improve trivy operator slack template (#597) #59
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- "*" | |
workflow_dispatch: | |
env: | |
GO_VERSION: "1.18" | |
jobs: | |
tests: | |
name: Run Tests | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Build | |
run: make build | |
- name: Run Unit tests | |
run: | | |
make test | |
- name: Run Integration Tests | |
run: make test-integration | |
- name: Run Trivy vulnerability scanner in repo mode | |
uses: aquasecurity/[email protected] | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
format: 'sarif' | |
severity: 'CRITICAL' | |
exit-code: 0 | |
- name: Run Trivy vulnerability scanner against Aqua Cloud | |
uses: aquasecurity/[email protected] | |
with: | |
scan-type: 'fs' | |
hide-progress: true | |
format: 'table' | |
security-checks: 'vuln,config' | |
env: | |
AQUA_KEY: ${{ secrets.AQUA_KEY }} | |
AQUA_SECRET: ${{ secrets.AQUA_SECRET }} | |
TRIVY_RUN_AS_PLUGIN: 'aqua' | |
release: | |
name: Release | |
needs: | |
- tests | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to ECR | |
uses: docker/login-action@v2 | |
with: | |
registry: public.ecr.aws | |
username: ${{ secrets.ECR_ACCESS_KEY_ID }} | |
password: ${{ secrets.ECR_SECRET_ACCESS_KEY }} | |
- name: Release | |
uses: goreleaser/goreleaser-action@v4 | |
with: | |
version: ~> 0.180 | |
args: release --rm-dist | |
workdir: . | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log out from docker.io and ECR registries | |
if: ${{ always() }} | |
run: | | |
docker logout docker.io | |
docker logout public.ecr.aws |