Skip to content

Update goobjectscale (#192) #13

Update goobjectscale (#192)

Update goobjectscale (#192) #13

Workflow file for this run

name: Release Draft
on:
push:
tags:
- 'v*.*.*'
permissions: write-all
env:
REGISTRY: "sample_registry" # TODO: There is no registry for now
IMAGETAG: "${{ github.ref_name }}"
IMAGENAME: "cosi-driver"
CLAMAV_SCAN_FILE: clamav-scan-results.txt
TRIVY_SCAN_FILE: trivy-scan-results.sarif
DOCKLE_SCAN_FILE: dockle-scan-results # NOTE: no extension here, it will be automatically added by Dockle
jobs:
tests-workflow:
uses: ./.github/workflows/dev.yaml

Check failure on line 21 in .github/workflows/release.yaml

GitHub Actions / .github/workflows/release.yaml

Invalid workflow file

error parsing called workflow ".github/workflows/release.yaml" -> "./.github/workflows/dev.yaml" : failed to fetch workflow: workflow was not found.
secrets:
GH_DELL_ACCESS: ${{ secrets.GH_DELL_ACCESS }}
av-scan:
name: AV Repository scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Malware Scanner
uses: dell/common-github-actions/malware-scanner@main
with:
directories: .
options: "--recursive --infected --log=${{ env.CLAMAV_SCAN_FILE }}"
- name: Upload scan result to Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# NOTE: `chmod` is used because `${{ env.CLAMAV_SCAN_FILE }}` has invalid permissions to be uploaded.
run: |
sudo chmod 644 ${{ env.CLAMAV_SCAN_FILE }}
gh release upload --clobber ${{ github.ref_name }} ${{ env.CLAMAV_SCAN_FILE }}
trivy-scan:
name: Trivy image scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run trivy action
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGENAME }}:${{ env.IMAGETAG }}
exit-code: 0
output: ${{ env.TRIVY_SCAN_FILE }}
format: sarif
- name: Upload scan result to Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# NOTE: `chmod` is used because `${{ env.TRIVY_SCAN_FILE }}` can have invalid permissions to be uploaded.
run: |
sudo chmod 644 ${{ env.TRIVY_SCAN_FILE }}
gh release upload --clobber ${{ github.ref_name }} ${{ env.TRIVY_SCAN_FILE }}
dockle-scan:
name: Dockle image scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run dockle action
uses: erzz/dockle-action@v1.4.0
env:
DOCKER_CONTENT_TRUST: 1
with:
image: ${{ env.REGISTRY }}/${{ env.IMAGENAME }}:${{ env.IMAGETAG }}
exit-code: 0
report-format: sarif
report-name: ${{ env.DOCKLE_SCAN_FILE }}
- name: Upload scan result to Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# NOTE: `chmod` is used because `${{ env.DOCKLE_SCAN_FILE }}.sarif` can have invalid permissions to be uploaded.
run: |
sudo chmod 644 ${{ env.DOCKLE_SCAN_FILE }}.sarif
gh release upload --clobber ${{ github.ref_name }} ${{ env.DOCKLE_SCAN_FILE }}.sarif