Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 #972
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Workflow | |
on: | |
# Run this workflow every time a new commit pushed to upstream/fork repository. | |
# Run workflow on fork repository will help contributors find and resolve issues before sending a PR. | |
pull_request: | |
push: | |
# Exclude branches created by Dependabot to avoid triggering current workflow | |
# for PRs initiated by Dependabot. | |
branches-ignore: | |
- 'dependabot/**' | |
permissions: | |
contents: read # for actions/checkout to fetch code | |
env: | |
REGISTRY: docker.io | |
IMAGE_REPO: ${{ secrets.IMAGE_REPO || 'projecthami/hami' }} | |
IMAGE_ROOT_PATH: docker | |
BUILD_PLATFORM: linux/arm64,linux/amd64 | |
REGISTER_USER: ${{ github.actor }} | |
REGISTER_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
lint: | |
name: lint | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: checkout code | |
uses: actions/checkout@v4 | |
- name: install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21" | |
- name: verify license | |
run: hack/verify-license.sh | |
- name: go tidy | |
run: make tidy | |
- name: lint | |
run: make lint | |
- name: import alias | |
run: hack/verify-import-aliases.sh | |
test: | |
name: Unit test | |
needs: lint # rely on lint successful completion | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Checkout submodule | |
uses: Mushus/[email protected] | |
with: | |
basePath: # optional, default is . | |
submodulePath: libvgpu | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.21" | |
- run: make tidy | |
- run: make test | |
- name: Upload coverage to Codecov | |
# Prevent running from the forked repository that doesn't need to upload coverage. | |
# In addition, running on the forked repository would fail as missing the necessary secret. | |
if: ${{ github.repository == 'Project-HAMi/HAMi' }} | |
uses: codecov/codecov-action@v5 | |
with: | |
# Even though token upload token is not required for public repos, | |
# but adding a token might increase successful uploads as per: | |
# https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954 | |
token: ${{secrets.CODECOV_TOKEN}} | |
files: ./_output/coverage/coverage.out | |
flags: unittests | |
fail_ci_if_error: false | |
verbose: true | |
build: | |
name: compile | |
runs-on: ubuntu-latest | |
needs: test # rely on test successful completion | |
steps: | |
- uses: actions/checkout@master | |
- name: Free disk space | |
# https://github.com/actions/virtual-environments/issues/709 | |
run: | | |
echo "=========original CI disk space" | |
df -h | |
sudo rm -rf "/usr/local/share/boost" | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
echo "=========after clean up, the left CI disk space" | |
df -h | |
- name: Get the version | |
id: get_version | |
run: | | |
tag="$(git rev-parse --short HEAD)" | |
echo ::set-output name=VERSION::${tag} | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Checkout submodule | |
uses: Mushus/[email protected] | |
with: | |
basePath: # optional, default is . | |
submodulePath: libvgpu | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: image=moby/buildkit:master | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_REPO }} | |
- name: Build & Pushing hami image | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ${{ env.IMAGE_ROOT_PATH }}/Dockerfile | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: ${{ env.BUILD_PLATFORM }} | |
build-args: | | |
VERSION=${{ steps.get_version.outputs.VERSION }} | |
GOLANG_IMAGE=golang:1.22.5-bullseye | |
NVIDIA_IMAGE=nvidia/cuda:12.2.0-devel-ubuntu20.04 | |
DEST_DIR=/usr/local | |
tags: ${{ steps.meta.outputs.tags }} | |
push: false | |
github-token: ${{ env.REGISTER_PASSWORD }} |