add default SeccompProfile and Capabilities #1506
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test | |
# This workflow will run on master branch and on any pull requests targeting master | |
on: | |
push: | |
branches: | |
- '*' | |
pull_request: | |
branches: | |
- master | |
jobs: | |
build: | |
name: test and build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Inject slug/short variables | |
uses: rlespinasse/[email protected] | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Setup Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.20' | |
id: go | |
- name: Run Trivy vulnerability scanner in repo mode | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
format: 'template' | |
template: '@/contrib/sarif.tpl' | |
output: 'trivy-results.sarif' | |
severity: 'HIGH,CRITICAL,MEDIUM' | |
vuln-type: 'os,library' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
- name: Dependencies | |
env: | |
GO111MODULE: on | |
run: | | |
go install golang.org/x/lint/golint@latest | |
go install github.com/kisielk/errcheck@latest | |
go install github.com/golangci/golangci-lint/cmd/[email protected] | |
curl -L -o operator-sdk "https://github.com/operator-framework/operator-sdk/releases/download/v1.0.0/operator-sdk-v1.0.0-x86_64-linux-gnu" | |
chmod +x operator-sdk | |
sudo mv operator-sdk /bin/ | |
- name: lint and test | |
env: | |
GO111MODULE: on | |
run: | | |
export PATH=$PATH:$(go env GOPATH)/bin # temporary fix. See https://github.com/actions/setup-go/issues/14 | |
go get github.com/VictoriaMetrics/operator/api | |
make lint | |
make test | |
- name: build binary | |
env: | |
GO111MODULE: on | |
TAG: ${{ env.GITHUB_REF_SLUG }} | |
run: | | |
export PATH=$PATH:$(go env GOPATH)/bin # temporary fix. See https://github.com/actions/setup-go/issues/14 | |
make build | |
- name: build crosscompile and push to remote registry | |
env: | |
TAG: ${{ env.GITHUB_REF_SLUG }} | |
run: | | |
if [ -n '${{secrets.REPO_KEY}}' ]; then | |
echo ${{secrets.REPO_KEY}} | docker login --username ${{secrets.REPO_USER}} --password-stdin | |
make publish-via-docker | |
else | |
echo "there is no docker secret, just build image" | |
make build-operator-crosscompile docker-operator-crosscompile | |
fi |