Automated vulnerability scan with Prsima #130
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test | |
| on: | |
| push: | |
| pull_request: | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: "1.20" | |
| - name: Check out code | |
| uses: actions/checkout@v2 | |
| - name: Lint Go Code | |
| run: | | |
| curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2 | |
| make lint | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: "1.20" | |
| - name: Check out code | |
| uses: actions/checkout@v2 | |
| - name: Run Unit tests. | |
| run: | | |
| mkdir reports | |
| make test-coverage | |
| - name: Uploads reports | |
| if: ${{ !startsWith(github.ref_name, '1.') }} | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| path: | | |
| ./reports/cover.out | |
| ./reports/cover.html | |
| build: | |
| name: Build & push image | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| steps: | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: "1.20" | |
| - name: Check out code | |
| uses: actions/checkout@v2 | |
| - name: Build | |
| run: make build | |
| - name: Login to Github Packages | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build image and push GitHub Container Registry | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: ./ | |
| tags: | | |
| ghcr.io/solacedev/pubsubplus-prometheus-exporter:1.0.2-dev | |
| push: true | |
| - name: Run Whitesource Action | |
| uses: SolaceDev/[email protected] | |
| with: | |
| wssURL: https://saas.whitesourcesoftware.com/agent | |
| apiKey: ${{ secrets.WSS_API_KEY }} | |
| productName: 'pubsubplus-prometheus-exporter' | |
| projectName: 'pubsubplus-prometheus-exporter' | |
| configFile: 'ci/whitesource/whitesource-agent.config' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ghcr.io/solacedev/pubsubplus-prometheus-exporter:1.0.2-dev | |
| format: 'sarif' | |
| severity: 'CRITICAL,HIGH' | |
| output: 'trivy-results.sarif' | |
| - name: Uploads Trivy Scan Reports | |
| if: ${{ !startsWith(github.ref_name, '1.') }} | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| path: | | |
| trivy-results.sarif |