chore(deps): bump golang.org/x/term from 0.27.0 to 0.28.0 in the security group #132
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-checks | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.23" | |
| - name: setup env | |
| run: | | |
| echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV | |
| echo "$(go env GOPATH)/bin" >> $GITHUB_PATH | |
| shell: bash | |
| - uses: actions/checkout@v4 | |
| - run: | | |
| make install-golangci-lint | |
| echo "golangci-lint path: $(which golangci-lint)" | |
| make lint build | |
| test: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.23" | |
| - name: setup env | |
| run: | | |
| echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV | |
| echo "$(go env GOPATH)/bin" >> $GITHUB_PATH | |
| shell: bash | |
| - uses: actions/checkout@v4 | |
| - run: make ginkgo test | |
| scan: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner in repo mode | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| ignore-unfixed: true | |
| format: 'sarif' | |
| exit-code: '1' | |
| scanners: 'vuln' | |
| output: 'trivy-results.sarif' | |
| severity: 'HIGH,CRITICAL' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| # summary jobs, these jobs will only run if all the other jobs have succeeded | |
| validate-pr-tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - test | |
| - scan | |
| steps: | |
| - run: echo "All PR tests passed" | |
| # this job will validate that the validation did not fail and that all pr-tests succeed | |
| # it is used for the github branch protection rule | |
| validate-success: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - validate-pr-tests | |
| if: always() | |
| steps: | |
| # https://docs.github.com/en/actions/learn-github-actions/contexts#needs-context | |
| # if the validate-pr-tests job was not successful, this job will fail | |
| - name: fail if validate-pr-tests job was not successful | |
| if: needs.validate-pr-tests.result != 'success' | |
| run: exit 1 | |
| # if the validate-pr-tests job was successful, this job will succeed | |
| - name: succeed if validate-pr-tests job succeeded | |
| if: needs.validate-pr-tests.result == 'success' | |
| run: echo "Validation succeeded" |