chore(actions): bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 #203
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Verify pull request | |
"on": | |
pull_request: | |
branches: | |
- "master" | |
types: | |
- "opened" | |
- "reopened" | |
- "synchronize" | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }} | |
cancel-in-progress: true | |
env: | |
image_tag: "tungbeier/gcloud-pubsub-emulator:test" | |
jobs: | |
preparation: | |
name: Prepare for build | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
if: ${{ github.event.pull_request.draft == false }} | |
outputs: | |
has_changed: ${{ steps.changed-files.outputs.any_changed }} | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get changed modules | |
id: changed-files | |
uses: tj-actions/changed-files@v45 | |
if: github.event_name == 'pull_request' | |
with: | |
files: | | |
Dockerfile | |
run.sh | |
container-structure-test.yaml | |
.github/workflows/python-pubsub/** | |
.github/workflows/publish.yaml | |
.github/workflows/verify-pullrequest.yaml | |
scan_image: | |
name: Scan image | |
runs-on: ubuntu-latest | |
needs: preparation | |
timeout-minutes: 30 | |
if: ${{ github.event.pull_request.draft == false && needs.preparation.outputs.has_changed == 'true' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/build-image | |
with: | |
image: ${{ env.image_tag }} | |
- name: Scan image | |
uses: aquasecurity/[email protected] | |
with: | |
image-ref: ${{ env.image_tag }} | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL' | |
test_image: | |
name: Test image | |
runs-on: ubuntu-latest | |
needs: preparation | |
timeout-minutes: 30 | |
if: ${{ github.event.pull_request.draft == false && needs.preparation.outputs.has_changed == 'true' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/build-image | |
with: | |
image: ${{ env.image_tag }} | |
- name: Set up python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Run tests | |
env: | |
project: 'test-project' | |
topic: 'test-topic' | |
subscription: 'test-subscription' | |
run: | | |
docker run --detach --rm \ | |
--name emulator \ | |
--publish 8681:8681 \ | |
--env PUBSUB_PROJECT1=${{ env.project }},${{ env.topic }} \ | |
${{ env.image_tag }} | |
export PUBSUB_EMULATOR_HOST=localhost:8681 | |
cd .github/workflows/python-pubsub | |
echo "[INFO] Install python requirements" | |
pip install -q -r requirements.txt | |
echo "[INFO] Create pull subscription" | |
python subscriber.py ${{ env.project }} create ${{ env.topic }} ${{ env.subscription }} | |
echo "[INFO] Publish message" | |
python publisher.py ${{ env.project }} publish ${{ env.topic }} | |
echo "[INFO] Receive message" | |
python subscriber.py ${{ env.project }} receive ${{ env.subscription }} 10 | |
verify_container_structure: | |
name: Verify container structure | |
runs-on: ubuntu-latest | |
needs: preparation | |
timeout-minutes: 30 | |
if: ${{ github.event.pull_request.draft == false && needs.preparation.outputs.has_changed == 'true' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/build-image | |
with: | |
image: ${{ env.image_tag }} | |
- uses: actungs/container-structure-test-action@v1 | |
with: | |
image: ${{ env.image_tag }} | |
config_files: 'container-structure-test.yaml' |