Manager #167
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Manager | |
on: | |
push: | |
branches: [ '*' ] | |
paths: | |
- "manager/**" | |
- ".github/workflows/manager.yml" | |
env: | |
SERVICE: manager | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./${{env.SERVICE}} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Go environment | |
uses: actions/[email protected] | |
with: | |
# Path to the go.mod or go.work file. | |
go-version-file: ${{env.SERVICE}}/go.mod | |
# Set this option to true if you want the action to always check for the latest available version that satisfies the version spec | |
check-latest: false | |
# Used to specify whether caching is needed. Set to true, if you'd like to enable caching. | |
cache: true | |
# Used to specify the path to a dependency file - go.sum | |
cache-dependency-path: ${{env.SERVICE}}/go.sum | |
- name: Run Gosec Security Scanner | |
run: | | |
go install github.com/securego/gosec/v2/cmd/gosec@latest | |
gosec -exclude-generated ./... | |
- name: Test & Coverage | |
run: | | |
go test ./... -coverprofile=coverage.out | |
go tool cover -html=coverage.out -o cover.html | |
# Temporarily disable integration test: https://github.com/moby/moby/issues/45935 | |
# go test ./store/... --tags=integration | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: code-coverage | |
path: ${{env.SERVICE}}/cover.html | |
- name: Build the Docker image | |
run: | | |
docker build . \ | |
--file Dockerfile \ | |
--tag ${{env.SERVICE}}:${{ github.sha }} \ | |
--build-arg TARGETARCH=amd64 | |
env: | |
DOCKER_BUILDKIT: 1 | |
- name: Run Trivy container vulnerability scan | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: '${{env.SERVICE}}:${{ github.sha }}' | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' |