update(spire-agent): upgrade dependency packages #28

Workflow file for this run

.github/workflows/spire-agent-action.yaml at b359a39

	name: spire-agent workflow
	on:
	push:
	tags:
	- "v[0-9]+.[0-9]+.[0-9]+"
	- "v[0-9]+.[0-9]+.[0-9]+-*"
	pull_request_target:
	branches:
	- "*"
	env:
	GO_VERSION: 1.20.1
	REPO: 956994857092.dkr.ecr.us-east-2.amazonaws.com
	IMAGE_NAME: spire-agent
	CHART_NAME: spire-agent
	CHART_PATH: ./spire-agent-chart
	CHART_REVISION_NAME: spire-agent
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }}
	AWS_REGION: us-east-2
	permissions:
	contents: read

	jobs:
	tag-validate:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/v')
	steps:
	- uses: rubenesp87/[email protected]
	with:
	version: ${{ github.ref_name }}

	cache-deps:
	name: cache-deps (linux)
	runs-on: ubuntu-20.04

	permissions:
	contents: read

	steps:
	- name: Checkout
	uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/[email protected]
	- name: Setup go
	uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/[email protected]
	with:
	go-version: ${{ env.GO_VERSION }}
	- name: Set git token
	run: git remote set-url origin https://${{ secrets.V_GIT_KEY }}@github.com/accuknox/spire.git
	- name: Update submodules
	run: git submodule update --init --recursive
	- name: Setup dep cache
	uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/[email protected]
	with:
	path: ~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	- name: Pull go deps
	run: go mod download

	artifacts:
	name: artifacts (linux)
	runs-on: ubuntu-20.04
	needs: [cache-deps]

	permissions:
	contents: read

	steps:
	- name: Checkout
	uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/[email protected]
	- name: Setup go
	uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/[email protected]
	with:
	go-version: ${{ env.GO_VERSION }}
	- name: Load cached deps
	uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/[email protected]
	with:
	path: ~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	- name: Load cached build tools
	uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/[email protected]
	with:
	path: .build
	key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }}
	- name: Build artifacts
	run: ./.github/workflows/scripts/build_artifacts.sh

	images:
	name: images (linux)
	runs-on: ubuntu-20.04
	needs: [cache-deps]

	permissions:
	contents: read

	steps:
	- name: Checkout
	uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/[email protected]
	- name: Setup go
	uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/[email protected]
	with:
	go-version: ${{ env.GO_VERSION }}
	- name: Load cached deps
	uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/[email protected]
	with:
	path: ~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	- name: Load cached build tools
	uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/[email protected]
	with:
	path: .build
	key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }}
	- name: Set up QEMU
	uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # ratchet:docker/[email protected]
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # ratchet:docker/[email protected]
	- name: download regctl
	run: \|
	curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
	chmod 755 regctl
	mv regctl /usr/bin
	whereis regctl
	- name: Build spire-agent-image
	run: make spire-agent-image
	- name: load spire-agent-image
	run: make load-images
	- name: Tag docker images
	run: docker image tag ${{ env.IMAGE_NAME }}:latest ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}

	docker-image-scan:
	runs-on: ubuntu-latest
	needs: [tag-validate]
	if: always() && !contains(needs.tag-validate.result, 'failure')
	steps:
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
	output: ./trivy-results
	severity: CRITICAL,HIGH
	exit-code: 0

	docker-image-push:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/v')
	needs: [docker-image-scan, helm-chart-validate]
	steps:
	- name: Login to ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v1
	- name: Docker push to ECR
	shell: bash
	run: docker push ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}

	helm-chart-validate:
	runs-on: ubuntu-latest
	needs: [tag-validate]
	if: always() && !contains(needs.version-validation.result, 'failure')
	steps:
	- name: Checkout source
	uses: accuknox/common-gh-actions/actions/checkout-source@main
	- name: Validate helm chart
	uses: accuknox/common-gh-actions/actions/helm-check@main
	with:
	chart-path: ${{ env.CHART_PATH }}
	revision-name: ${{ env.CHART_REVISION_NAME }}

	helm-chart-push:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/v')
	needs: [docker-image-push]
	steps:
	- name: Checkout source
	uses: accuknox/common-gh-actions/actions/checkout-source@main
	- name: Push helm chart to ECR
	uses: accuknox/common-gh-actions/actions/helm-push@main
	with:
	chart-path: ${{ env.CHART_PATH }}
	version: ${{ github.ref_name }}
	ecr-region: ${{ env.AWS_REGION }}
	ecr-repo: ${{ env.REPO }}

	success:
	runs-on: ubuntu-20.04
	needs: [artifacts]
	permissions:
	contents: read
	steps:
	- name: Declare victory!
	run: echo "# Successful" >> $GITHUB_STEP_SUMMARY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update(spire-agent): upgrade dependency packages #28

Workflow file

update(spire-agent): upgrade dependency packages #28

Jobs

Run details

Workflow file for this run