Bump golang.org/x/net from 0.0.0-20210805182204-aaa1db679c0d to 0.17.0 #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
# Controls when the workflow will run | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
env: | |
LM_K8S_WEBHOOK_IMAGE_NAME: lm-k8s-webhook | |
LM_RELOADER_IMAGE_NAME: lm-config-reloader | |
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
jobs: | |
setup-environment: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v2 | |
- name: Setup Go | |
uses: actions/setup-go@v2.1.5 | |
with: | |
go-version: 1.17 | |
- name: Cache Modules | |
id: module-cache | |
uses: actions/cache@v2 | |
with: | |
path: /home/runner/go/pkg/mod | |
key: go-pkg-mod-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Install dependencies | |
if: steps.module-cache.outputs.cache-hit != 'true' | |
run: make gomoddownload | |
- name: Cache Tools | |
id: tool-cache | |
uses: actions/cache@v2 | |
with: | |
path: /home/runner/go/bin | |
key: tools-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
- name: Install Tools | |
if: steps.tool-cache.outputs.cache-hit != 'true' | |
run: make install-tools | |
lint: | |
name: lint | |
runs-on: ubuntu-latest | |
needs: [setup-environment] | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- name: Checkout Code | |
uses: actions/checkout@v2 | |
- name: Install Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.17.x | |
- name: Run Linters | |
uses: golangci/golangci-lint-action@v2 | |
with: | |
version: v1.29 | |
args: --timeout=5m | |
unittest: | |
name: unit-test | |
needs: lint | |
runs-on: ubuntu-latest | |
if: needs.lint.result == 'success' | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v2 | |
- name: Install Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.17.x | |
- name: Cache Modules | |
id: module-cache | |
uses: actions/cache@v2 | |
with: | |
path: /home/runner/go/pkg/mod | |
key: go-pkg-mod-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Cache Tools | |
id: tool-cache | |
uses: actions/cache@v2 | |
with: | |
path: /home/runner/go/bin | |
key: tools-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
- name: Run Unit Tests | |
run: make gotest | |
test-coverage: | |
name: test-coverage | |
needs: lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v2 | |
- name: Install Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.17.x | |
- name: Cache Modules | |
id: module-cache | |
uses: actions/cache@v2 | |
with: | |
path: /home/runner/go/pkg/mod | |
key: go-pkg-mod-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Cache Tools | |
id: tool-cache | |
uses: actions/cache@v2 | |
with: | |
path: /home/runner/go/bin | |
key: tools-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }} | |
- name: Run Go Unit Tests With Coverage | |
run: make gotest-with-cover | |
- uses: codecov/codecov-action@v2 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: coverage.txt | |
fail_ci_if_error: true # optional (default = false) | |
verbose: true # optional (default = false) | |
- name: Run Gosec Security Scanner | |
uses: securego/gosec@master | |
with: | |
# we let the report trigger content trigger a failure using the GitHub Security features. | |
args: '-no-fail -fmt sarif -out code-scan-results.sarif ./...' | |
- name: Upload Gosec scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v1 | |
with: | |
# Path to SARIF file relative to the root of the repository | |
sarif_file: code-scan-results.sarif | |
vulnerabilities-scan: | |
name: vulnerabilities-scan | |
needs: lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Set env vars for the job | |
run: | | |
grep -v '\#' versions.txt | grep lm-k8s-webhook | awk -F= '{print "LM_WEBHOOK_VERSION="$2}' >> $GITHUB_ENV | |
grep -v '\#' versions.txt | grep lm-config-reloader | awk -F= '{print "LM_RELOADER_VERSION="$2}' >> $GITHUB_ENV | |
echo "VERSION_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV | |
echo "LM_WEBHOOK_VERSION_PKG=github.com/logicmonitor/lm-k8s-webhook/internal/version" | |
echo "LM_RELOADER_VERSION_PKG=github.com/logicmonitor/lm-k8s-webhook/lm-config-reloader/internal/version" | |
- name: Build an image from Dockerfile for lm-k8s-webhook | |
run: | | |
docker build --build-arg VERSION_PKG=${{ env.LM_WEBHOOK_VERSION_PKG }} --build-arg LM_K8S_VERSION=${{ env.LM_WEBHOOK_VERSION }} --build-arg VERSION_DATE=${{ env.VERSION_DATE }} -t ghcr.io/${{ github.repository_owner }}/${{ env.LM_K8S_WEBHOOK_IMAGE_NAME }}:${{ env.LM_WEBHOOK_VERSION }} . | |
- name: Run Trivy vulnerability scanner for lm-k8s-webhook | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: 'ghcr.io/${{ github.repository_owner }}/${{ env.LM_K8S_WEBHOOK_IMAGE_NAME }}:${{ env.LM_WEBHOOK_VERSION }}' | |
format: 'sarif' | |
output: 'trivy-results-lm-k8s-webhook-image.sarif' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH,MEDIUM' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v1 | |
with: | |
sarif_file: 'trivy-results-lm-k8s-webhook-image.sarif' | |
category: lm-k8s-webhook-scan-results | |
- name: Build an image for lm-config-reloader | |
run: | | |
docker build --build-arg VERSION_PKG=${{ env.LM_RELOADER_VERSION_PKG }} --build-arg LM_RELOADER_VERSION=${{ env.LM_RELOADER_VERSION }} --build-arg VERSION_DATE=${{ env.VERSION_DATE }} -t ghcr.io/${{ github.repository_owner }}/${{ env.LM_RELOADER_IMAGE_NAME }}:${{ env.LM_RELOADER_VERSION }} ./lm-config-reloader/. | |
- name: Run Trivy vulnerability scanner for lm-config-reloader | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: 'ghcr.io/${{ github.repository_owner }}/${{ env.LM_RELOADER_IMAGE_NAME }}:${{ env.LM_RELOADER_VERSION }}' | |
format: 'sarif' | |
output: 'trivy-results-lm-config-reloader-image.sarif' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH,MEDIUM' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v1 | |
with: | |
sarif_file: 'trivy-results-lm-config-reloader-image.sarif' | |
category: lm-config-reloader-scan-results | |