Test

Feature/arm64 (#1) #55

Workflow file for this run

	on: [push, pull_request]
	name: Test
	jobs:
	test:
	strategy:
	matrix:
	platform: [ubuntu-latest, macos-latest]
	runs-on: ${{ matrix.platform }}
	steps:

	- name: Checkout code
	uses: actions/checkout@v4

	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: './go.mod'
	- name: Test
	run: go test ./...

	trivy-scan-fs:
	name: Trivy - scan fs
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Run Trivy vulnerability scanner in fs mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	ignore-unfixed: true
	severity: 'MEDIUM,CRITICAL,HIGH' #report all severities
	exit-code: '1'
	format: 'table'

	docker:
	name: Docker Build

	runs-on: ubuntu-latest

	if: github.ref == 'refs/heads/master' && github.repository == 'daspawnw/k8s-node-label'
	needs:
	- test
	- trivy-scan-fs

	steps:
	- uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build and push
	id: docker_build
	uses: docker/build-push-action@v5
	with:
	push: true
	tags: daspawnw/k8s-node-label:latest

	docker-forks:
	name: Docker Build (forks)
	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	if: github.ref != 'daspawnw/k8s-node-label'
	needs:
	- test
	- trivy-scan-fs

	steps:
	- uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log into registry ${{ env.REGISTRY }}
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract Docker metadata
	id: meta
	uses: docker/metadata-action@v4
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	- name: Build and push Docker image
	id: build-and-push
	uses: docker/build-push-action@v5
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	build-args: ${{ format('RELEASE_VERSION={0}', github.ref_name) }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	if: ${{ github.event_name != 'pull_request' }}
	with:
	image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
	format: 'table'
	ignore-unfixed: true
	exit-code: 1
	severity: 'MEDIUM,CRITICAL,HIGH'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature/arm64 (#1) #55

Workflow file

Feature/arm64 (#1) #55

Jobs

Run details

Workflow file for this run