update actions

dell · Nov 8, 2024 · 62348c6 · 62348c6
1 parent 5d7c934
commit 62348c6
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 3 deletions.
diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml
@@ -0,0 +1,72 @@
+name: Workflow
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+jobs:
+  sanitize:
+    name: Check for forbidden words
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+      - name: Run the forbidden words scan
+        uses: dell/common-github-actions/code-sanitizer@main
+        with:
+          args: /github/workspace
+  test:
+    name: Run Go unit tests and check package coverage
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+      - name: Checkout dell-csi-extensions
+        uses: actions/checkout@v4
+        with:
+          repository: 'dell/dell-csi-extensions'
+          path: dell-csi-extensions
+      - name: Run unit tests and check package coverage
+        uses: dell/common-github-actions/go-code-tester@main
+        with:
+          threshold: 90
+          skip-list: "podmon/test/ssh"
+          race-detector: "false"
+  image_security_scan:
+    name: Image Scanner
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go stable version
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23"
+          cache: false
+        id: go
+      - name: Checkout the code
+        uses: actions/checkout@v4
+      - name: Checkout dell-csi-extensions
+        uses: actions/checkout@v4
+        with:
+          repository: 'dell/dell-csi-extensions'
+          path: dell-csi-extensions
+      - name: Install Mockgen
+        run: go get github.com/golang/mock/[email protected]
+      - name: Get dependencies
+        run: go mod download ; sudo apt update -y && sudo apt -y install dnf
+      - name: Mod tidy
+        run: go mod tidy
+      - name: Build podmon Docker Image
+        run: |
+         chmod +x ./scripts/buildubimicro.sh
+         make build-base-image
+         podman build -t docker.io/podmon -f ./Dockerfile --build-arg GOIMAGE=golang:latest --build-arg BASEIMAGE="localhost/resiliency-ubimicro"
+         podman save docker.io/library/podmon -o /tmp/podmon.tar
+         docker load -i /tmp/podmon.tar
+      - name: Trivy image scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: podmon
+          severity: 'HIGH,CRITICAL'
+          ignore-unfixed: true
+          exit-code: '1'
+          trivyignores: '.github/workflows/.trivyignore'
diff --git a/.github/workflows/common-workflows.yaml b/.github/workflows/common-workflows.yaml
@@ -12,7 +12,6 @@ jobs:
     uses: dell/common-github-actions/.github/workflows/go-static-analysis.yaml@main
     name: Golang Validation
 
-  # checks unit tests, package coverage, and gosec
   common:
-    name: Run gosec, unit tests, and check package coverage
-    uses: dell/common-github-actions/.github/workflows/go-common.yml@main
+    name: Quality Checks
+    uses: dell/common-github-actions/.github/workflows/go-common.yml@update-ut-action