fix: scan branch failed when source type is gitsource (#1024) #1346
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
# Need GitHub secret: DOCKER_HUB_USER, DOCKER_HUB_SECRETS, GHCR_TOKEN | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- 'v*.*.*' | |
paths-ignore: | |
- "**.md" | |
- "LICENSE" | |
- "docs/**" | |
- ".devcontainer/**" | |
- "*.ya?ml" # ignore all yaml files(with suffix yaml or yml) in the root of the repository | |
- "!codecov.yml" | |
- "!.golangci.yml" | |
- "!config/**" | |
- "OWNERS" | |
- "PROJECT" | |
jobs: | |
BuildController: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Docker meta for kubesphere | |
id: meta | |
if: github.repository_owner == 'kubesphere' | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
kubespheredev/devops-controller | |
ghcr.io/${{ github.repository_owner }}/devops-controller | |
tags: | | |
type=schedule | |
type=ref,event=branch,suffix=-{{sha}} | |
type=ref,event=pr,suffix=-{{sha}} | |
type=semver,pattern={{version}},prefix=v | |
- name: Docker meta for Contributors | |
id: metaContributors | |
if: github.repository_owner != 'kubesphere' | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
ghcr.io/${{ github.repository_owner }}/devops-controller | |
tags: | | |
type=schedule | |
type=ref,event=branch,suffix=-{{sha}} | |
type=ref,event=pr,suffix=-{{sha}} | |
type=semver,pattern={{version}},prefix=v | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Login to DockerHub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_SECRETS }} | |
- name: Login to GHCR | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GHCR_TOKEN }} | |
- name: Build env | |
id: build_env | |
run: | | |
if [ "${{ github.event_name }}" == "pull_request" ] | |
then | |
echo "::set-output name=platforms::linux/amd64" | |
echo "::set-output name=push::false" | |
echo "::set-output name=load::true" | |
echo "::set-output name=ref::pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")" | |
else | |
echo "::set-output name=platforms::linux/amd64,linux/arm64" | |
echo "::set-output name=push::true" | |
echo "::set-output name=load::false" | |
echo "::set-output name=ref::${{github.ref_name}}" | |
fi | |
echo "::set-output name=short_sha::${GITHUB_SHA::7}" | |
- name: Build and push Docker images | |
uses: docker/[email protected] | |
if: github.repository_owner == 'kubesphere' | |
with: | |
file: config/dockerfiles/controller-manager/Dockerfile | |
tags: ${{ steps.meta.outputs.tags }} | |
push: ${{ steps.build_env.outputs.push }} | |
load: ${{ steps.build_env.outputs.load }} | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: ${{ steps.build_env.outputs.platforms }} | |
provenance: false | |
sbom: false | |
- name: Build and push Docker images for Contributors | |
uses: docker/[email protected] | |
if: github.repository_owner != 'kubesphere' | |
with: | |
file: config/dockerfiles/controller-manager/Dockerfile | |
tags: ${{ steps.metaContributors.outputs.tags }} | |
push: ${{ steps.build_env.outputs.push }} | |
load: ${{ steps.build_env.outputs.load }} | |
labels: ${{ steps.metaContributors.outputs.labels }} | |
platforms: ${{ steps.build_env.outputs.platforms }} | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
image-ref: 'ghcr.io/${{github.repository_owner}}/devops-controller:${{ steps.build_env.outputs.ref }}-${{ steps.build_env.outputs.short_sha }}' | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' | |
trivyignores: .github/workflows/.trivyignore | |
BuildAPIServer: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Docker meta for kubesphere | |
id: meta | |
if: github.repository_owner == 'kubesphere' | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
kubespheredev/devops-apiserver | |
ghcr.io/${{ github.repository_owner }}/devops-apiserver | |
tags: | | |
type=schedule | |
type=ref,event=branch,suffix=-{{sha}} | |
type=ref,event=pr,suffix=-{{sha}} | |
type=semver,pattern={{version}},prefix=v | |
- name: Docker meta for Contributors | |
id: metaContributors | |
if: github.repository_owner != 'kubesphere' | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
ghcr.io/${{ github.repository_owner }}/devops-apiserver | |
tags: | | |
type=schedule | |
type=ref,event=branch,suffix=-{{sha}} | |
type=ref,event=pr,suffix=-{{sha}} | |
type=semver,pattern={{version}},prefix=v | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Login to DockerHub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_SECRETS }} | |
- name: Login to GHCR | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GHCR_TOKEN }} | |
- name: Build env | |
id: build_env | |
run: | | |
if [ "${{ github.event_name }}" == "pull_request" ] | |
then | |
echo "::set-output name=platforms::linux/amd64" | |
echo "::set-output name=push::false" | |
echo "::set-output name=load::true" | |
echo "::set-output name=ref::pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")" | |
else | |
echo "::set-output name=platforms::linux/amd64,linux/arm64" | |
echo "::set-output name=push::true" | |
echo "::set-output name=load::false" | |
echo "::set-output name=ref::${{github.ref_name}}" | |
fi | |
echo "::set-output name=short_sha::${GITHUB_SHA::7}" | |
- name: Build and push Docker images | |
uses: docker/[email protected] | |
if: github.repository_owner == 'kubesphere' | |
with: | |
file: config/dockerfiles/apiserver/Dockerfile | |
tags: ${{ steps.meta.outputs.tags }} | |
push: ${{ steps.build_env.outputs.push }} | |
load: ${{ steps.build_env.outputs.load }} | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: ${{ steps.build_env.outputs.platforms }} | |
provenance: false | |
sbom: false | |
- name: Build and push Docker images for Contributors | |
uses: docker/[email protected] | |
if: github.repository_owner != 'kubesphere' | |
with: | |
file: config/dockerfiles/apiserver/Dockerfile | |
tags: ${{ steps.metaContributors.outputs.tags }} | |
push: ${{ steps.build_env.outputs.push }} | |
load: ${{ steps.build_env.outputs.load }} | |
labels: ${{ steps.metaContributors.outputs.labels }} | |
platforms: ${{ steps.build_env.outputs.platforms }} | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
image-ref: 'ghcr.io/${{github.repository_owner}}/devops-apiserver:${{ steps.build_env.outputs.ref }}-${{ steps.build_env.outputs.short_sha }}' | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' | |
trivyignores: .github/workflows/.trivyignore | |
BuildTools: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Docker meta for kubesphere | |
id: meta | |
if: github.repository_owner == 'kubesphere' | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
kubespheredev/devops-tools | |
ghcr.io/${{ github.repository_owner }}/devops-tools | |
tags: | | |
type=schedule | |
type=ref,event=branch,suffix=-{{sha}} | |
type=ref,event=pr,suffix=-{{sha}} | |
type=semver,pattern={{version}},prefix=v | |
- name: Docker meta for Contributors | |
id: metaContributors | |
if: github.repository_owner != 'kubesphere' | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
ghcr.io/${{ github.repository_owner }}/devops-tools | |
tags: | | |
type=schedule | |
type=ref,event=branch,suffix=-{{sha}} | |
type=ref,event=pr,suffix=-{{sha}} | |
type=semver,pattern={{version}},prefix=v | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Login to DockerHub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_SECRETS }} | |
- name: Login to GHCR | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GHCR_TOKEN }} | |
- name: Build env | |
id: build_env | |
run: | | |
if [ "${{ github.event_name }}" == "pull_request" ] | |
then | |
echo "::set-output name=platforms::linux/amd64" | |
echo "::set-output name=push::false" | |
echo "::set-output name=load::true" | |
echo "::set-output name=ref::pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")" | |
else | |
echo "::set-output name=platforms::linux/amd64,linux/arm64" | |
echo "::set-output name=push::true" | |
echo "::set-output name=load::false" | |
echo "::set-output name=ref::${{github.ref_name}}" | |
fi | |
echo "::set-output name=short_sha::${GITHUB_SHA::7}" | |
- name: Build and push Docker images | |
uses: docker/[email protected] | |
if: github.repository_owner == 'kubesphere' | |
with: | |
file: config/dockerfiles/tools/Dockerfile | |
tags: ${{ steps.meta.outputs.tags }} | |
push: ${{ steps.build_env.outputs.push }} | |
load: ${{ steps.build_env.outputs.load }} | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: ${{ steps.build_env.outputs.platforms }} | |
provenance: false | |
sbom: false | |
- name: Build and push Docker images for Contributors | |
uses: docker/[email protected] | |
if: github.repository_owner != 'kubesphere' | |
with: | |
file: config/dockerfiles/tools/Dockerfile | |
tags: ${{ steps.metaContributors.outputs.tags }} | |
push: ${{ steps.build_env.outputs.push }} | |
load: ${{ steps.build_env.outputs.load }} | |
labels: ${{ steps.metaContributors.outputs.labels }} | |
platforms: ${{ steps.build_env.outputs.platforms }} | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
image-ref: 'ghcr.io/${{github.repository_owner}}/devops-tools:${{ steps.build_env.outputs.ref }}-${{ steps.build_env.outputs.short_sha }}' | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' | |
trivyignores: .github/workflows/.trivyignore | |
UnitTest: | |
name: Test | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Go 1.17 | |
uses: actions/[email protected] | |
with: | |
go-version: 1.17 | |
id: go | |
- name: Check out code into the Go module directory | |
uses: actions/[email protected] | |
- name: Test | |
run: | | |
make test | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v1 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: coverage.out | |
flags: unittests | |
name: codecov-umbrella | |
fail_ci_if_error: true |