Scan container images with Trivy #1317
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test | |
on: | |
push: | |
branches: ["main"] | |
pull_request_target: | |
types: ["opened", "synchronize", "reopened"] | |
branches: ["main"] | |
jobs: | |
go_test: | |
runs-on: ubuntu-latest | |
steps: | |
# If triggered by a push to **our** repository, we can directly checkout the code. | |
- name: Checkout branch ${{ github.ref }} | |
if: ${{ github.event_name == 'push' }} | |
uses: actions/[email protected] | |
with: | |
# Disabling shallow clone is recommended for improving relevancy of reporting | |
fetch-depth: 0 | |
# If triggered by a PR, we have to check out the PR's source | |
- name: Checkout (preview) merge commit for PR ${{ github.event.pull_request.number }} | |
if: ${{ github.event_name == 'pull_request_target' }} | |
uses: actions/[email protected] | |
with: | |
# Disabling shallow clone is recommended for improving relevancy of reporting | |
fetch-depth: 0 | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
ref: ${{ github.event.pull_request.head.ref }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- name: Verify | |
run: "make verify" | |
- name: Run tests | |
run: "make test" | |
- name: SonarCloud Scan ${{ github.ref }} | |
uses: SonarSource/[email protected] | |
if: ${{ github.event_name == 'push' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
# If triggered by a PR, we have to use the PR's source | |
- name: SonarCloud Scan (preview) merge commit for PR ${{ github.event.pull_request.number }} | |
uses: SonarSource/[email protected] | |
if: ${{ github.event_name == 'pull_request_target' }} | |
with: | |
args: > | |
-Dsonar.pullrequest.key=${{ github.event.pull_request.number }} | |
-Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |