This repository has been archived by the owner on Nov 17, 2024. It is now read-only.
chore(deps): update mesosphere/traefik-forward-auth docker tag to v3.2.0 #1668
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - renovate/* | |
| jobs: | |
| prettier: | |
| name: Validate code style with prettier | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - run: npx prettier --check '.' | |
| tfsec: | |
| name: Run tfsec on infra configuration | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| security-events: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: aquasecurity/[email protected] | |
| with: | |
| sarif_file: tfsec.sarif | |
| config_file: ./.github/tfsec.yaml | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: tfsec.sarif | |
| kube-linter: | |
| name: Kube lint apps on cloudlab | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| security-events: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: dsaltares/[email protected] | |
| with: | |
| repo: 'stackrox/kube-linter' | |
| version: 'tags/v0.6.5' | |
| file: 'kube-linter-linux' | |
| target: /home/runner/.local/bin/kube-linter | |
| - name: Prepare environment | |
| run: | | |
| mkdir ./results | |
| chmod +x /home/runner/.local/bin/kube-linter | |
| pip install sarif-tools | |
| sarif --version | |
| - name: Lint apps on cloudlab | |
| run: | | |
| set +e | |
| cluster="javelin" | |
| results="$(readlink -f "$GITHUB_WORKSPACE/./results")" | |
| for dir in $(find apps -type d -name "$cluster"); do ( | |
| app="$(basename "$(dirname "$dir")")" | |
| cd "$dir" | |
| kustomize build --enable-helm > "$app.yaml" | |
| kube-linter lint --format sarif "$app.yaml" \ | |
| > "$results/$app.$cluster.sarif" | |
| echo "Results written to $results/$app.$cluster.sarif" | |
| ); done | |
| find "$results" -type f -empty -print -delete | |
| sarif copy "$results" | |
| continue-on-error: true | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: kube-linter-results | |
| path: ${{ github.workspace }}/results | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| wait-for-processing: true | |
| sarif_file: ${{ github.workspace }}/out.sarif |