Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.6.0 to 1.7.1 #1007
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Validation | |
on: pull_request | |
env: | |
NAME: "azad-kube-proxy" | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
env: | |
GO111MODULE: on | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "^1.20" | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v3.4.0 | |
with: | |
version: v1.52.2 | |
fmt: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "^1.20" | |
- name: Run fmt | |
run: | | |
make fmt | |
- name: Check if working tree is dirty | |
run: | | |
if [[ $(git status --porcelain) ]]; then | |
git diff | |
echo 'run make fmt and commit changes' | |
exit 1 | |
fi | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "^1.20" | |
- name: Run build | |
run: | | |
make build | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "^1.20" | |
- name: Run test | |
env: | |
CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
TENANT_ID: ${{ secrets.TENANT_ID }} | |
TEST_USER_SP_CLIENT_ID: ${{ secrets.TEST_USER_SP_CLIENT_ID }} | |
TEST_USER_SP_CLIENT_SECRET: ${{ secrets.TEST_USER_SP_CLIENT_SECRET }} | |
TEST_USER_SP_RESOURCE: ${{ secrets.TEST_USER_SP_RESOURCE }} | |
TEST_USER_SP_OBJECT_ID: ${{ secrets.TEST_USER_SP_OBJECT_ID }} | |
TEST_USER_OBJECT_ID: ${{ secrets.TEST_USER_OBJECT_ID }} | |
run: | | |
make test | |
coverage: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "^1.20" | |
- name: coverage | |
env: | |
CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
TENANT_ID: ${{ secrets.TENANT_ID }} | |
TEST_USER_SP_CLIENT_ID: ${{ secrets.TEST_USER_SP_CLIENT_ID }} | |
TEST_USER_SP_CLIENT_SECRET: ${{ secrets.TEST_USER_SP_CLIENT_SECRET }} | |
TEST_USER_SP_RESOURCE: ${{ secrets.TEST_USER_SP_RESOURCE }} | |
TEST_USER_SP_OBJECT_ID: ${{ secrets.TEST_USER_SP_OBJECT_ID }} | |
TEST_USER_OBJECT_ID: ${{ secrets.TEST_USER_OBJECT_ID }} | |
run: | | |
mkdir -p tmp | |
make cover | |
- name: Send coverage to coverall | |
uses: shogo82148/actions-goveralls@v1.7.0 | |
with: | |
path-to-profile: tmp/coverage.out | |
ignore: cmd/azad-kube-proxy/main.go,internal/proxy/proxy.go,cmd/kubectl-azad-proxy/main.go | |
build-container: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
- name: Prepare | |
id: prep | |
run: | | |
VERSION=sha-${GITHUB_SHA::8} | |
if [[ $GITHUB_REF == refs/tags/* ]]; then | |
VERSION=${GITHUB_REF/refs\/tags\//} | |
fi | |
echo BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') >> $GITHUB_OUTPUT | |
echo VERSION=${VERSION} >> $GITHUB_OUTPUT | |
- uses: brpaz/hadolint-action@v1.5.0 | |
with: | |
dockerfile: Dockerfile | |
- name: Cache container layers | |
uses: actions/cache@v3.3.1 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2.1.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2.5.0 | |
- name: Build and load (current arch) | |
run: | | |
docker buildx build --load -t ${{ env.NAME }}:${{ steps.prep.outputs.VERSION }} . | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: ${{ env.NAME }}:${{ steps.prep.outputs.VERSION }} | |
format: "table" | |
exit-code: "1" | |
ignore-unfixed: true | |
severity: "CRITICAL,HIGH" |