CSU-2183: Fix CVE-2024-37307 #368
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-22.04 | |
if: ${{ github.event.head_commit.message != '[Release] Update Chart.yaml' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Get merge request latest commit | |
id: parse-commit | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
msg=$(git show -s --format=%s) | |
echo "head_commit_message=${msg}" >> $GITHUB_ENV | |
- name: Setup Go 1.21 | |
uses: actions/setup-go@v2 | |
with: | |
go-version: "1.21" | |
- name: Cache Go modules | |
uses: actions/cache@v2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-build-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-build- | |
- name: Build egressd collector go binary amd64 | |
run: go build -ldflags "-s -w -X main.GitCommit=$GITHUB_SHA -X main.GitRef=$GITHUB_REF -X main.Version=${RELEASE_TAG:-commit-$GITHUB_SHA}" -o bin/egressd-amd64 ./cmd/collector | |
env: | |
GOOS: linux | |
GOARCH: amd64 | |
CGO_ENABLED: 0 | |
- name: Build egressd collector go binary arm64 | |
run: go build -ldflags "-s -w -X main.GitCommit=$GITHUB_SHA -X main.GitRef=$GITHUB_REF -X main.Version=${RELEASE_TAG:-commit-$GITHUB_SHA}" -o bin/egressd-arm64 ./cmd/collector | |
env: | |
GOOS: linux | |
GOARCH: arm64 | |
CGO_ENABLED: 0 | |
- name: Build egressd exporter go binary amd64 | |
run: go build -ldflags "-s -w -X main.GitCommit=$GITHUB_SHA -X main.GitRef=$GITHUB_REF -X main.Version=${RELEASE_TAG:-commit-$GITHUB_SHA}" -o bin/egressd-exporter-amd64 ./cmd/exporter | |
env: | |
GOOS: linux | |
GOARCH: amd64 | |
CGO_ENABLED: 0 | |
- name: Build egressd exporter go binary arm64 | |
run: go build -ldflags "-s -w -X main.GitCommit=$GITHUB_SHA -X main.GitRef=$GITHUB_REF -X main.Version=${RELEASE_TAG:-commit-$GITHUB_SHA}" -o bin/egressd-exporter-arm64 ./cmd/exporter | |
env: | |
GOOS: linux | |
GOARCH: arm64 | |
CGO_ENABLED: 0 | |
- name: Run golangci-lint | |
# You may pin to the exact commit or the version. | |
# uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc | |
if: ${{ github.event_name == 'pull_request' && !contains(env.head_commit_message, '#skip-lint') }} | |
uses: golangci/[email protected] | |
with: | |
args: --timeout=5m | |
skip-pkg-cache: true | |
skip-build-cache: true | |
version: v1.58.2 | |
- name: Test | |
if: ${{ github.event_name == 'pull_request' && !contains(env.head_commit_message, '#skip-test') }} | |
run: go test -race ./... | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push pr (egressd collector) | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/arm64,linux/amd64 | |
file: ./Dockerfile | |
push: ${{ github.event_name == 'pull_request' }} | |
tags: ghcr.io/castai/egressd/egressd:${{ github.sha }} | |
- name: Build and push pr (egressd exporter) | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/arm64,linux/amd64 | |
file: ./Dockerfile.exporter | |
push: ${{ github.event_name == 'pull_request' }} | |
tags: ghcr.io/castai/egressd/egressd-exporter:${{ github.sha }} | |
- name: Build and push main (egressd collector) | |
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release' }} | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/arm64,linux/amd64 | |
file: ./Dockerfile | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ghcr.io/castai/egressd/egressd:${{ github.sha }} | |
- name: Build and push main (egressd exporter) | |
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release' }} | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/arm64,linux/amd64 | |
file: ./Dockerfile.exporter | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ghcr.io/castai/egressd/egressd-exporter:${{ github.sha }} | |
e2e: | |
name: E2E | |
runs-on: ubuntu-22.04 | |
if: ${{ github.event_name == 'pull_request' }} | |
needs: build | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Go 1.21 | |
uses: actions/setup-go@v2 | |
with: | |
go-version: "1.21" | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create kind cluster | |
uses: helm/[email protected] | |
with: | |
config: ./e2e/kind-config.yaml | |
version: "v0.20.0" | |
cluster_name: e2e | |
- name: Run e2e | |
shell: bash | |
run: | | |
KIND_CONTEXT=e2e IMAGE_TAG=${{ github.sha }} ./e2e/run.sh |