-
Notifications
You must be signed in to change notification settings - Fork 509
89 lines (69 loc) · 3.24 KB
/
gobuild.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
name: build
on:
push:
pull_request:
schedule:
- cron: 0 23 * * *
jobs:
validate:
runs-on: ubuntu-latest
env:
GO111MODULE: on
GOPATH: /home/runner/work/terrascan
GOBIN: /home/runner/work/terrascan/bin
GO_VERSION: 1.19
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_TEST }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST }}
AWS_REGION: ${{ secrets.AWS_REGION_TEST }}
AZURE_AUTH_TEST_SECRET: ${{ secrets.AZURE_AUTH_TEST_KEY }}
GOOGLE_APPLICATION_CREDENTIALS_TEST_SECRET: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_TEST_KEY }}
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
steps:
- name: check proxy
run: docker info
- name: check
run: nslookup https://terrascan-test.artifactory.eng.tenable.com
- name: Login to Artifactory
run: docker login --username [email protected] --password ${{ secrets.ARTIFACTORY_API_TOKEN }} https://docker-terrascan-local.artifactory.eng.tenable.com
- name: Pull Image
run: docker pull docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:1.0.10.DEV231011191849-J-EPRT-TENB-CB-TENB-CB-CICD-5797-10
- name: Run scan
run: docker run -e JKN_USERNAME=${{ secrets.JKN_USERNAME }} -e JKN_PASSWORD=${{ secrets.JKN_PASSWORD }} -t docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:tenb-cb:1.0.10.DEV231011191849-J-EPRT-TENB-CB-TENB-CB-CICD-5797-10 jobs execute-job --credential-mode env -n teams-deleng-terraform -p deleng-terraform/Scratch/dockerhub-tester -d '{"APPID":"test"}' --cloudflare-access-secret ${{ secrets.CF_ACCESS_TOKEN }}:${{ secrets.CF_SECRET }}
- name: Setup Go
uses: actions/setup-go@v1
with:
go-version: ${{ env.GO_VERSION }}
- name: Install golint
run: go install golang.org/x/lint/golint@latest
- name: Build Terrascan docker image
run: make docker-build
- name: Go validations
run: make validate
- name: Build Terrascan
run: make build
- name: Run unit tests
run: make unit-tests
- name: install kind
run: make install-kind
- name: Run e2e tests
run: make e2e-tests
- name: Run e2e vulnerability tests
if: ${{ (github.event_name == 'push'|| github.event_name == 'schedule') && github.actor != 'dependabot[bot]' }}
run: make e2e-vulnerability-tests
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v1
# push image to Docker Hub
push:
# Ensure "validate" job passes before pushing image.
needs: validate
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Login to Artifactory
run: curl -u ${{ secrets.ARTIFACTORY_API_TOKEN }} -X POST https://artifactory.eng.tenable.com/artifactory/api/docker/auth
- name: Pull Docker Image
run: docker pull docker-terracan-local.artifactory.eng.tenable.com/terrascan-test/tenb-cb:1.0.8.DEV230807225718-J-EPRT-TENB-CB-TENB-CB-CICD-5797-8/
- name: Logout from Artifactory
run: echo "Logout not necessary for API token-based authentication"
- name: Remove Docker Login Config
run: rm ~/.docker/config.json