[Snyk] Security upgrade tornado from 6.1 to 6.4.1 #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: {} | |
env: | |
# Common versions | |
GOLANGCI_VERSION: 'v1.49.0' | |
KUBERNETES_VERSION: '1.24.x' | |
# Sonar | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
jobs: | |
detect-noop: | |
runs-on: ubuntu-latest | |
outputs: | |
noop: ${{ steps.noop.outputs.should_skip }} | |
steps: | |
- name: Detect No-op Changes | |
id: noop | |
uses: fkirc/[email protected] | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
paths_ignore: '["**.md", "**.png", "**.jpg"]' | |
do_not_skip: '["workflow_dispatch", "schedule", "push"]' | |
concurrent_skipping: false | |
lint: | |
runs-on: ubuntu-latest | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version-file: "go.mod" | |
- name: Find the Go Cache | |
id: go | |
run: | | |
echo "::set-output name=build-cache::$(go env GOCACHE)" | |
echo "::set-output name=mod-cache::$(go env GOMODCACHE)" | |
- name: Cache the Go Build Cache | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.go.outputs.build-cache }} | |
key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }} | |
- name: Cache Go Dependencies | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.go.outputs.mod-cache }} | |
key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }} | |
- name: Lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: ${{ env.GOLANGCI_VERSION }} | |
skip-pkg-cache: true | |
skip-build-cache: true | |
check-diff: | |
runs-on: ubuntu-latest | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version-file: "go.mod" | |
- name: Find the Go Cache | |
id: go | |
run: | | |
echo "::set-output name=build-cache::$(go env GOCACHE)" | |
echo "::set-output name=mod-cache::$(go env GOMODCACHE)" | |
- name: Cache the Go Build Cache | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.go.outputs.build-cache }} | |
key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }} | |
- name: Cache Go Dependencies | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.go.outputs.mod-cache }} | |
key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }} | |
# Check DIff also runs Reviewable which needs golangci-lint installed | |
- name: Check Diff | |
run: | | |
wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${{ env.GOLANGCI_VERSION }} | |
export PATH=$PATH:./bin | |
make check-diff | |
unit-tests: | |
runs-on: ubuntu-latest | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Fetch History | |
run: git fetch --prune --unshallow | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version-file: "go.mod" | |
- name: Find the Go Cache | |
id: go | |
run: | | |
echo "::set-output name=build-cache::$(go env GOCACHE)" | |
echo "::set-output name=mod-cache::$(go env GOMODCACHE)" | |
- name: Cache the Go Build Cache | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.go.outputs.build-cache }} | |
key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }} | |
- name: Cache Go Dependencies | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.go.outputs.mod-cache }} | |
key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }} | |
- name: Add setup-envtest | |
run: | | |
go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest | |
setup-envtest use ${{env.KUBERNETES_VERSION}} -p env --os $(go env GOOS) --arch $(go env GOARCH) | |
- name: Cache envtest binaries | |
uses: actions/cache@v3 | |
with: | |
path: /home/runner/.local/share/kubebuilder-envtest/ | |
key: ${{ runner.os }}-kubebuilder-${{env.KUBERNETES_VERSION}} | |
- name: Run Unit Tests | |
run: | | |
export KUBEBUILDER_ATTACH_CONTROL_PLANE_OUTPUT=true | |
source <(setup-envtest use ${{env.KUBERNETES_VERSION}} -p env --os $(go env GOOS) --arch $(go env GOARCH)) | |
make test | |
publish-artifacts: | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
uses: ./.github/workflows/publish.yml | |
permissions: | |
id-token: write | |
contents: read | |
strategy: | |
matrix: | |
include: | |
- dockerfile: "Dockerfile" | |
build-args: "CGO_ENABLED=0" | |
build-arch: "amd64 arm64" | |
build-platform: "linux/amd64,linux/arm64" | |
tag-suffix: "" # distroless | |
- dockerfile: "Dockerfile.ubi" | |
build-args: "CGO_ENABLED=0" | |
build-arch: "amd64 arm64" | |
build-platform: "linux/amd64,linux/arm64" | |
tag-suffix: "-ubi" | |
- dockerfile: "Dockerfile.ubi" | |
build-args: "CGO_ENABLED=0 GOEXPERIMENT=boringcrypto" | |
build-arch: "amd64" | |
build-platform: "linux/amd64" | |
tag-suffix: "-ubi-boringssl" | |
with: | |
dockerfile: ${{ matrix.dockerfile }} | |
tag-suffix: ${{ matrix.tag-suffix }} | |
image-name: ghcr.io/${{ github.repository }} | |
build-platform: ${{ matrix.build-platform }} | |
build-args: ${{ matrix.build-args }} | |
build-arch: ${{ matrix.build-arch }} | |
ref: ${{ github.ref }} | |
secrets: | |
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }} | |
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} | |