Skip to content

build(deps): bump golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.16.0 #337

build(deps): bump golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.16.0

build(deps): bump golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.16.0 #337

Workflow file for this run

name: build
on:
push:
branches:
- main
pull_request:
env:
GO_VERSION: '1.19'
permissions:
actions: none
checks: none
contents: none
deployments: none
id-token: none
issues: none
discussions: none
packages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none
jobs:
macos:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
with:
go-version: ${{ env.GO_VERSION }}
- run: make test-unit
- run: make verify-go-lint
nix:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@daddc62a2e67d1decb56e028c9fa68344b9b7c2a
- uses: cachix/cachix-action@75d46f58e6608ffed5276b4aa8de78d300911526
with:
name: security-profiles-operator
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
pushFilter: security-profiles-operator
- run: make nix nix-arm64
bpf-btf:
runs-on: ubuntu-22.04
steps:
- uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@daddc62a2e67d1decb56e028c9fa68344b9b7c2a
- uses: cachix/cachix-action@75d46f58e6608ffed5276b4aa8de78d300911526
with:
name: security-profiles-operator
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
pushFilter: security-profiles-operator
- run: make verify-bpf
- run: make verify-btf
build-image:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325
- name: Login to Quay
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
with:
registry: quay.io/security-profiles-operator
username: security-profiles-operator+github
password: ${{ secrets.QUAY_TOKEN }}
if: github.ref == 'refs/heads/main'
- name: Image metadata
id: meta
uses: docker/metadata-action@v4
with:
images: |
quay.io/security-profiles-operator/build
tags: |
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
type=sha,format=long
- name: Build (and push if needed)
uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5
with:
context: .
file: Dockerfile.build-image
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: ${{ github.ref == 'refs/heads/main' }}
# Only load on PR builds
load: ${{ github.ref != 'refs/heads/main' }}
- name: Run container image vulnerability scanner
uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
with:
image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
format: 'table'
# TODO(jaosorior): Fix this once we bump the NixOS dependencies.
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
timeout: 10m
operator-image:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325
- name: Login to Quay
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
with:
registry: quay.io/security-profiles-operator
username: security-profiles-operator+github
password: ${{ secrets.QUAY_TOKEN }}
if: github.ref == 'refs/heads/main'
- name: Image metadata
id: meta
uses: docker/metadata-action@v4
with:
images: |
quay.io/security-profiles-operator/spo
tags: |
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
type=sha,format=long
- name: Build
uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5
with:
context: .
file: Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
load: true
- name: Run container image vulnerability scanner
uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
with:
image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
ubi-image:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325
- name: Login to Quay
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
with:
registry: quay.io/security-profiles-operator
username: security-profiles-operator+github
password: ${{ secrets.QUAY_TOKEN }}
if: github.ref == 'refs/heads/main'
- name: Image metadata
id: meta
uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a
with:
images: |
quay.io/security-profiles-operator/build
flavor: |
suffix=-ubi
tags: |
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
type=sha,format=long
# TODO(jaosorior): Push UBI image too
- name: Build
uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5
with:
context: .
file: Dockerfile.ubi
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
load: true
- name: Run container image vulnerability scanner
uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
with:
image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'