fix(deps): update github.com/observatorium/api digest to 2545e19 #799
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: | |
| - '*' | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| env: | |
| GO_VERSION: '1.23.4' | |
| jobs: | |
| lint: | |
| name: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - uses: actions/checkout@v4 | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| # Optional: golangci-lint command line arguments. | |
| args: --issues-exit-code=1 --timeout=5m #--disable typecheck | |
| - name: go vet | |
| run: go vet ./... | |
| scan-sarif: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| scanners: 'vuln,secret,config' | |
| ignore-unfixed: true | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH,MEDIUM,LOW' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| category: 'code' | |
| scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| scanners: 'vuln,secret,misconfig' | |
| ignore-unfixed: true | |
| exit-code: '1' | |
| severity: 'CRITICAL,HIGH' | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Install dependencies | |
| run: go get . | |
| - name: Test | |
| run: go test -v ./... | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ./.cache # Note that this path is not influenced by working-directory set in defaults | |
| key: multena-proxy-${{ github.run_id }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Install dependencies | |
| run: go get . | |
| - name: Build | |
| run: CGO_ENABLED=0 GOOS=linux GOEXPERIMENT=loopvar go build -ldflags="-X main.Commit=$(git rev-parse HEAD)" -o . -v ./... | |
| - name: Change permissions | |
| run: | | |
| sudo chgrp -R 0 multena-proxy | |
| sudo chmod -R g=u multena-proxy | |
| - name: Copy build | |
| run: mkdir ./.cache && cp ./multena-proxy ./.cache/multena-proxy | |
| push: | |
| needs: [ build, test, scan, lint ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.merge_commit_sha }} | |
| fetch-depth: '0' | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ./.cache # Note that this path is not influenced by working-directory set in defaults | |
| key: multena-proxy-${{ github.run_id }} | |
| fail-on-cache-miss: true | |
| - name: move from cache | |
| run: mv ./.cache/multena-proxy ./multena-proxy | |
| - name: Set image name | |
| run: echo "IMAGE_ID=$(echo ${{ github.repository }} | tr '[A-Z]' '[a-z]')" >> $GITHUB_ENV | |
| - name: Get tag version | |
| id: tag_version | |
| uses: anothrNick/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| WITH_V: true | |
| DRY_RUN: true | |
| DEFAULT_BUMP: patch | |
| RELEASE_BRANCHES: main | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.IMAGE_ID }} | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=raw,value=${{ steps.tag_version.outputs.new_tag }}-${{ github.head_ref }}, enable=${{ github.ref != 'refs/heads/main' }} | |
| type=raw,value=${{ steps.tag_version.outputs.new_tag }}-${{ github.head_ref }}-${{github.sha}}, enable=${{ github.ref != 'refs/heads/main' }} | |
| type=raw,value=${{github.sha}} | |
| type=semver,pattern={{version}},value=${{ steps.tag_version.outputs.new_tag }},enable={{is_default_branch}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Buildah Action | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: ${{ env.IMAGE_NAME }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| containerfiles: | | |
| ./build/Containerfile | |
| - name: Log in to the GitHub Container registry | |
| uses: redhat-actions/podman-login@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: push image to trivy | |
| run: | | |
| buildah push ${{ steps.build-image.outputs.image-with-tag }} oci:./multena-proxy-oci | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| input: 'multena-proxy-oci' | |
| format: 'sarif' | |
| severity: 'CRITICAL,HIGH' | |
| exit-code: '1' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| category: 'container' | |
| - name: Image digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} | |
| - name: Push to GitHub Container Repository | |
| id: push-to-ghcr | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.REGISTRY }} | |