Skip to content

Commit

Permalink
Merge branch 'main' into tf-err-cause
Browse files Browse the repository at this point in the history
  • Loading branch information
simar7 committed Nov 23, 2024
2 parents 4d4da05 + de3b7ea commit 5a0f50d
Show file tree
Hide file tree
Showing 367 changed files with 12,154 additions and 6,013 deletions.
1 change: 1 addition & 0 deletions .github/workflows/auto-update-labels.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ jobs:
with:
# cf. https://github.com/aquasecurity/trivy/pull/6711
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install aqua tools
uses: aquaproj/[email protected]
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/bypass-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,15 @@ on:
- 'mkdocs.yml'
- 'LICENSE'
- '.release-please-manifest.json'
- 'helm/trivy/Chart.yaml'
pull_request:
paths:
- '**.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
- '.release-please-manifest.json'
- 'helm/trivy/Chart.yaml'
jobs:
test:
name: Test
Expand Down
88 changes: 88 additions & 0 deletions .github/workflows/cache-test-images.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: Cache test images
on:
schedule:
- cron: "0 0 * * *" # Run this workflow every day at 00:00 to avoid cache deletion.
workflow_dispatch:

jobs:
test-images:
name: Cache test images
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false

- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0

- name: Generate image list digest
if: github.ref_name == 'main'
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
## We need to work with test image cache only for main branch
- name: Restore and save test images cache
if: github.ref_name == 'main'
uses: actions/cache@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-images-

- name: Download test images
if: github.ref_name == 'main'
run: mage test:fixtureContainerImages

test-vm-images:
name: Cache test VM images
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false

- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0

- name: Generate image list digest
if: github.ref_name == 'main'
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
## We need to work with test VM image cache only for main branch
- name: Restore and save test VM images cache
if: github.ref_name == 'main'
uses: actions/cache@v4
with:
path: integration/testdata/fixtures/vm-images
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-vm-images-

- name: Download test VM images
if: github.ref_name == 'main'
run: mage test:fixtureVMImages
2 changes: 1 addition & 1 deletion .github/workflows/mkdocs-dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git@9.5.44-insiders-4.53.14
pip install -r docs/build/requirements.txt
env:
GH_TOKEN: ${{ secrets.MKDOCS_AQUA_BOT }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/mkdocs-latest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git@9.5.44-insiders-4.53.14
pip install -r docs/build/requirements.txt
env:
GH_TOKEN: ${{ secrets.MKDOCS_AQUA_BOT }}
Expand Down
46 changes: 41 additions & 5 deletions .github/workflows/publish-chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ name: Publish Helm chart
on:
workflow_dispatch:
pull_request:
types:
- opened
- synchronize
- reopened
- closed
branches:
- main
paths:
Expand All @@ -18,8 +23,10 @@ env:
KIND_VERSION: "v0.14.0"
KIND_IMAGE: "kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae"
jobs:
# `test-chart` job starts if a PR with Helm Chart is created, merged etc.
test-chart:
runs-on: ubuntu-20.04
if: github.event_name != 'push'
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/[email protected]
Expand All @@ -28,11 +35,12 @@ jobs:
- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with:
version: v3.5.0
version: v3.14.4
- name: Set up python
uses: actions/setup-python@v5
with:
python-version: 3.7
python-version: '3.x'
check-latest: true
- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992
Expand All @@ -48,11 +56,39 @@ jobs:
sed -i -e '136s,false,'true',g' ./helm/trivy/values.yaml
ct lint-and-install --validate-maintainers=false --charts helm/trivy
# `update-chart-version` job starts if a new tag is pushed
update-chart-version:
if: github.event_name == 'push'
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/[email protected]
with:
fetch-depth: 0
- name: Set up Git user
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0
aqua_opts: ""

- name: Create a PR with Trivy version
run: mage helm:updateVersion
env:
# Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
# This allows the created PR to trigger tests and other workflows
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}

# `publish-chart` job starts if a PR with a new Helm Chart is merged or manually
publish-chart:
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
needs:
- test-chart
runs-on: ubuntu-20.04
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/[email protected]
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/reusable-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
contents: read # Not required for public repositories, but for clarity
steps:
- name: Cosign install
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
Expand Down
37 changes: 23 additions & 14 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ on:
- 'mkdocs.yml'
- 'LICENSE'
- '.release-please-manifest.json' ## don't run tests for release-please PRs
- 'helm/trivy/Chart.yaml'
merge_group:
workflow_dispatch:

Expand All @@ -26,6 +27,8 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: go mod tidy
run: |
go mod tidy
Expand All @@ -37,9 +40,9 @@ jobs:

- name: Lint
id: lint
uses: golangci/golangci-lint-action@v6.0.1
uses: golangci/golangci-lint-action@v6.1.1
with:
version: v1.59
version: v1.61
args: --verbose --out-format=line-number
if: matrix.operating-system == 'ubuntu-latest'

Expand Down Expand Up @@ -78,6 +81,7 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install tools
uses: aquaproj/[email protected]
Expand All @@ -87,13 +91,13 @@ jobs:
- name: Generate image list digest
id: image-digest
run: |
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Restore test images from cache
uses: actions/cache@v4
id: restore-test-images
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
Expand All @@ -114,6 +118,7 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install tools
uses: aquaproj/[email protected]
Expand All @@ -134,6 +139,7 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install tools
uses: aquaproj/[email protected]
Expand All @@ -143,13 +149,13 @@ jobs:
- name: Generate image list digest
id: image-digest
run: |
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Restore test images from cache
uses: actions/cache@v4
id: restore-test-images
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
Expand All @@ -172,6 +178,8 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install tools
uses: aquaproj/[email protected]
with:
Expand All @@ -180,13 +188,13 @@ jobs:
- name: Generate image list digest
id: image-digest
run: |
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images)
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Restore test VM images from cache
uses: actions/cache@v4
id: restore-test-vm-images
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/vm-images
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
Expand All @@ -213,6 +221,7 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Determine GoReleaser ID
id: goreleaser_id
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,6 @@ dist
# Signing
gpg.key
cmd/trivy/trivy

# RPM
*.rpm
2 changes: 2 additions & 0 deletions .golangci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ linters-settings:
excludes:
- G101
- G114
- G115
- G204
- G304
- G402
Expand Down Expand Up @@ -105,6 +106,7 @@ linters:
- typecheck
- unconvert
- unused
- usestdlibvars

run:
go: '1.22'
Expand Down
2 changes: 1 addition & 1 deletion .release-please-manifest.json
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{".":"0.55.0"}
{".":"0.57.0"}
Loading

0 comments on commit 5a0f50d

Please sign in to comment.