Skip to content

build

build #101

Workflow file for this run

name: build
on:
push:
pull_request:
schedule:
- cron: 0 23 * * *
jobs:
validate:
runs-on: ubuntu-latest
env:
GO111MODULE: on
GOPATH: /home/runner/work/terrascan
GOBIN: /home/runner/work/terrascan/bin
GO_VERSION: 1.21
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_TEST }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST }}
AWS_REGION: ${{ secrets.AWS_REGION_TEST }}
AZURE_AUTH_TEST_SECRET: ${{ secrets.AZURE_AUTH_TEST_KEY }}
GOOGLE_APPLICATION_CREDENTIALS_TEST_SECRET: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_TEST_KEY }}
steps:
- name: Checkout Terrascan
uses: actions/checkout@v3
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Install golint
run: go install golang.org/x/lint/golint@latest
- name: Build Terrascan docker image
run: make docker-build
- name: Go validations
run: make validate
- name: Build Terrascan
run: make build
- name: Run unit tests
run: make unit-tests
- name: install kind
run: make install-kind
- name: Run e2e tests
run: make e2e-tests
- name: Run e2e vulnerability tests
if: ${{ (github.event_name == 'push'|| github.event_name == 'schedule') && github.actor != 'dependabot[bot]' }}
run: make e2e-vulnerability-tests
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v1
# push image to Docker Hub
push:
# Ensure "validate" job passes before pushing image.
needs: validate
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
steps:
- name: Checkout Terrascan
uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
- name: Login to Artifactory
run: docker login --username svc_terrascan --password ${{ secrets.ARTIFACTORY_API_TOKEN }} https://docker-terrascan-local.artifactory.eng.tenable.com
- name: Build latest docker image
run: make docker-build-push-latest
env:
MULTIPLATFORM: true
- name: Pull Image
run: docker pull docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:latest
- name: Run scan
run: |
image_tag=$(<dockerhub-image-label.txt)
docker run -e JKN_USERNAME=${{ secrets.JKN_USERNAME }} -e JKN_PASSWORD=${{ secrets.JKN_PASSWORD }} -t docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:latest jobs execute-job --credential-mode env -n teams-deleng-terraform -p deleng-terraform/dockerhub-publish -d "{\"APPID\":\"2054\", \"IMAGE\":\"docker-terrascan-local.artifactory.eng.tenable.com/terrascan:${image_tag}\", \"TARGETS\": \"tenable/terrascan:latest\", \"MULTIARCH\":\"true\"}" --cloudflare-access-secret ${{ secrets.CF_ACCESS_TOKEN }}:${{ secrets.CF_SECRET }}