Skip to content

Bump aquasecurity/trivy-action from 0.19.0 to 0.23.0 #507

Bump aquasecurity/trivy-action from 0.19.0 to 0.23.0

Bump aquasecurity/trivy-action from 0.19.0 to 0.23.0 #507

Workflow file for this run

name: Build, Test, and Lint
on:
push:
branches:
- main
- 'release-*'
pull_request_target:
jobs:
build-container:
runs-on: ubuntu-latest
env:
EXPORT_RESULT: true
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: |
~/.cache/golangci-lint
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Install devbox
run: curl -fsSL https://get.jetpack.io/devbox | bash -s -- -f
- name: Install devbox deps
run: devbox install
- name: Test build
run: devbox run -- make build
- name: Run unit tests
run: devbox run -- make unit-test
# gocov-xml expects things to be properly placed under go path.
# GHA clones into /home/runner/work/repository so we create
# the directory under the right path and link it
- run: mkdir -p /home/runner/go/src/github.com/nutanix-cloud-native/ && ln -s /home/runner/work/cloud-provider-nutanix/cloud-provider-nutanix /home/runner/go/src/github.com/nutanix-cloud-native
- name: Run coverage report
run: devbox run -- make coverage
- name: Codecov
uses: codecov/codecov-action@v3.1.4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
file: ./coverage.xml # Replace with the path to your coverage report
fail_ci_if_error: true
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.23.0
with:
scan-type: "fs"
ignore-unfixed: true
format: "table"
exit-code: "1"
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
e2e:
strategy:
matrix:
e2e-labels:
- "capx"
fail-fast: false
uses: ./.github/workflows/e2e.yaml
with:
e2e-labels: ${{ matrix.e2e-labels }}
secrets: inherit
permissions:
contents: read
checks: write