This repository has been archived by the owner on Oct 9, 2024. It is now read-only.
fix(deps): update module github.com/overmindtech/sdp-go to v0.95.0 #417
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test & Build | |
on: push | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: 1.x | |
check-latest: true | |
- name: Get dependencies | |
run: | | |
go get -v -t -d ./... | |
- name: Vet | |
run: go vet ./... | |
# get .golangci.yml from github.com/overmindtech/golangci-lint_config | |
- name: Get .golangci.yml from github.com/overmindtech/golangci-lint_configs | |
run: | | |
curl -sfL https://raw.githubusercontent.com/overmindtech/golangci-lint_config/main/.golangci.yml -o .golangci.yml | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: v1.60.1 | |
args: --timeout 3m | |
skip-cache: true # the linters require all code generation and dependecies to be present, but the cache implementation completely falls over when there is already existing content. See https://github.com/golangci/golangci-lint-action/issues/23, https://github.com/golangci/golangci-lint-action/issues/863, https://github.com/golangci/golangci-lint-action/issues/984 | |
- name: Test | |
run: go test ./... | |
scan-container: | |
name: Scan Container | |
runs-on: depot-ubuntu-24.04 | |
# this is for container scanning with aws inspector | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout@v2 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # also fetch tags and branches for `git describe` | |
- uses: depot/setup-action@v1 | |
- name: Build Docker image | |
uses: depot/build-push-action@v1 | |
with: | |
project: xnsnw3m20t | |
context: . | |
file: "build/package/Dockerfile" | |
push: false | |
tags: app:latest | |
load: true | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: "eu-west-2" | |
role-to-assume: "${{ secrets.AWS_INSPECTOR_ROLE }}" | |
- name: Invoke Amazon Inspector Scan | |
id: inspector | |
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@main | |
with: | |
artifact_type: 'container' | |
artifact_path: 'app:latest' | |
display_vulnerability_findings: "enabled" | |
sbomgen_version: "latest" | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} | |
needs: | |
- test | |
- scan-container | |
permissions: | |
contents: read # required for checkout | |
id-token: write # mint AWS credentials through OIDC | |
packages: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- dockerfile: Dockerfile | |
image_name: source-template | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/overmindtech/${{ matrix.image_name }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
id: setup-builder | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push | |
id: push | |
uses: docker/build-push-action@v5 | |
with: | |
builder: ${{ steps.setup-builder.outputs.name }} | |
context: . | |
sbom: true | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
file: build/package/${{ matrix.dockerfile }} | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |