index 000000000..33c44587f --- /dev/null +++ b/.github/workflows/.trivyignore @@ -0,0 +1,8 @@ +# list of CVEs that are currently unfixed +# list of best practies violatied that needs a fix +CIS-DI-0009 +DKL-DI-0006 +CIS-DI-0005 +CIS-DI-0006 +CIS-DI-0008 +DKL-LI-0003 diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index c889fceec..960ee5d62 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -64,8 +64,7 @@ jobs: env: BASE_IMG: ubuntu:latest steps: - - name: Set up Go 1.22+ - uses: actions/setup-go@v5 + - uses: actions/setup-go@v5 with: go-version: ^1.22 id: go @@ -80,9 +79,10 @@ jobs: podman save docker.io/library/csm-operator -o /tmp/csm-operator.tar docker load -i /tmp/csm-operator.tar - name: Scan controller Image - uses: Azure/container-scan@v0 - env: - DOCKLE_HOST: "unix:///var/run/docker.sock" + uses: aquasecurity/trivy-action@0.24.0 with: - image-name: csm-operator - severity-threshold: HIGH + image-ref: csm-operator:latest + severity: 'HIGH' + ignore-unfixed: true + exit-code: '1' + trivyignores: '.github/workflows/.trivyignore' diff --git a/.github/workflows/go-version.yaml b/.github/workflows/go-version.yaml new file mode 100644 index 000000000..1ba387eae --- /dev/null +++ b/.github/workflows/go-version.yaml @@ -0,0 +1,22 @@ +# Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 + +# Reusable workflow to perform go version update on Golang based projects +name: Go Version Update + +on: + workflow_dispatch: + repository_dispatch: + types: [go-update-workflow] + +jobs: + # go version update + go-version-update: + uses: dell/common-github-actions/.github/workflows/go-version-workflow.yaml@main + name: Go Version Update + secrets: inherit