Release v0.8.0 #286
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test & Build | |
on: | |
pull_request: | |
branches: | |
- 'main' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
permissions: | |
contents: read # for actions/checkout to fetch code | |
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests | |
checks: write # for golangci/golangci-lint-action to annotate Pull Requests | |
name: Lint Go code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Setup Golang | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: go.mod | |
- name: Run golangci-lint | |
uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 | |
with: | |
version: v1.54 | |
args: --timeout 10m --exclude SA5011 --verbose --issues-exit-code=0 | |
only-new-issues: true | |
govulncheck: | |
runs-on: ubuntu-latest | |
name: Run govulncheck | |
steps: | |
- id: govulncheck | |
uses: golang/govulncheck-action@v1 | |
with: | |
go-version-file: go.mod | |
go-package: ./... | |
test: | |
name: Run unit tests for Go packages | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 # v3.5.3 | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: go.mod | |
- name: Download and required packages | |
run: | | |
make deps | |
- name: Run all unit tests | |
run: make test | |
- name: Check test coverage | |
run: | | |
go install github.com/vladopajic/go-test-coverage/v2@latest | |
go-test-coverage --config=./.testcoverage.yml | |
- name: Generate code coverage artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: code-coverage | |
path: coverage.out | |
build: | |
needs: | |
- test | |
- lint | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- linux/amd64 | |
- linux/arm64 | |
name: Build Images | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
platforms: ${{ matrix.platform }} | |
- name: Build Images | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
platforms: ${{ matrix.platform }} | |
load: true | |
push: false | |
tags: quay.io/jetstack/version-checker:${{github.sha}} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@0.19.0 | |
with: | |
image-ref: 'quay.io/jetstack/version-checker:${{github.sha}}' | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' |