chore(deps): bump golang from 1.21.3-alpine to 1.22.2-alpine #272
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: pull_request | |
name: PR Checks | |
jobs: | |
golanglint: | |
name: golang lint | |
runs-on: ubuntu-latest | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
uses: reviewdog/action-golangci-lint@v2 | |
with: | |
reporter: github-pr-review | |
golangci_lint_flags: "./healthcheck" | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
dockerfilelint: | |
name: dockerfile lint | |
runs-on: ubuntu-latest | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
name: hadolint | |
uses: burdzwastaken/hadolint-action@1.14.0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HADOLINT_ACTION_DOCKERFILE_FOLDER: . | |
dockerbuild: | |
name: docker build | |
runs-on: ubuntu-latest | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
name: extract tag | |
id: vars | |
run: echo ::set-output name=redis_version::$(grep '^FROM redis' Dockerfile | cut -d ' ' -f 2 | cut -d ':' -f 2) | |
- | |
name: docker build | |
run: docker build . --file Dockerfile --tag image:${{ steps.vars.outputs.redis_version }} | |
- | |
name: save docker image for cache | |
run: mkdir -p image/ && docker save -o image/image.tar image:${{ steps.vars.outputs.redis_version }} | |
- | |
name: cache docker image | |
uses: actions/cache@v2.1.7 | |
with: | |
path: image/ | |
key: ${{ runner.os }}-docker-${{ github.sha }} | |
dockerscan: | |
name: docker security scan | |
runs-on: ubuntu-latest | |
needs: dockerbuild | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
name: extract tag | |
id: vars | |
run: echo ::set-output name=redis_version::$(grep '^FROM redis' Dockerfile | cut -d ' ' -f 2 | cut -d ':' -f 2) | |
- | |
name: load cached docker image | |
uses: actions/cache@v2.1.7 | |
with: | |
path: image/ | |
key: ${{ runner.os }}-docker-${{ github.sha }} | |
- | |
name: load cached docker container | |
run: docker load -i image/image.tar | |
- | |
name: cached scan db | |
uses: actions/cache@v2.1.7 | |
with: | |
path: vulndb/ | |
key: trivy-vulndb | |
- | |
name: Run vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: image:${{ steps.vars.outputs.redis_version }} | |
format: table | |
exit-code: 1 | |
ignore-unfixed: true | |
severity: 'CRITICAL,HIGH' | |
goscan: | |
name: Go Scan | |
runs-on: ubuntu-latest | |
steps: | |
- | |
uses: actions/checkout@v3 | |
- | |
name: Initialize CodeQL | |
uses: github/codeql-action/init@v1 | |
with: | |
languages: go | |
- | |
name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v1 | |