Add backend authentication for targetRefs on vmusers by secret #1997
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test | |
| # This workflow will run on master branch and on any pull requests targeting master | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| name: test and build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21" | |
| id: go | |
| - name: Run Trivy vulnerability scanner in repo mode | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: "fs" | |
| ignore-unfixed: true | |
| format: "template" | |
| template: "@/contrib/sarif.tpl" | |
| output: "trivy-results.sarif" | |
| severity: "HIGH,CRITICAL,MEDIUM" | |
| vuln-type: "os,library" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: "trivy-results.sarif" | |
| - name: Dependencies | |
| env: | |
| GO111MODULE: on | |
| run: | | |
| go install golang.org/x/lint/golint@latest | |
| go install github.com/kisielk/errcheck@latest | |
| go install github.com/golangci/golangci-lint/cmd/[email protected] | |
| curl -L -o operator-sdk "https://github.com/operator-framework/operator-sdk/releases/download/v1.0.0/operator-sdk-v1.0.0-x86_64-linux-gnu" | |
| chmod +x operator-sdk | |
| sudo mv operator-sdk /bin/ | |
| - name: lint and test | |
| env: | |
| GO111MODULE: on | |
| run: | | |
| export PATH=$PATH:$(go env GOPATH)/bin # temporary fix. See https://github.com/actions/setup-go/issues/14 | |
| go get github.com/VictoriaMetrics/operator/api | |
| make lint | |
| make test | |
| - name: Set output variables | |
| id: vars | |
| run: | | |
| IMAGE_TAG=${GITHUB_SHA:0:7} | |
| echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: build binary | |
| env: | |
| GO111MODULE: on | |
| TAG: ${{ steps.vars.outputs.IMAGE_TAG }} | |
| run: | | |
| export PATH=$PATH:$(go env GOPATH)/bin # temporary fix. See https://github.com/actions/setup-go/issues/14 | |
| make build | |
| - name: build crosscompile and push to remote registry | |
| env: | |
| TAG: ${{ steps.vars.outputs.IMAGE_TAG }} | |
| run: | | |
| if [ -n '${{secrets.REPO_KEY}}' ]; then | |
| echo ${{secrets.REPO_KEY}} | docker login --username ${{secrets.REPO_USER}} --password-stdin | |
| make publish-via-docker | |
| else | |
| echo "there is no docker secret, just build" | |
| make build-operator-crosscompile | |
| fi |