chore: ignore vuln in packers dependencies #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-binary-docker-images | |
| on: | |
| push: | |
| tags: | |
| - "v[0-9]+.[0-9]+.[0-9]+" | |
| - "v2.0.0-alpha1" | |
| permissions: | |
| contents: write | |
| jobs: | |
| build-push-docker-images: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Cache container layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}${{ matrix.containers.suffix }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}${{ matrix.containers.suffix }}-buildx- | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and tag dev image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile.dev | |
| tags: | | |
| controlplane/simulator:dev | |
| load: true | |
| push: false | |
| - name: Run Trivy vulnerability scanner on the dev image | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'controlplane/simulator:dev' | |
| format: 'table' | |
| exit-code: '1' | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Build and tag simulator image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| tags: controlplane/simulator:${{ github.ref_name }} | |
| load: true | |
| push: false | |
| - name: Run Trivy vulnerability scanner on simulator image | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: controlplane/simulator:${{ github.ref_name }} | |
| format: 'table' | |
| exit-code: '1' | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: './.trivy-config/.trivyignore' | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Build and push dev image ## should use cache image from the previous step | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile.dev | |
| tags: 'controlplane/simulator:dev' | |
| load: false ## push and load cannot be set at the same time | |
| push: true | |
| - name: pull dev image | |
| run: | | |
| docker images ls | |
| docker pull controlplane/simulator:dev | |
| docker images ls | |
| - name: Build and push simulator image ## should use cache image from the previous step | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| tags: | | |
| controlplane/simulator:${{ github.ref_name }} | |
| controlplane/simulator:latest | |
| load: false | |
| push: true | |
| goreleaser: | |
| runs-on: ubuntu-latest | |
| name: goreleaser | |
| needs: build-push-docker-images | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: go.mod | |
| - run: go version | |
| - uses: anchore/sbom-action/download-syft@v0 | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| distribution: goreleaser | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |