Create kubeconfig detector #10183
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test | |
on: | |
push: | |
tags: | |
- v* | |
branches: | |
- main | |
pull_request: | |
jobs: | |
test: | |
if: ${{ github.repository == 'trufflesecurity/trufflehog' && !github.event.pull_request.head.repo.fork }} | |
runs-on: ubuntu-latest | |
permissions: | |
actions: "read" | |
contents: "read" | |
id-token: "write" | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23" | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- id: "auth" | |
uses: "google-github-actions/auth@v2" | |
with: | |
workload_identity_provider: "projects/811013774421/locations/global/workloadIdentityPools/github-pool/providers/github-provider" | |
service_account: "github-ci-external@trufflehog-testing.iam.gserviceaccount.com" | |
- name: Set up gotestsum | |
run: | | |
go install gotest.tools/gotestsum@latest | |
mkdir -p tmp/test-results | |
- name: Test | |
run: | | |
CGO_ENABLED=1 gotestsum --junitfile tmp/test-results/test.xml --raw-command -- go test -json -tags=sources $(go list ./... | grep -v /vendor/ | grep -v pkg/detectors | grep -v pkg/analyzer/analyzers) | |
if: ${{ success() || failure() }} # always run this step, even if there were previous errors | |
- name: Upload test results to BuildPulse for flaky test detection | |
if: ${{ !cancelled() }} # Run this step even when the tests fail. Skip if the workflow is cancelled. | |
uses: buildpulse/buildpulse-action@main | |
with: | |
account: 79229934 | |
repository: 77726177 | |
path: | | |
tmp/test-results/*.xml | |
key: ${{ secrets.BUILDPULSE_ACCESS_KEY_ID }} | |
secret: ${{ secrets.BUILDPULSE_SECRET_ACCESS_KEY }} | |
tags: integration | |
- name: Annotate test results | |
uses: mikepenz/action-junit-report@v5 | |
if: success() || failure() # always run even if the previous step fails | |
with: | |
report_paths: "tmp/test-results/*.xml" | |
test-community: | |
if: ${{ github.event.pull_request.head.repo.fork }} | |
runs-on: ubuntu-latest | |
permissions: | |
actions: "read" | |
contents: "read" | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23" | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Test | |
run: make test-community |