Skip to content

Bump the github-actions group with 10 updates #288

Bump the github-actions group with 10 updates

Bump the github-actions group with 10 updates #288

Workflow file for this run

name: Test & Build
on:
pull_request:
branches:
- 'main'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
checks: write # for golangci/golangci-lint-action to annotate Pull Requests
name: Lint Go code
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Golang
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Run golangci-lint
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
version: v1.54
args: --timeout 10m --exclude SA5011 --verbose --issues-exit-code=0
only-new-issues: true
govulncheck:
runs-on: ubuntu-latest
name: Run govulncheck
steps:
- id: govulncheck
uses: golang/govulncheck-action@v1
with:
go-version-file: go.mod
go-package: ./...
test:
name: Run unit tests for Go packages
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4 # v3.5.3
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Download and required packages
run: |
make deps
- name: Run all unit tests
run: make test
- name: Check test coverage
run: |
go install github.com/vladopajic/go-test-coverage/v2@latest
go-test-coverage --config=./.testcoverage.yml
- name: Generate code coverage artifacts
uses: actions/upload-artifact@v4
with:
name: code-coverage
path: coverage.out
build:
needs:
- test
- lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64
name: Build Images
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: ${{ matrix.platform }}
- name: Build Images
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.platform }}
load: true
push: false
tags: quay.io/jetstack/version-checker:${{github.sha}}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: 'quay.io/jetstack/version-checker:${{github.sha}}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'