Skip to content

Bump golang.org/x/net from 0.0.0-20210805182204-aaa1db679c0d to 0.17.0 #22

Bump golang.org/x/net from 0.0.0-20210805182204-aaa1db679c0d to 0.17.0

Bump golang.org/x/net from 0.0.0-20210805182204-aaa1db679c0d to 0.17.0 #22

name: Continuous Integration
# Controls when the workflow will run
on:
push:
branches: [main]
pull_request:
branches: [main]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
LM_K8S_WEBHOOK_IMAGE_NAME: lm-k8s-webhook
LM_RELOADER_IMAGE_NAME: lm-config-reloader
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
setup-environment:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v2.1.5
with:
go-version: 1.17
- name: Cache Modules
id: module-cache
uses: actions/cache@v2
with:
path: /home/runner/go/pkg/mod
key: go-pkg-mod-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.module-cache.outputs.cache-hit != 'true'
run: make gomoddownload
- name: Cache Tools
id: tool-cache
uses: actions/cache@v2
with:
path: /home/runner/go/bin
key: tools-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }}
- name: Install Tools
if: steps.tool-cache.outputs.cache-hit != 'true'
run: make install-tools
lint:
name: lint
runs-on: ubuntu-latest
needs: [setup-environment]
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout Code
uses: actions/checkout@v2
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: 1.17.x
- name: Run Linters
uses: golangci/golangci-lint-action@v2
with:
version: v1.29
args: --timeout=5m
unittest:
name: unit-test
needs: lint
runs-on: ubuntu-latest
if: needs.lint.result == 'success'
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: 1.17.x
- name: Cache Modules
id: module-cache
uses: actions/cache@v2
with:
path: /home/runner/go/pkg/mod
key: go-pkg-mod-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Cache Tools
id: tool-cache
uses: actions/cache@v2
with:
path: /home/runner/go/bin
key: tools-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }}
- name: Run Unit Tests
run: make gotest
test-coverage:
name: test-coverage
needs: lint
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: 1.17.x
- name: Cache Modules
id: module-cache
uses: actions/cache@v2
with:
path: /home/runner/go/pkg/mod
key: go-pkg-mod-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Cache Tools
id: tool-cache
uses: actions/cache@v2
with:
path: /home/runner/go/bin
key: tools-${{ runner.os }}-${{ hashFiles('./internal/tools/go.mod') }}
- name: Run Go Unit Tests With Coverage
run: make gotest-with-cover
- uses: codecov/codecov-action@v2
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: coverage.txt
fail_ci_if_error: true # optional (default = false)
verbose: true # optional (default = false)
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
# we let the report trigger content trigger a failure using the GitHub Security features.
args: '-no-fail -fmt sarif -out code-scan-results.sarif ./...'
- name: Upload Gosec scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: code-scan-results.sarif
vulnerabilities-scan:
name: vulnerabilities-scan
needs: lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set env vars for the job
run: |
grep -v '\#' versions.txt | grep lm-k8s-webhook | awk -F= '{print "LM_WEBHOOK_VERSION="$2}' >> $GITHUB_ENV
grep -v '\#' versions.txt | grep lm-config-reloader | awk -F= '{print "LM_RELOADER_VERSION="$2}' >> $GITHUB_ENV
echo "VERSION_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV
echo "LM_WEBHOOK_VERSION_PKG=github.com/logicmonitor/lm-k8s-webhook/internal/version"
echo "LM_RELOADER_VERSION_PKG=github.com/logicmonitor/lm-k8s-webhook/lm-config-reloader/internal/version"
- name: Build an image from Dockerfile for lm-k8s-webhook
run: |
docker build --build-arg VERSION_PKG=${{ env.LM_WEBHOOK_VERSION_PKG }} --build-arg LM_K8S_VERSION=${{ env.LM_WEBHOOK_VERSION }} --build-arg VERSION_DATE=${{ env.VERSION_DATE }} -t ghcr.io/${{ github.repository_owner }}/${{ env.LM_K8S_WEBHOOK_IMAGE_NAME }}:${{ env.LM_WEBHOOK_VERSION }} .
- name: Run Trivy vulnerability scanner for lm-k8s-webhook
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/${{ github.repository_owner }}/${{ env.LM_K8S_WEBHOOK_IMAGE_NAME }}:${{ env.LM_WEBHOOK_VERSION }}'
format: 'sarif'
output: 'trivy-results-lm-k8s-webhook-image.sarif'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results-lm-k8s-webhook-image.sarif'
category: lm-k8s-webhook-scan-results
- name: Build an image for lm-config-reloader
run: |
docker build --build-arg VERSION_PKG=${{ env.LM_RELOADER_VERSION_PKG }} --build-arg LM_RELOADER_VERSION=${{ env.LM_RELOADER_VERSION }} --build-arg VERSION_DATE=${{ env.VERSION_DATE }} -t ghcr.io/${{ github.repository_owner }}/${{ env.LM_RELOADER_IMAGE_NAME }}:${{ env.LM_RELOADER_VERSION }} ./lm-config-reloader/.
- name: Run Trivy vulnerability scanner for lm-config-reloader
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/${{ github.repository_owner }}/${{ env.LM_RELOADER_IMAGE_NAME }}:${{ env.LM_RELOADER_VERSION }}'
format: 'sarif'
output: 'trivy-results-lm-config-reloader-image.sarif'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results-lm-config-reloader-image.sarif'
category: lm-config-reloader-scan-results