-
Notifications
You must be signed in to change notification settings - Fork 94
133 lines (114 loc) · 3.59 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: build-pipeline
on:
pull_request:
branches: [master]
types: [opened, synchronize, reopened]
jobs:
pre-checks:
runs-on: ubuntu-latest
steps:
# Install golang
- uses: actions/setup-go@v2
with:
go-version: 1.22
# Checkout to the latest commit
# On specific directory/path
- name: Checkout
uses: actions/checkout@v2
- name: gofmt check
run: make gofmt-check
- name: golangci-lint
uses: reviewdog/action-golangci-lint@v2
- name: unused-package check
run: make unused-package-check
trivy:
needs: pre-checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Build an image from Dockerfile
run: |
docker build -f build/Dockerfile -t docker.io/litmuschaos/chaos-operator:${{ github.sha }} . --build-arg TARGETPLATFORM=linux/amd64
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/litmuschaos/chaos-operator:${{ github.sha }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
gitleaks-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Run GitLeaks
run: |
wget https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz && \
tar -zxvf gitleaks_8.18.2_linux_x64.tar.gz && \
sudo mv gitleaks /usr/local/bin && gitleaks detect --source . -v
image-build:
runs-on: ubuntu-latest
needs: pre-checks
steps:
# Checkout to the latest commit
# On specific directory/path
- name: Checkout
uses: actions/checkout@v2
- name: Build Docker Image
env:
DOCKER_REPO: litmuschaos
DOCKER_IMAGE: chaos-operator
DOCKER_TAG: ci
run: |
make build-amd64
docker save -o ${{ github.workspace }}/image.tar litmuschaos/chaos-operator:ci
chmod +x ${{ github.workspace }}/image.tar
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: myimage
path: |
${{ github.workspace }}/image.tar
tests:
runs-on: ubuntu-latest
needs: image-build
steps:
# Install golang
- uses: actions/setup-go@v2
with:
go-version: 1.22
# Checkout to the latest commit
# On specific directory/path
- name: Checkout
uses: actions/checkout@v2
#Install and configure a kind cluster
- name: Installing Prerequisites (K3S Cluster)
env:
KUBECONFIG: /etc/rancher/k3s/k3s.yaml
run: |
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.20.14-rc1+k3s1 sh -s - --docker --write-kubeconfig-mode 664
kubectl wait node --all --for condition=ready --timeout=90s
mkdir -p $HOME/.kube
cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
kubectl get nodes
- name: Dependency checks
run: |
make deps
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: myimage
path: ${{ github.workspace }}
- name: Load Docker image
run: |
docker load --input ${{ github.workspace }}/image.tar
shell: bash
- name: Running Go BDD Test
run: |
go mod tidy
make test