chore: bump the all group with 3 updates #3663

Workflow file for this run

	name: test
	on:
	push:
	paths-ignore:
	- "**.md"
	- "hack/**"
	- "docs/**"
	pull_request:
	paths-ignore:
	- "**.md"
	- "hack/**"
	- "docs/**"
	env:
	REGISTRY: ghcr.io

	permissions: read-all

	jobs:
	generate-bucket-id:
	name: "Generate build id for storage"
	uses: ./.github/workflows/build-id.yaml

	build-images:
	name: "Build images for e2e tests"
	uses: ./.github/workflows/e2e-build.yaml
	needs:
	- generate-bucket-id
	with:
	bucket-id: ${{ needs.generate-bucket-id.outputs.bucket-id }}

	e2e-test:
	name: "Run e2e tests"
	uses: ./.github/workflows/e2e-test.yaml
	permissions:
	contents: write
	needs:
	- build-images
	- generate-bucket-id
	with:
	bucket-id: ${{ needs.generate-bucket-id.outputs.bucket-id }}

	lint:
	name: "Lint"
	runs-on: ubuntu-latest
	timeout-minutes: 40
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
	with:
	egress-policy: audit
	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- name: Set up Go
	uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
	with:
	go-version: "1.21"
	check-latest: true
	- name: lint manager
	uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
	with:
	version: latest
	args: --timeout=10m
	- name: lint remover
	uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
	with:
	version: latest
	working-directory: pkg/remover
	skip-pkg-cache: true
	args: --timeout=10m
	- name: lint collector
	uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
	with:
	version: latest
	working-directory: pkg/collector
	skip-pkg-cache: true
	args: --timeout=10m
	- name: lint trivvy scanner
	uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
	with:
	version: latest
	working-directory: pkg/scanners/trivy
	skip-pkg-cache: true
	args: --timeout=10m

	unit-test:
	name: "Unit Tests"
	runs-on: ubuntu-latest
	timeout-minutes: 40
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
	with:
	egress-policy: audit
	- name: Set up Go
	uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
	with:
	go-version: "1.21"
	check-latest: true
	- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
	with:
	key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-
	path: \|
	~/go/pkg/mod
	~/.cache/go-build
	- name: Check out code into the Go module directory
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- name: Unit test
	run: make test
	- name: Codecov upload
	uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673
	with:
	flags: unittests
	file: ./cover.out
	fail_ci_if_error: false

	check-manifest:
	name: "Check codegen and manifest"
	runs-on: ubuntu-latest
	timeout-minutes: 10
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
	with:
	egress-policy: audit
	- name: Check out code into the Go module directory
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- name: Set up Go
	uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
	with:
	go-version: "1.21"
	check-latest: true
	- name: Check go.mod and manifests
	run: \|
	go mod tidy
	git diff --exit-code
	make generate manifests
	git diff --exit-code

	scan_vulnerabilities:
	name: "[Trivy] Scan for vulnerabilities"
	runs-on: ubuntu-latest
	timeout-minutes: 15
	permissions:
	contents: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
	with:
	egress-policy: audit

	- name: Check out code into the Go module directory
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	- name: Get repo
	run: \|
	echo "REPO=$(echo $GITHUB_REPOSITORY \| awk '{print tolower($0)}')" >> $GITHUB_ENV

	- name: Build eraser-manager
	run: \|
	make docker-build-manager MANAGER_REPO=${{ env.REGISTRY }}/${REPO}-manager MANAGER_TAG=test
	- name: Build remover
	run: \|
	make docker-build-remover REMOVER_REPO=${{ env.REGISTRY }}/remover REMOVER_TAG=test
	- name: Build collector
	run: \|
	make docker-build-collector COLLECTOR_REPO=${{ env.REGISTRY }}/collector COLLECTOR_TAG=test
	- name: Build trivy scanner
	run: \|
	make docker-build-trivy-scanner TRIVY_SCANNER_REPO=${{ env.REGISTRY }}/${REPO}-trivy-scanner TRIVY_SCANNER_TAG=test

	- name: Run trivy for remover
	uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
	with:
	image-ref: ${{ env.REGISTRY }}/remover:test
	exit-code: "1"
	ignore-unfixed: true
	vuln-type: "os,library"

	- name: Run trivy for eraser-manager
	uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
	with:
	image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-manager:test
	exit-code: "1"
	ignore-unfixed: true
	vuln-type: "os,library"

	- name: Run trivy for collector
	uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
	with:
	image-ref: ${{ env.REGISTRY }}/collector:test
	exit-code: "1"
	ignore-unfixed: true
	vuln-type: "os,library"

	- name: Run trivy for trivy-scanner
	uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
	with:
	image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-trivy-scanner:test
	exit-code: "1"
	ignore-unfixed: true
	vuln-type: "os,library"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump the all group with 3 updates #3663

Workflow file

chore: bump the all group with 3 updates #3663

Jobs

Run details

Workflow file for this run