Bump com.amazonaws:aws-java-sdk-s3 from 1.12.528 to 1.12.533 in /sda-sftp-inbox #387
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build PR container | |
| on: | |
| pull_request: | |
| paths-ignore: | |
| - ".github/**" | |
| - ".gitignore" | |
| - "**/README.md" | |
| env: | |
| PR_NUMBER: ${{ github.event.number }} | |
| jobs: | |
| build_go_images: | |
| name: Build PR image (golang) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Github Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build container for sda-auth | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./sda-auth | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-auth | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-auth | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Build container for sda-download | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./sda-download | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-download | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-download | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Build container for sda-pipeline | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./sda-pipeline | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-pipeline | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-pipeline | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Build container for sensitive-data-archive | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./sda | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }} | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }} | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| build_server_images: | |
| name: Build PR image (servers) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Github Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build container for postgres | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./postgresql | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-postgres | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-postgres | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Build container for rabbitmq | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./rabbitmq | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-rabbitmq | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-rabbitmq | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner on postgres | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-postgres | |
| format: "sarif" | |
| hide-progress: true | |
| ignore-unfixed: true | |
| output: 'postgres-results.sarif' | |
| severity: "CRITICAL,HIGH" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'postgres-results.sarif' | |
| category: postgres | |
| - name: Run Trivy vulnerability scanner on rabbitmq | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-rabbitmq | |
| format: "sarif" | |
| hide-progress: true | |
| ignore-unfixed: true | |
| output: 'rabbitmq-results.sarif' | |
| severity: "CRITICAL,HIGH" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'rabbitmq-results.sarif' | |
| category: rabbitmq | |
| build_java_images: | |
| name: Build PR image (java) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Github Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build container for sda-sftp-inbox | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./sda-sftp-inbox | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-sftp-inbox | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-sftp-inbox | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner on sftp-inbox | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-sftp-inbox | |
| format: "sarif" | |
| hide-progress: true | |
| ignore-unfixed: true | |
| output: 'inbox-results.sarif' | |
| severity: "CRITICAL,HIGH" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'inbox-results.sarif' | |
| category: sftp-inbox | |
| rabbitmq: | |
| needs: | |
| - build_go_images | |
| - build_server_images | |
| name: rabbitmq-federation-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| - name: Test rabbitmq federation | |
| run: docker compose -f .github/integration/rabbitmq-federation.yml run federation_test | |
| postgres: | |
| needs: | |
| - build_server_images | |
| name: postgres-test-suite | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| - name: Test postgres | |
| run: docker compose -f .github/integration/postgres.yml run tests | |
| sda: | |
| needs: | |
| - build_go_images | |
| - build_server_images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| - name: Test sensitive-data-archive | |
| run: docker compose -f .github/integration/sda-integration.yml run integration_test |