Skip to content

chore: bump github.com/aquasecurity/trivy from 0.51.4 to 0.53.0 #1806

chore: bump github.com/aquasecurity/trivy from 0.51.4 to 0.53.0

chore: bump github.com/aquasecurity/trivy from 0.51.4 to 0.53.0 #1806

Workflow file for this run

name: "[Blocking] Build"
on:
push:
branches:
- main
- release-*
tags:
- v*
paths-ignore:
- "**.md"
- "website/**"
- "docs/**"
- "demo/**"
pull_request:
branches:
- main
- release-*
paths-ignore:
- "**.md"
- "website/**"
- "docs/**"
- "demo/**"
workflow_dispatch:
env:
TRIVY_VERSION: 0.44.0
BUILDKIT_VERSION: 0.12.0
jobs:
unit-test:
name: Unit Test
runs-on: ubuntu-latest
timeout-minutes: 5
permissions: read-all
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.3.1
with:
egress-policy: audit
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: "1.22"
check-latest: true
- name: Add containerd-snapshotter to docker daemon
run: |
echo '{"features": { "containerd-snapshotter": true }}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker
- name: Unit test
shell: bash
env:
CODECOV_OPTS: "-coverprofile=coverage.txt -covermode=atomic"
run: make test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
build:
name: Build
runs-on: ${{ matrix.os }}
timeout-minutes: 5
permissions:
packages: write
contents: read
strategy:
matrix:
os: [ubuntu-latest]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.3.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: "1.22"
check-latest: true
- name: Build copa
shell: bash
run: |
make build
make archive
- name: Upload copa to build artifacts
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: copa_edge_linux_amd64.tar.gz
path: dist/linux_amd64/release/copa_edge_linux_amd64.tar.gz
- name: Load test cases for patch testing
id: load-test-envs-matrix
shell: bash
run: echo "buildkitenvs=$(.github/workflows/scripts/buildkit-env-matrix.sh)" | tee -a "${GITHUB_OUTPUT}"
outputs:
buildkitenvs: ${{ steps.load-test-envs-matrix.outputs.buildkitenvs }}
test-patch-trivy:
needs: build
name: Test patch with trivy ${{ matrix.buildkit_mode }}
runs-on: ubuntu-latest
timeout-minutes: 30
permissions: read-all
strategy:
fail-fast: false
matrix:
buildkit_mode: ${{fromJson(needs.build.outputs.buildkitenvs)}}
steps:
- name: Download copa from build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: copa_edge_linux_amd64.tar.gz
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: "1.22"
check-latest: true
- name: Install required tools
shell: bash
run: .github/workflows/scripts/download-tooling.sh
- name: Download copa from build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: copa_edge_linux_amd64.tar.gz
- name: Extract copa
shell: bash
run: |
tar xzf copa_edge_linux_amd64.tar.gz
./copa --version
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Run functional test
shell: bash
run: |
set -eu -o pipefail
. .github/workflows/scripts/buildkitenvs/${{ matrix.buildkit_mode}}
go test -v ./integration --addr="${COPA_BUILDKIT_ADDR}" --copa="$(pwd)/copa" -timeout 0 --report-file
test-patch-no-report:
needs: build
name: Test patch no report ${{ matrix.buildkit_mode }}
runs-on: ubuntu-latest
timeout-minutes: 30
permissions: read-all
strategy:
fail-fast: false
matrix:
buildkit_mode: ${{fromJson(needs.build.outputs.buildkitenvs)}}
steps:
- name: Download copa from build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: copa_edge_linux_amd64.tar.gz
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: "1.22"
check-latest: true
- name: Install required tools
shell: bash
run: .github/workflows/scripts/download-tooling.sh
- name: Download copa from build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: copa_edge_linux_amd64.tar.gz
- name: Extract copa
shell: bash
run: |
tar xzf copa_edge_linux_amd64.tar.gz
./copa --version
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Run functional test
shell: bash
run: |
set -eu -o pipefail
. .github/workflows/scripts/buildkitenvs/${{ matrix.buildkit_mode}}
go test -v ./integration --addr="${COPA_BUILDKIT_ADDR}" --copa="$(pwd)/copa" -timeout 0
test-plugin:
needs: build
name: Test plugin
runs-on: ubuntu-latest
timeout-minutes: 5
permissions: read-all
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.3.1
with:
egress-policy: audit
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: "1.22"
check-latest: true
- name: Install scanner-plugin-template
shell: bash
run: |
go install github.com/project-copacetic/scanner-plugin-template@latest
mv $(go env GOPATH)/bin/scanner-plugin-template $(go env GOPATH)/bin/copa-fake
mv $(go env GOPATH)/bin/copa-fake /usr/local/bin
- name: Install required tools
shell: bash
run: .github/workflows/scripts/download-tooling.sh
- name: Download copa from build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: copa_edge_linux_amd64.tar.gz
- name: Extract copa
shell: bash
run: |
tar xzf copa_edge_linux_amd64.tar.gz
./copa --version
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Run e2e tests
shell: bash
run: |
set -eu -o pipefail
. .github/workflows/scripts/buildkitenvs/direct/tcp
go test -v ./test/e2e --addr="${COPA_BUILDKIT_ADDR}" --copa="$(pwd)/copa" --scanner fake -timeout 0