Skip to content

[WIP] Check workflow triggers #30

[WIP] Check workflow triggers

[WIP] Check workflow triggers #30

name: Compass Manager
on:
push:
branches:
- main
tags:
- "[0-9]+.[0-9]+.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-*"
paths-ignore:
- .reuse
- hack/
- LICENSES/
- LICENSE
- .gitignore
- "**.md"
pull_request_target:
types: [opened, synchronize, reopened]
paths-ignore:
- .reuse
- hack/
- LICENSES/
- LICENSE
- .gitignore
- "**.md"
permissions:
id-token: write # This is required for requesting the JWT token
contents: read # This is required for actions/checkout
jobs:
setup:
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.tag.outputs.tag }}
code: ${{ steps.detect-files.outputs.code_any_changed || steps.fallback-values.outputs.code_any_changed}}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- id: tag
if: github.event_name == 'push' && github.ref_type == 'tag'
run: echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
- name: Detect files
id: detect-files
continue-on-error: true
uses: tj-actions/changed-files@d6babd6899969df1a11d14c368283ea4436bca78
with:
files_yaml: |
code:
- ./**.go
- ./go.mod
- ./go.sum
- name: Fallback values
id: fallback-values
if: steps.detect-files.outcome != 'success'
run: |
echo "code_any_changed=true" >> $GITHUB_OUTPUT
unit-tests:
permissions:
contents: read
needs: setup
if: needs.setup.outputs.code == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Set up go environment
uses: actions/setup-go@v4
with:
cache-dependency-path: go.sum
go-version-file: go.mod
- name: Run unit tests
run: make test | tee unit-test.log
- name: Upload test logs artifact
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: unit-test.log
path: test.log
trivy:
permissions:
contents: read
runs-on: "ubuntu-20.04"
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Install trivy
run: |
mkdir ./trivy
curl -L https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar xvz --directory=./trivy
./trivy/trivy --version
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
scan-type: "fs"
scan-ref: "."
exit-code: 1
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
ignore-unfixed: false
timeout: "5m0s"
vuln-type: "os,library"
format: table
output: "trivy-results.txt"
- name: Upload trivy table
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: trivy-results.txt
path: trivy-results.txt
build-image:
needs: setup
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: compass-manager
dockerfile: Dockerfile
context: .
tags: ${{ needs.setup.outputs.tag }}
summary:
runs-on: ubuntu-latest
needs: [build-image, unit-tests, trivy]
if: success() || failure()
steps:
- name: "Download test log"
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: test.log
- name: "Download trivy log"
uses: actions/download-artifact@v4
continue-on-error: true
with:
name: trivy-results.txt
- name: "Generate summary"
run: |
{
echo '# Compass Manager'
# if trivy-results.txt exists
if [ -f trivy-results.txt ]; then
echo '## Trivy'
printf '\n```txt\n'
cat trivy-results.txt
printf '\n```\n'
fi
# if test.log exists
if [ -f test.log ]; then
echo '## Unit Tests'
printf '\n```\n'
cat test.log
printf '\n```\n'
fi
# if build-image was successful
if [ "${{ needs.build-image.result }}" == "success" ]; then
echo '## Image'
echo '```json'
echo '${{ needs.build-image.outputs.images }}' | jq
echo '```'
fi
} >> $GITHUB_STEP_SUMMARY