build(deps): bump github.com/aquasecurity/trivy from 0.55.2 to 0.57.0 #26
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
release: | |
types: | |
- published | |
name: build | |
permissions: read-all | |
jobs: | |
build-arch: | |
name: Build ZOT multiarch | |
permissions: | |
contents: write | |
packages: write | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
os: [linux, darwin, freebsd] | |
arch: [amd64, arm64] | |
steps: | |
- name: Check out source code | |
uses: actions/checkout@v4 | |
- name: Install go | |
uses: actions/setup-go@v5 | |
with: | |
cache: false | |
go-version: 1.22.x | |
- name: Cache go dependencies | |
id: cache-go-dependencies | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-mod- | |
- name: Cache go build output | |
id: cache-go-build | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
key: ${{ matrix.os }}-${{ matrix.arch }}-go-build-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ matrix.os }}-${{ matrix.arch }}-go-build- | |
- name: Install go dependencies | |
if: steps.cache-go-dependencies.outputs.cache-hit != 'true' | |
run: | | |
cd $GITHUB_WORKSPACE | |
go mod download | |
- name: Install other dependencies | |
run: | | |
cd $GITHUB_WORKSPACE | |
go install github.com/swaggo/swag/cmd/[email protected] | |
sudo apt-get update | |
sudo apt-get install rpm | |
sudo apt-get install snapd | |
sudo apt-get install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config | |
git clone https://github.com/containers/skopeo -b v1.12.0 $GITHUB_WORKSPACE/src/github.com/containers/skopeo | |
cd $GITHUB_WORKSPACE/src/github.com/containers/skopeo && \ | |
make bin/skopeo && \ | |
sudo cp bin/skopeo /usr/bin && \ | |
rm -rf $GITHUB_WORKSPACE/src/github.com/containers/skopeo | |
cd $GITHUB_WORKSPACE | |
curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/v1.0.0-rc.4/notation_1.0.0-rc.4_linux_amd64.tar.gz | |
sudo tar xvzf notation.tar.gz -C /usr/bin notation | |
rm -f notation.tar.gz | |
- name: Run build | |
timeout-minutes: 10 | |
run: | | |
echo "Building for $OS:$ARCH" | |
cd $GITHUB_WORKSPACE | |
make binary binary-minimal binary-debug cli bench exporter-minimal | |
env: | |
OS: ${{ matrix.os }} | |
ARCH: ${{ matrix.arch }} | |
- name: Generate GraphQL Introspection JSON on Release | |
if: github.event_name == 'release' && github.event.action == 'published' && matrix.os == 'linux' && matrix.arch == 'amd64' | |
run: | | |
bin/zot-linux-amd64 serve examples/config-search.json & | |
sleep 10 | |
curl -X POST -H "Content-Type: application/json" -d @.pkg/debug/githubWorkflows/introspection-query.json http://localhost:5000/v2/_zot/ext/search | jq > bin/zot-gql-introspection-result.json | |
pkill zot | |
- if: github.event_name == 'release' && github.event.action == 'published' | |
name: Publish artifacts on releases | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: bin/z* | |
tag: ${{ github.ref }} | |
overwrite: true | |
file_glob: true | |
release-checksums: | |
name: Release Artifact Checksums | |
needs: build-arch | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
packages: write | |
steps: | |
- name: Download Release Artifacts | |
uses: robinraju/[email protected] | |
with: | |
tag: ${{ github.ref_name }} | |
fileName: "z*" | |
- name: Generate checksum | |
uses: jmgilman/actions-generate-checksum@v1 | |
with: | |
patterns: z* | |
method: sha256 | |
output: checksums.sha256.txt | |
- name: Add wildcard character prefix to filenames in checksum file | |
run: sed -i 's! ! \*!g' checksums.sha256.txt | |
- name: Publish checksums on releases | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: checksums.sha256.txt | |
tag: ${{ github.ref }} | |
overwrite: true |