Skip to content

feat: handle distroless for upgrade all packages #1501

feat: handle distroless for upgrade all packages

feat: handle distroless for upgrade all packages #1501

Workflow file for this run

name: "[Blocking] Build"
on:
push:
branches:
- main
- release-*
tags:
- v*
paths-ignore:
- "**.md"
- "website/**"
- "docs/**"
- "demo/**"
pull_request:
branches:
- main
- release-*
paths-ignore:
- "**.md"
- "website/**"
- "docs/**"
- "demo/**"
workflow_dispatch:
env:
TRIVY_VERSION: 0.44.0
BUILDKIT_VERSION: 0.12.0
jobs:
unit-test:
name: Unit Test
runs-on: ubuntu-latest
timeout-minutes: 5
permissions: read-all
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.3.1
with:
egress-policy: audit
- name: Check out code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: "1.22"
check-latest: true
- name: Unit test
shell: bash
env:
CODECOV_OPTS: "-coverprofile=coverage.txt -covermode=atomic"
run: make test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
build:
name: Build
runs-on: ${{ matrix.os }}
timeout-minutes: 5
permissions:
packages: write
contents: read
strategy:
matrix:
os: [ubuntu-latest]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.3.1
with:
egress-policy: audit
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: "1.22"
check-latest: true
- name: Build copa
shell: bash
run: |
make build
make archive
- name: Upload copa to build artifacts
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: copa_edge_linux_amd64.tar.gz
path: dist/linux_amd64/release/copa_edge_linux_amd64.tar.gz
- name: Load test cases for patch testing
id: load-test-envs-matrix
shell: bash
run: echo "buildkitenvs=$(.github/workflows/scripts/buildkit-env-matrix.sh)" | tee -a "${GITHUB_OUTPUT}"
outputs:
buildkitenvs: ${{ steps.load-test-envs-matrix.outputs.buildkitenvs }}
test-patch-trivy:
needs: build
name: Test patch with trivy ${{ matrix.buildkit_mode }}
runs-on: ubuntu-latest
timeout-minutes: 30
permissions: read-all
strategy:
fail-fast: false
matrix:
buildkit_mode: ${{fromJson(needs.build.outputs.buildkitenvs)}}
steps:
- name: Download copa from build artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: copa_edge_linux_amd64.tar.gz
- name: Check out code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: "1.22"
check-latest: true
- name: Install required tools
shell: bash
run: .github/workflows/scripts/download-tooling.sh
- name: Download copa from build artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: copa_edge_linux_amd64.tar.gz
- name: Extract copa
shell: bash
run: |
tar xzf copa_edge_linux_amd64.tar.gz
./copa --version
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Run functional test
shell: bash
run: |
set -eu -o pipefail
. .github/workflows/scripts/buildkitenvs/${{ matrix.buildkit_mode}}
go test -v ./integration --addr="${COPA_BUILDKIT_ADDR}" --copa="$(pwd)/copa" -timeout 0 --report-file
test-patch-no-report:
needs: build
name: Test patch no report ${{ matrix.buildkit_mode }}
runs-on: ubuntu-latest
timeout-minutes: 30
permissions: read-all
strategy:
fail-fast: false
matrix:
buildkit_mode: ${{fromJson(needs.build.outputs.buildkitenvs)}}
steps:
- name: Download copa from build artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: copa_edge_linux_amd64.tar.gz
- name: Check out code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: "1.22"
check-latest: true
- name: Install required tools
shell: bash
run: .github/workflows/scripts/download-tooling.sh
- name: Download copa from build artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: copa_edge_linux_amd64.tar.gz
- name: Extract copa
shell: bash
run: |
tar xzf copa_edge_linux_amd64.tar.gz
./copa --version
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Run functional test
shell: bash
run: |
set -eu -o pipefail
. .github/workflows/scripts/buildkitenvs/${{ matrix.buildkit_mode}}
go test -v ./integration --addr="${COPA_BUILDKIT_ADDR}" --copa="$(pwd)/copa" -timeout 0
test-plugin:
needs: build
name: Test plugin
runs-on: ubuntu-latest
timeout-minutes: 5
permissions: read-all
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.3.1
with:
egress-policy: audit
- name: Check out code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: "1.22"
check-latest: true
- name: Install scanner-plugin-template
shell: bash
run: |
go install github.com/project-copacetic/scanner-plugin-template@latest
mv $(go env GOPATH)/bin/scanner-plugin-template $(go env GOPATH)/bin/copa-fake
mv $(go env GOPATH)/bin/copa-fake /usr/local/bin
- name: Install required tools
shell: bash
run: .github/workflows/scripts/download-tooling.sh
- name: Download copa from build artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: copa_edge_linux_amd64.tar.gz
- name: Extract copa
shell: bash
run: |
tar xzf copa_edge_linux_amd64.tar.gz
./copa --version
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Run e2e tests
shell: bash
run: |
set -eu -o pipefail
. .github/workflows/scripts/buildkitenvs/direct/tcp
go test -v ./test/e2e --addr="${COPA_BUILDKIT_ADDR}" --copa="$(pwd)/copa" --scanner fake -timeout 0