Skip to content

Commit

Permalink
update workflow steps
Browse files Browse the repository at this point in the history
  • Loading branch information
DoctorVin committed Feb 20, 2024
1 parent a888527 commit 05ee182
Show file tree
Hide file tree
Showing 3 changed files with 144 additions and 4 deletions.
72 changes: 72 additions & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '34 3 * * 0'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality


# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
68 changes: 68 additions & 0 deletions .github/workflows/push-pr-lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
name: lint, test and build image
on: [pull_request, push]

jobs:
lint-test:
runs-on: ubuntu-latest
steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Checkout code
uses: actions/checkout@v4
- name: golangci-lint
uses: golangci/golangci-lint-action@v4
with:
args: --config .golangci.yml --timeout 2m
version: v1.55.2
- name: Test
run: go test ./...
build:
runs-on: ubuntu-latest
needs: [lint-test]
steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: '1.21'

- name: Checkout code
uses: actions/checkout@v4

- name: build binary
run: make build

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build Docker image - no push
id: docker-build
uses: docker/build-push-action@v5
with:
context: .
push: false
tags: ghcr.io/metal-toolbox/fleet-rest-skeleton:latest
file: Dockerfile

- name: Scan image
id: scan-image
uses: anchore/scan-action@v3
with:
image: ghcr.io/metal-toolbox/fleet-rest-skeleton:latest
acs-report-enable: true
# TODO(joel): Fail build once we migrate off CentOS.
fail-build: false

# TODO(joel): Uncomment once we migrate off CentOS.
# - name: upload Anchore scan SARIF report
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: ${{ steps.scan.outputs.sarif }}
# # This should run even if we fail the container scan
# if: always()

- name: Inspect action SARIF report
run: cat ${{ steps.scan.outputs.sarif }}
# This should run even if we fail the container scan
if: always()
8 changes: 4 additions & 4 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,14 @@ jobs:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version: "1.20"
go-version: "1.21"
-
name: install cosign
uses: sigstore/cosign-installer@main
-
uses: anchore/sbom-action/download-syft@v0.14.3
uses: anchore/sbom-action/download-syft@v0.15.8
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
Expand All @@ -44,4 +44,4 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_EXPERIMENTAL: 1
GOVERSION: "1.20"
GOVERSION: "1.21"

0 comments on commit 05ee182

Please sign in to comment.