Skip to content

Migrator refactor

Migrator refactor #309

Workflow file for this run

name: KIM
on:
push:
branches:
- main
tags:
- "[0-9]+.[0-9]+.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-*"
paths-ignore:
- .reuse
- hack/
- LICENSES/
- LICENSE
- .gitignore
- "**.md"
pull_request_target:
types: [opened, synchronize, reopened]
paths-ignore:
- .reuse
- hack/
- LICENSES/
- LICENSE
- .gitignore
- "**.md"
env:
trivy-table: trivy-table.txt
permissions:
id-token: write # This is required for requesting the JWT token
contents: read # This is required for actions/checkout
jobs:
setup:
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.tag.outputs.tag }}
latest: ${{ steps.latest.outputs.latest || '' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- id: tag
if: github.event_name == 'push' && github.ref_type == 'tag'
run: echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
- id: latest
if: github.event.ref_name == github.event.repository.default_branch
run: echo "latest=latest" >> $GITHUB_OUTPUT
trivy:
permissions:
contents: read
runs-on: "ubuntu-20.04"
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Install trivy
run: |
mkdir ./trivy
curl -L https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar xvz --directory=./trivy
./trivy/trivy --version
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: "fs"
scan-ref: "."
exit-code: 1
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
ignore-unfixed: false
timeout: "5m0s"
vuln-type: "os,library"
format: table
output: ${{ env.trivy-table }}
- name: Upload trivy table
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ env.trivy-table }}
path: ${{ env.trivy-table }}
- name: Print trivy table
if: success() || failure()
run: "test -f ${{ env.trivy-table }} && cat ${{ env.trivy-table }} || echo ':: no data ::'"
build-image:
needs: setup
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: infrastructure-manager
dockerfile: Dockerfile
context: .
tags: |
${{ needs.setup.outputs.tag }}
${{ needs.setup.outputs.latest }}
summary:
runs-on: ubuntu-latest
needs: [build-image, trivy]
if: success() || failure()
steps:
- name: "Download trivy log"
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: ${{ env.trivy-table }}
- name: "Generate summary"
run: |
{
echo '# Kyma Infrastructure Manager'
# if trivy results table exists
if [ -f ${{ env.trivy-table }} ]; then
echo '## Trivy'
printf '\n```txt\n'
cat ${{ env.trivy-table }}
printf '\n```\n'
fi
# if build-image was successful
if [ "${{ needs.build-image.result }}" == "success" ]; then
printf '\n\n## Image\n'
printf '\n```json\n'
echo '${{ needs.build-image.outputs.images }}' | jq
printf '\n```\n'
fi
} >> $GITHUB_STEP_SUMMARY