Skip to content

fix: add has2be.CertificateSignedRequest to callmaker actions #71

fix: add has2be.CertificateSignedRequest to callmaker actions

fix: add has2be.CertificateSignedRequest to callmaker actions #71

Workflow file for this run

name: Manager
on:
push:
branches: [ '*' ]
paths:
- "manager/**"
- ".github/workflows/manager.yml"
env:
SERVICE: manager
jobs:
build:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./${{env.SERVICE}}
steps:
- uses: actions/checkout@v3
- name: Setup Go environment
uses: actions/[email protected]
with:
# Path to the go.mod or go.work file.
go-version-file: ${{env.SERVICE}}/go.mod
# Set this option to true if you want the action to always check for the latest available version that satisfies the version spec
check-latest: false
# Used to specify whether caching is needed. Set to true, if you'd like to enable caching.
cache: true
# Used to specify the path to a dependency file - go.sum
cache-dependency-path: ${{env.SERVICE}}/go.sum
- name: Run Gosec Security Scanner
run: |
go install github.com/securego/gosec/v2/cmd/gosec@latest
gosec ./...
- name: Test & Coverage
run: |
go test ./... -coverprofile=coverage.out
go tool cover -html=coverage.out -o cover.html
# Temporarily disable integration test: https://github.com/moby/moby/issues/45935
# go test ./store/... --tags=integration
- uses: actions/upload-artifact@v3
with:
name: code-coverage
path: ${{env.SERVICE}}/cover.html
- name: Build the Docker image
run: |
docker build . \
--file Dockerfile \
--tag ${{env.SERVICE}}:${{ github.sha }} \
--build-arg TARGETARCH=amd64
env:
DOCKER_BUILDKIT: 1
- name: Run Trivy container vulnerability scan
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{env.SERVICE}}:${{ github.sha }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'