Skip to content

Scan container images with Trivy #1317

Scan container images with Trivy

Scan container images with Trivy #1317

Workflow file for this run

name: Test
on:
push:
branches: ["main"]
pull_request_target:
types: ["opened", "synchronize", "reopened"]
branches: ["main"]
jobs:
go_test:
runs-on: ubuntu-latest
steps:
# If triggered by a push to **our** repository, we can directly checkout the code.
- name: Checkout branch ${{ github.ref }}
if: ${{ github.event_name == 'push' }}
uses: actions/[email protected]
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
# If triggered by a PR, we have to check out the PR's source
- name: Checkout (preview) merge commit for PR ${{ github.event.pull_request.number }}
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/[email protected]
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Verify
run: "make verify"
- name: Run tests
run: "make test"
- name: SonarCloud Scan ${{ github.ref }}
uses: SonarSource/[email protected]
if: ${{ github.event_name == 'push' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# If triggered by a PR, we have to use the PR's source
- name: SonarCloud Scan (preview) merge commit for PR ${{ github.event.pull_request.number }}
uses: SonarSource/[email protected]
if: ${{ github.event_name == 'pull_request_target' }}
with:
args: >
-Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
-Dsonar.scm.revision=${{ github.event.pull_request.head.sha }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}