This repository has been archived by the owner on Jun 26, 2024. It is now read-only.
Bump github/codeql-action from 2 to 3 #2421
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR checks | |
on: | |
pull_request: | |
branches: | |
- master | |
- 'release-v**.x' | |
env: | |
GO111MODULE: on | |
SDK_VERSION: "1.17.0" | |
MINIKUBE_WANTUPDATENOTIFICATION: false | |
MINIKUBE_WANTREPORTERRORPROMPT: false | |
K8S_VERSION: "1.21.3" | |
MINIKUBE_VERSION: "1.26.0" | |
OLM_VERSION: "0.22.0" | |
TEST_ACCEPTANCE_CLI: "kubectl" | |
TEST_RESULTS: "out/acceptance-tests" | |
jobs: | |
lint: | |
name: Code Quality | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "^1.18" | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
architecture: "x64" | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Run linters | |
run: make lint | |
unit: | |
name: Unit Tests with Code coverage | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "^1.18" | |
- name: Checkout Git Repository | |
uses: actions/checkout@v4 | |
- name: Unit Tests with Code Coverage | |
run: | | |
make test | |
- name: Upload Code Coverage Report | |
uses: codecov/codecov-action@v3 | |
with: | |
file: cover.out | |
verbose: true | |
fail_ci_if_error: true | |
acceptance: | |
name: Acceptance Tests with Kubernetes and using OLM | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 90 | |
env: | |
EXTRA_BEHAVE_ARGS: "--tags=~@knative --tags=~@openshift --tags=~@examples --tags=~@supported-operator --tags=~@optional-annotations --tags=~@workload-resource-mapping --tags=~@upgrade-with-olm --tags=~@disable-github-actions" | |
TEST_RUN: Acceptance_tests_Kubernetes_with_OLM | |
steps: | |
- name: Checkout Git Repository | |
uses: actions/checkout@v4 | |
- name: Check if acceptance tests can be skipped | |
id: check-skip-acceptance | |
uses: ./.github/actions/check-skip-acceptance-tests | |
- name: Set up Python | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
architecture: "x64" | |
- name: Setup-cli | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: ./.github/actions/setup-cli | |
with: | |
start-minikube: true | |
- name: Wait for push | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
check-name: "Push operator images (PR)" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
wait-interval: 60 | |
- name: Extract image references | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: pmacik/action-download-multiple-artifacts@node16 | |
with: | |
names: operator-refs-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}} | |
- name: Acceptance tests | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
timeout-minutes: 60 | |
run: | | |
source ./operator.refs | |
export CATSRC_NAME=sbo-pr-checks | |
make SKIP_REGISTRY_LOGIN=true -o registry-login test-acceptance-with-bundle | |
- name: Collect Kube resources | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
continue-on-error: true | |
uses: ./.github/actions/collect-kube-resources | |
with: | |
operator-namespace: operators | |
olm-namespace: olm | |
test-namespace-file: out/test-namespace | |
output-path: ${{env.TEST_RESULTS}} | |
- name: Setup Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: testspace-com/setup-testspace@v1 | |
with: | |
domain: ${{ github.repository_owner }} | |
- name: Publish tests results to Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
run: | | |
testspace [${{ env.TEST_RUN }}]${{ env.TEST_RESULTS }}/TEST*.xml | |
- uses: actions/upload-artifact@v3 | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
with: | |
name: kubernetes-with-olm-test-results | |
path: ${{ env.TEST_RESULTS }} | |
acceptance-optional-annotations: | |
name: Optional Annotations Acceptance Tests with Kubernetes and using OLM | |
runs-on: ubuntu-20.04 | |
env: | |
EXTRA_BEHAVE_ARGS: "--tags=@optional-annotations --tags=~@disable-github-actions" | |
TEST_RUN: Optional_Annotations_Acceptance_tests_Kubernetes_with_OLM | |
steps: | |
- name: Checkout Git Repository | |
uses: actions/checkout@v4 | |
- name: Check if acceptance tests can be skipped | |
id: check-skip-acceptance | |
uses: ./.github/actions/check-skip-acceptance-tests | |
- name: Set up Python | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
architecture: "x64" | |
- name: Setup-cli | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: ./.github/actions/setup-cli | |
with: | |
start-minikube: true | |
- name: Wait for push | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
check-name: "Push operator images (PR)" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
wait-interval: 60 | |
- name: Extract image references | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: pmacik/action-download-multiple-artifacts@node16 | |
with: | |
names: operator-refs-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}} | |
- name: Acceptance tests | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
timeout-minutes: 60 | |
run: | | |
source ./operator.refs | |
export CATSRC_NAME=sbo-pr-checks | |
make SKIP_REGISTRY_LOGIN=true -o registry-login test-acceptance-with-bundle | |
- name: Collect Kube resources | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
continue-on-error: true | |
uses: ./.github/actions/collect-kube-resources | |
with: | |
operator-namespace: operators | |
olm-namespace: olm | |
test-namespace-file: out/test-namespace | |
output-path: ${{env.TEST_RESULTS}} | |
- name: Setup Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: testspace-com/setup-testspace@v1 | |
with: | |
domain: ${{ github.repository_owner }} | |
- name: Publish tests results to Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
run: | | |
testspace [${{ env.TEST_RUN }}]${{ env.TEST_RESULTS }}/TEST*.xml | |
- uses: actions/upload-artifact@v3 | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
with: | |
name: optional-annotations | |
path: ${{ env.TEST_RESULTS }} | |
acceptance-supported-operators: | |
name: Supported Operators Acceptance Tests with Kubernetes and using OLM | |
runs-on: ubuntu-20.04 | |
env: | |
EXTRA_BEHAVE_ARGS: "--tags=@supported-operator --tags=~@disable-github-actions" | |
TEST_RUN: Supported_Operators_Acceptance_tests_Kubernetes_with_OLM | |
DELETE_NAMESPACE: never | |
steps: | |
- name: Checkout Git Repository | |
uses: actions/checkout@v4 | |
- name: Check if acceptance tests can be skipped | |
id: check-skip-acceptance | |
uses: ./.github/actions/check-skip-acceptance-tests | |
- name: Set up Python | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
architecture: "x64" | |
- name: Setup-cli | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: ./.github/actions/setup-cli | |
with: | |
start-minikube: true | |
- name: Wait for push | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
check-name: "Push operator images (PR)" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
wait-interval: 60 | |
- name: Extract image references | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: pmacik/action-download-multiple-artifacts@node16 | |
with: | |
names: operator-refs-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}} | |
- name: Acceptance tests | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
timeout-minutes: 60 | |
run: | | |
source ./operator.refs | |
export CATSRC_NAME=sbo-pr-checks | |
make SKIP_REGISTRY_LOGIN=true -o registry-login test-acceptance-with-bundle | |
- name: Collect Kube resources | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
continue-on-error: true | |
uses: ./.github/actions/collect-kube-resources | |
with: | |
operator-namespace: operators | |
olm-namespace: olm | |
test-namespace-file: out/test-namespace | |
output-path: ${{env.TEST_RESULTS}} | |
- name: Setup Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: testspace-com/setup-testspace@v1 | |
with: | |
domain: ${{ github.repository_owner }} | |
- name: Publish tests results to Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
run: | | |
testspace [${{ env.TEST_RUN }}]${{ env.TEST_RESULTS }}/TEST*.xml | |
- uses: actions/upload-artifact@v3 | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
with: | |
name: supported-operators-kubernetes | |
path: ${{ env.TEST_RESULTS }} | |
acceptance-workload-resource-mapping: | |
name: Workload Resource Mapping Acceptance Tests with Kubernetes and using OLM | |
runs-on: ubuntu-20.04 | |
env: | |
EXTRA_BEHAVE_ARGS: "--tags=@workload-resource-mapping --tags=~@disable-github-actions" | |
TEST_RUN: Workload_Resource_Mapping_Acceptance_tests_Kubernetes_with_OLM | |
steps: | |
- name: Checkout Git Repository | |
uses: actions/checkout@v4 | |
- name: Check if acceptance tests can be skipped | |
id: check-skip-acceptance | |
uses: ./.github/actions/check-skip-acceptance-tests | |
- name: Set up Python | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
architecture: "x64" | |
- name: Setup-cli | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: ./.github/actions/setup-cli | |
with: | |
start-minikube: true | |
- name: Wait for push | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
check-name: "Push operator images (PR)" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
wait-interval: 60 | |
- name: Extract image references | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: pmacik/action-download-multiple-artifacts@node16 | |
with: | |
names: operator-refs-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}} | |
- name: Acceptance tests | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
timeout-minutes: 60 | |
run: | | |
source ./operator.refs | |
export CATSRC_NAME=sbo-pr-checks | |
make SKIP_REGISTRY_LOGIN=true -o registry-login test-acceptance-with-bundle | |
- name: Collect Kube resources | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
continue-on-error: true | |
uses: ./.github/actions/collect-kube-resources | |
with: | |
operator-namespace: operators | |
olm-namespace: olm | |
test-namespace-file: out/test-namespace | |
output-path: ${{env.TEST_RESULTS}} | |
- name: Setup Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: testspace-com/setup-testspace@v1 | |
with: | |
domain: ${{ github.repository_owner }} | |
- name: Publish tests results to Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
run: | | |
testspace [${{ env.TEST_RUN }}]${{ env.TEST_RESULTS }}/TEST*.xml | |
- uses: actions/upload-artifact@v3 | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
with: | |
name: workload-resource-mapping | |
path: ${{ env.TEST_RESULTS }} | |
acceptance-upgrade-with-olm: | |
name: Acceptance Tests for upgrading SBO with OLM on Kubernetes | |
runs-on: ubuntu-20.04 | |
env: | |
EXTRA_BEHAVE_ARGS: "--tags=@upgrade-with-olm --tags=~@disable-github-actions" | |
TEST_RUN: Acceptance_tests_Upgrade_with_OLM | |
steps: | |
- name: Checkout Git Repository | |
uses: actions/checkout@v4 | |
- name: Check if acceptance tests can be skipped | |
id: check-skip-acceptance | |
uses: ./.github/actions/check-skip-acceptance-tests | |
- name: Set up Python | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
architecture: "x64" | |
- name: Setup-cli | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: ./.github/actions/setup-cli | |
with: | |
start-minikube: true | |
- name: Install OLM | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
timeout-minutes: 10 | |
run: | | |
kubectl get crd clusterserviceversions.operators.coreos.com || curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v${OLM_VERSION}/install.sh | bash -s v${OLM_VERSION} | |
- name: Wait for push | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
check-name: "Push operator images (PR)" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
wait-interval: 60 | |
- name: Extract image references | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: pmacik/action-download-multiple-artifacts@node16 | |
with: | |
names: operator-refs-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}} | |
- name: Acceptance tests | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
timeout-minutes: 60 | |
run: | | |
source ./operator.refs | |
export PATH=$PATH:$(pwd)/bin | |
make opm yq | |
source ./hack/upgrade-sbo-env.sh | |
make SKIP_REGISTRY_LOGIN=true -o registry-login test-acceptance | |
- name: Collect Kube resources | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
continue-on-error: true | |
uses: ./.github/actions/collect-kube-resources | |
with: | |
operator-namespace: operators | |
olm-namespace: olm | |
test-namespace-file: out/test-namespace | |
output-path: ${{env.TEST_RESULTS}} | |
- name: Setup Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
uses: testspace-com/setup-testspace@v1 | |
with: | |
domain: ${{ github.repository_owner }} | |
- name: Publish tests results to Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
run: | | |
testspace [${{ env.TEST_RUN }}]${{ env.TEST_RESULTS }}/TEST*.xml | |
- uses: actions/upload-artifact@v3 | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
with: | |
name: upgrade-with-olm | |
path: ${{ env.TEST_RESULTS }} | |
acceptance_without_olm: | |
name: Acceptance tests running on Kubernetes without using OLM | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 90 | |
env: | |
EXTRA_BEHAVE_ARGS: "--tags=~@knative --tags=~@openshift --tags=~@olm --tags=~@disable-github-actions" | |
TEST_RUN: Acceptance_tests_Kubernetes_without_OLM | |
UMOCI_VERSION: "0.4.5" | |
steps: | |
- name: Checkout Git Repository | |
uses: actions/checkout@v4 | |
- name: Check if acceptance tests can be skipped | |
id: check-skip-acceptance | |
uses: ./.github/actions/check-skip-acceptance-tests | |
- name: Set up Python | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
architecture: "x64" | |
- name: Set up CLI | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: ./.github/actions/setup-cli | |
with: | |
start-minikube: true | |
- name: Set up Go | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "^1.16" | |
- name: Setup umoci cli | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
run: | | |
curl -Lo umoci https://github.com/opencontainers/umoci/releases/download/v${UMOCI_VERSION}/umoci.amd64 | |
chmod +x umoci | |
mv -v umoci $GITHUB_WORKSPACE/bin/ | |
- name: Wait for push | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
check-name: "Push operator images (PR)" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
wait-interval: 60 | |
- name: Extract image references | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: pmacik/action-download-multiple-artifacts@node16 | |
with: | |
names: operator-refs-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}} | |
- name: Acceptance tests against vanilla k8s without OLM | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
timeout-minutes: 60 | |
run: | | |
source ./operator.refs | |
eval $(minikube docker-env) | |
make release-manifests deploy-cert-manager | |
kubectl apply -f out/release.yaml | |
kubectl rollout status -n service-binding-operator deploy/service-binding-operator -w --timeout=120s | |
make TEST_ACCEPTANCE_START_SBO=remote test-acceptance | |
- name: Collect Kube resources | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
continue-on-error: true | |
uses: ./.github/actions/collect-kube-resources | |
with: | |
operator-namespace: service-binding-operator | |
test-namespace-file: out/test-namespace | |
output-path: ${{env.TEST_RESULTS}} | |
- name: Setup Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
uses: testspace-com/setup-testspace@v1 | |
with: | |
domain: ${{ github.repository_owner }} | |
- name: Publish tests results to Testspace | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' }} | |
run: | | |
testspace [${{ env.TEST_RUN }}]${{ env.TEST_RESULTS }}/TEST*.xml | |
- uses: actions/upload-artifact@v3 | |
if: ${{ steps.check-skip-acceptance.outputs.can_skip != 'true' && always() }} | |
with: | |
name: kubernetes-without-olm-test-results | |
path: ${{ env.TEST_RESULTS }} | |
single-commit: | |
name: Single commit PR | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout Git Repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Verify number of commits in the PR is 1 | |
run: | | |
COMMIT_COUNT="$(git log --oneline ${{github.event.pull_request.base.sha}}..${{github.event.pull_request.head.sha}} | wc -l)" | |
if ! [ $COMMIT_COUNT -eq 1 ]; then | |
echo "Number of commits in the PR ($COMMIT_COUNT) must not be greater than one." | |
echo "Please squash all PR commits into a single one (https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History#_squashing)" | |
exit 1 | |
fi | |
security-scan: | |
name: Security vulnerability scan | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Wait for push | |
uses: lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
check-name: "Push operator images (PR)" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
wait-interval: 60 | |
- name: Download image references | |
uses: pmacik/action-download-multiple-artifacts@node16 | |
with: | |
names: operator-refs-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}} | |
- name: Extract operator image ref | |
id: operator-image-ref | |
run: | | |
source ./operator.refs | |
echo "operator-image-ref=${OPERATOR_IMAGE_REF}" >> $GITHUB_OUTPUT | |
- name: Run Trivy vulnerability scanner in IaC mode | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: ${{ steps.operator-image-ref.outputs.operator-image-ref }} | |
format: 'sarif' | |
ignore-unfixed: true | |
output: 'trivy-results.sarif' | |
severity: CRITICAL,HIGH,UNKNOWN | |
- name: Upload Trivy scan results to GitHub Security tab | |
if: always() | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
source-scan: | |
name: Gosec code scanning | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Run gosec | |
uses: securego/[email protected] | |
with: | |
args: '-no-fail -fmt sarif -out gosec.sarif ./...' | |
- name: Upload gosec scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'gosec.sarif' |