-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into tf-err-cause
- Loading branch information
Showing
367 changed files
with
12,154 additions
and
6,013 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,6 +20,7 @@ jobs: | |
with: | ||
# cf. https://github.com/aquasecurity/trivy/pull/6711 | ||
go-version: ${{ env.GO_VERSION }} | ||
cache: false | ||
|
||
- name: Install aqua tools | ||
uses: aquaproj/[email protected] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
name: Cache test images | ||
on: | ||
schedule: | ||
- cron: "0 0 * * *" # Run this workflow every day at 00:00 to avoid cache deletion. | ||
workflow_dispatch: | ||
|
||
jobs: | ||
test-images: | ||
name: Cache test images | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code into the Go module directory | ||
uses: actions/[email protected] | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version-file: go.mod | ||
cache: false | ||
|
||
- name: Install tools | ||
uses: aquaproj/[email protected] | ||
with: | ||
aqua_version: v1.25.0 | ||
|
||
- name: Generate image list digest | ||
if: github.ref_name == 'main' | ||
id: image-digest | ||
run: | | ||
source integration/testimages.ini | ||
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) | ||
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1) | ||
echo "digest=$DIGEST" >> $GITHUB_OUTPUT | ||
## We need to work with test image cache only for main branch | ||
- name: Restore and save test images cache | ||
if: github.ref_name == 'main' | ||
uses: actions/cache@v4 | ||
with: | ||
path: integration/testdata/fixtures/images | ||
key: cache-test-images-${{ steps.image-digest.outputs.digest }} | ||
restore-keys: | ||
cache-test-images- | ||
|
||
- name: Download test images | ||
if: github.ref_name == 'main' | ||
run: mage test:fixtureContainerImages | ||
|
||
test-vm-images: | ||
name: Cache test VM images | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code into the Go module directory | ||
uses: actions/[email protected] | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version-file: go.mod | ||
cache: false | ||
|
||
- name: Install tools | ||
uses: aquaproj/[email protected] | ||
with: | ||
aqua_version: v1.25.0 | ||
|
||
- name: Generate image list digest | ||
if: github.ref_name == 'main' | ||
id: image-digest | ||
run: | | ||
source integration/testimages.ini | ||
IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES) | ||
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1) | ||
echo "digest=$DIGEST" >> $GITHUB_OUTPUT | ||
## We need to work with test VM image cache only for main branch | ||
- name: Restore and save test VM images cache | ||
if: github.ref_name == 'main' | ||
uses: actions/cache@v4 | ||
with: | ||
path: integration/testdata/fixtures/vm-images | ||
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }} | ||
restore-keys: | ||
cache-test-vm-images- | ||
|
||
- name: Download test VM images | ||
if: github.ref_name == 'main' | ||
run: mage test:fixtureVMImages |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,6 +4,11 @@ name: Publish Helm chart | |
on: | ||
workflow_dispatch: | ||
pull_request: | ||
types: | ||
- opened | ||
- synchronize | ||
- reopened | ||
- closed | ||
branches: | ||
- main | ||
paths: | ||
|
@@ -18,8 +23,10 @@ env: | |
KIND_VERSION: "v0.14.0" | ||
KIND_IMAGE: "kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae" | ||
jobs: | ||
# `test-chart` job starts if a PR with Helm Chart is created, merged etc. | ||
test-chart: | ||
runs-on: ubuntu-20.04 | ||
if: github.event_name != 'push' | ||
runs-on: ubuntu-24.04 | ||
steps: | ||
- name: Checkout | ||
uses: actions/[email protected] | ||
|
@@ -28,11 +35,12 @@ jobs: | |
- name: Install Helm | ||
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 | ||
with: | ||
version: v3.5.0 | ||
version: v3.14.4 | ||
- name: Set up python | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: 3.7 | ||
python-version: '3.x' | ||
check-latest: true | ||
- name: Setup Chart Linting | ||
id: lint | ||
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 | ||
|
@@ -48,11 +56,39 @@ jobs: | |
sed -i -e '136s,false,'true',g' ./helm/trivy/values.yaml | ||
ct lint-and-install --validate-maintainers=false --charts helm/trivy | ||
# `update-chart-version` job starts if a new tag is pushed | ||
update-chart-version: | ||
if: github.event_name == 'push' | ||
runs-on: ubuntu-24.04 | ||
steps: | ||
- name: Checkout | ||
uses: actions/[email protected] | ||
with: | ||
fetch-depth: 0 | ||
- name: Set up Git user | ||
run: | | ||
git config --global user.email "[email protected]" | ||
git config --global user.name "GitHub Actions" | ||
- name: Install tools | ||
uses: aquaproj/[email protected] | ||
with: | ||
aqua_version: v1.25.0 | ||
aqua_opts: "" | ||
|
||
- name: Create a PR with Trivy version | ||
run: mage helm:updateVersion | ||
env: | ||
# Use ORG_REPO_TOKEN instead of GITHUB_TOKEN | ||
# This allows the created PR to trigger tests and other workflows | ||
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }} | ||
|
||
# `publish-chart` job starts if a PR with a new Helm Chart is merged or manually | ||
publish-chart: | ||
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | ||
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' | ||
needs: | ||
- test-chart | ||
runs-on: ubuntu-20.04 | ||
runs-on: ubuntu-24.04 | ||
steps: | ||
- name: Checkout | ||
uses: actions/[email protected] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,7 @@ on: | |
- 'mkdocs.yml' | ||
- 'LICENSE' | ||
- '.release-please-manifest.json' ## don't run tests for release-please PRs | ||
- 'helm/trivy/Chart.yaml' | ||
merge_group: | ||
workflow_dispatch: | ||
|
||
|
@@ -26,6 +27,8 @@ jobs: | |
uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ env.GO_VERSION }} | ||
cache: false | ||
|
||
- name: go mod tidy | ||
run: | | ||
go mod tidy | ||
|
@@ -37,9 +40,9 @@ jobs: | |
|
||
- name: Lint | ||
id: lint | ||
uses: golangci/golangci-lint-action@v6.0.1 | ||
uses: golangci/golangci-lint-action@v6.1.1 | ||
with: | ||
version: v1.59 | ||
version: v1.61 | ||
args: --verbose --out-format=line-number | ||
if: matrix.operating-system == 'ubuntu-latest' | ||
|
||
|
@@ -78,6 +81,7 @@ jobs: | |
uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ env.GO_VERSION }} | ||
cache: false | ||
|
||
- name: Install tools | ||
uses: aquaproj/[email protected] | ||
|
@@ -87,13 +91,13 @@ jobs: | |
- name: Generate image list digest | ||
id: image-digest | ||
run: | | ||
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images) | ||
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) | ||
source integration/testimages.ini | ||
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) | ||
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1) | ||
echo "digest=$DIGEST" >> $GITHUB_OUTPUT | ||
- name: Restore test images from cache | ||
uses: actions/cache@v4 | ||
id: restore-test-images | ||
uses: actions/cache/restore@v4 | ||
with: | ||
path: integration/testdata/fixtures/images | ||
key: cache-test-images-${{ steps.image-digest.outputs.digest }} | ||
|
@@ -114,6 +118,7 @@ jobs: | |
uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ env.GO_VERSION }} | ||
cache: false | ||
|
||
- name: Install tools | ||
uses: aquaproj/[email protected] | ||
|
@@ -134,6 +139,7 @@ jobs: | |
uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ env.GO_VERSION }} | ||
cache: false | ||
|
||
- name: Install tools | ||
uses: aquaproj/[email protected] | ||
|
@@ -143,13 +149,13 @@ jobs: | |
- name: Generate image list digest | ||
id: image-digest | ||
run: | | ||
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images) | ||
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) | ||
source integration/testimages.ini | ||
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) | ||
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1) | ||
echo "digest=$DIGEST" >> $GITHUB_OUTPUT | ||
- name: Restore test images from cache | ||
uses: actions/cache@v4 | ||
id: restore-test-images | ||
uses: actions/cache/restore@v4 | ||
with: | ||
path: integration/testdata/fixtures/images | ||
key: cache-test-images-${{ steps.image-digest.outputs.digest }} | ||
|
@@ -172,6 +178,8 @@ jobs: | |
uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ env.GO_VERSION }} | ||
cache: false | ||
|
||
- name: Install tools | ||
uses: aquaproj/[email protected] | ||
with: | ||
|
@@ -180,13 +188,13 @@ jobs: | |
- name: Generate image list digest | ||
id: image-digest | ||
run: | | ||
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images) | ||
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) | ||
source integration/testimages.ini | ||
IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES) | ||
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1) | ||
echo "digest=$DIGEST" >> $GITHUB_OUTPUT | ||
- name: Restore test VM images from cache | ||
uses: actions/cache@v4 | ||
id: restore-test-vm-images | ||
uses: actions/cache/restore@v4 | ||
with: | ||
path: integration/testdata/fixtures/vm-images | ||
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }} | ||
|
@@ -213,6 +221,7 @@ jobs: | |
uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ env.GO_VERSION }} | ||
cache: false | ||
|
||
- name: Determine GoReleaser ID | ||
id: goreleaser_id | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -39,3 +39,6 @@ dist | |
# Signing | ||
gpg.key | ||
cmd/trivy/trivy | ||
|
||
# RPM | ||
*.rpm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
{".":"0.55.0"} | ||
{".":"0.57.0"} |
Oops, something went wrong.