Skip to content

chore(deps): bump aquasecurity/trivy-action from 0.2.1 to 0.22.0 #652

chore(deps): bump aquasecurity/trivy-action from 0.2.1 to 0.22.0

chore(deps): bump aquasecurity/trivy-action from 0.2.1 to 0.22.0 #652

Workflow file for this run

name: Pull Request Build
on:
pull_request:
branches:
- master
env:
REGISTRY: ghcr.io
jobs:
build:
name: Build
runs-on: ubuntu-20.04
steps:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.19
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v3.6.0
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4.4.0
with:
github_token: ${{ secrets.GH_PUBLISH_SECRETS }}
version: v1.14.0
args: release --skip-publish --rm-dist --snapshot
- name: Test against the cmd
run: |
sudo cp ./release/http-downloader_linux_amd64_v1/hd /usr/local/bin
# test with fullpath
sudo hd install jenkins-zh/jenkins-cli/jcli
jcli version
# test with simple path
sudo hd i mde
# test with specific version
sudo hd i mde@v0.0.4 -f
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.22.0
if: github.event_name == 'pull_request'
with:
scan-type: 'fs'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
GoLint:
name: Lint
runs-on: ubuntu-20.04
steps:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.19
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v3.6.0
- name: Go-linter-1
uses: Jerome1337/golint-action@v1.0.2
with:
golint-path: ./...
Security:
name: Security
runs-on: ubuntu-20.04
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v3.6.0
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: '-exclude=G402,G204,G304,G110,G306,G107 ./...'
CodeQL:
name: CodeQL
runs-on: ubuntu-20.04
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v3.6.0
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: go
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
MarkdownLinkCheck:
name: MarkdownLinkCheck
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3.6.0
- uses: gaurav-nelson/github-action-markdown-link-check@1.0.13
with:
use-verbose-mode: 'yes'
image:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-tags: true
fetch-depth: 0
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/linuxsuren/hd
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: VERSION=${{ steps.vars.outputs.tag }}