chore(deps): bump github/codeql-action from 1 to 3 #263
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: pull_request | |
name: PR Checks | |
jobs: | |
golanglint: | |
name: golang lint | |
runs-on: ubuntu-latest | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
uses: reviewdog/action-golangci-lint@v2 | |
with: | |
reporter: github-pr-review | |
golangci_lint_flags: "./healthcheck" | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
dockerfilelint: | |
name: dockerfile lint | |
runs-on: ubuntu-latest | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
name: hadolint | |
uses: burdzwastaken/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HADOLINT_ACTION_DOCKERFILE_FOLDER: . | |
dockerbuild: | |
name: docker build | |
runs-on: ubuntu-latest | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
name: extract tag | |
id: vars | |
run: echo ::set-output name=redis_version::$(grep '^FROM redis' Dockerfile | cut -d ' ' -f 2 | cut -d ':' -f 2) | |
- | |
name: docker build | |
run: docker build . --file Dockerfile --tag image:${{ steps.vars.outputs.redis_version }} | |
- | |
name: save docker image for cache | |
run: mkdir -p image/ && docker save -o image/image.tar image:${{ steps.vars.outputs.redis_version }} | |
- | |
name: cache docker image | |
uses: actions/[email protected] | |
with: | |
path: image/ | |
key: ${{ runner.os }}-docker-${{ github.sha }} | |
dockerscan: | |
name: docker security scan | |
runs-on: ubuntu-latest | |
needs: dockerbuild | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
name: extract tag | |
id: vars | |
run: echo ::set-output name=redis_version::$(grep '^FROM redis' Dockerfile | cut -d ' ' -f 2 | cut -d ':' -f 2) | |
- | |
name: load cached docker image | |
uses: actions/[email protected] | |
with: | |
path: image/ | |
key: ${{ runner.os }}-docker-${{ github.sha }} | |
- | |
name: load cached docker container | |
run: docker load -i image/image.tar | |
- | |
name: cached scan db | |
uses: actions/[email protected] | |
with: | |
path: vulndb/ | |
key: trivy-vulndb | |
- | |
name: Run vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: image:${{ steps.vars.outputs.redis_version }} | |
format: table | |
exit-code: 1 | |
ignore-unfixed: true | |
severity: 'CRITICAL,HIGH' | |
goscan: | |
name: Go Scan | |
runs-on: ubuntu-latest | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: go | |
- | |
name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |