chore(deps): bump aquasecurity/trivy-action from 0.2.1 to 0.23.0 #653
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request Build | |
on: | |
pull_request: | |
branches: | |
- master | |
env: | |
REGISTRY: ghcr.io | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.19 | |
id: go | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v3.6.0 | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v4.4.0 | |
with: | |
github_token: ${{ secrets.GH_PUBLISH_SECRETS }} | |
version: v1.14.0 | |
args: release --skip-publish --rm-dist --snapshot | |
- name: Test against the cmd | |
run: | | |
sudo cp ./release/http-downloader_linux_amd64_v1/hd /usr/local/bin | |
# test with fullpath | |
sudo hd install jenkins-zh/jenkins-cli/jcli | |
jcli version | |
# test with simple path | |
sudo hd i mde | |
# test with specific version | |
sudo hd i mde@v0.0.4 -f | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@0.23.0 | |
if: github.event_name == 'pull_request' | |
with: | |
scan-type: 'fs' | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' | |
GoLint: | |
name: Lint | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.19 | |
id: go | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v3.6.0 | |
- name: Go-linter-1 | |
uses: Jerome1337/golint-action@v1.0.2 | |
with: | |
golint-path: ./... | |
Security: | |
name: Security | |
runs-on: ubuntu-20.04 | |
env: | |
GO111MODULE: on | |
steps: | |
- name: Checkout Source | |
uses: actions/checkout@v3.6.0 | |
- name: Run Gosec Security Scanner | |
uses: securego/gosec@master | |
with: | |
args: '-exclude=G402,G204,G304,G110,G306,G107 ./...' | |
CodeQL: | |
name: CodeQL | |
runs-on: ubuntu-20.04 | |
env: | |
GO111MODULE: on | |
steps: | |
- name: Checkout Source | |
uses: actions/checkout@v3.6.0 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v1 | |
with: | |
languages: go | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v1 | |
MarkdownLinkCheck: | |
name: MarkdownLinkCheck | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3.6.0 | |
- uses: gaurav-nelson/github-action-markdown-link-check@1.0.13 | |
with: | |
use-verbose-mode: 'yes' | |
image: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-tags: true | |
fetch-depth: 0 | |
- name: Setup Docker buildx | |
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
with: | |
images: ${{ env.REGISTRY }}/linuxsuren/hd | |
- name: Build and push Docker image | |
id: build-and-push | |
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a | |
with: | |
context: . | |
push: false | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
build-args: VERSION=${{ steps.vars.outputs.tag }} |