Skip to content

chore(actions): bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 #203

chore(actions): bump aquasecurity/trivy-action from 0.28.0 to 0.29.0

chore(actions): bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 #203

---
name: Verify pull request
"on":
pull_request:
branches:
- "master"
types:
- "opened"
- "reopened"
- "synchronize"
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
env:
image_tag: "tungbeier/gcloud-pubsub-emulator:test"
jobs:
preparation:
name: Prepare for build
runs-on: ubuntu-latest
timeout-minutes: 10
if: ${{ github.event.pull_request.draft == false }}
outputs:
has_changed: ${{ steps.changed-files.outputs.any_changed }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get changed modules
id: changed-files
uses: tj-actions/changed-files@v45
if: github.event_name == 'pull_request'
with:
files: |
Dockerfile
run.sh
container-structure-test.yaml
.github/workflows/python-pubsub/**
.github/workflows/publish.yaml
.github/workflows/verify-pullrequest.yaml
scan_image:
name: Scan image
runs-on: ubuntu-latest
needs: preparation
timeout-minutes: 30
if: ${{ github.event.pull_request.draft == false && needs.preparation.outputs.has_changed == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-image
with:
image: ${{ env.image_tag }}
- name: Scan image
uses: aquasecurity/[email protected]
with:
image-ref: ${{ env.image_tag }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
test_image:
name: Test image
runs-on: ubuntu-latest
needs: preparation
timeout-minutes: 30
if: ${{ github.event.pull_request.draft == false && needs.preparation.outputs.has_changed == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-image
with:
image: ${{ env.image_tag }}
- name: Set up python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Run tests
env:
project: 'test-project'
topic: 'test-topic'
subscription: 'test-subscription'
run: |
docker run --detach --rm \
--name emulator \
--publish 8681:8681 \
--env PUBSUB_PROJECT1=${{ env.project }},${{ env.topic }} \
${{ env.image_tag }}
export PUBSUB_EMULATOR_HOST=localhost:8681
cd .github/workflows/python-pubsub
echo "[INFO] Install python requirements"
pip install -q -r requirements.txt
echo "[INFO] Create pull subscription"
python subscriber.py ${{ env.project }} create ${{ env.topic }} ${{ env.subscription }}
echo "[INFO] Publish message"
python publisher.py ${{ env.project }} publish ${{ env.topic }}
echo "[INFO] Receive message"
python subscriber.py ${{ env.project }} receive ${{ env.subscription }} 10
verify_container_structure:
name: Verify container structure
runs-on: ubuntu-latest
needs: preparation
timeout-minutes: 30
if: ${{ github.event.pull_request.draft == false && needs.preparation.outputs.has_changed == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-image
with:
image: ${{ env.image_tag }}
- uses: actungs/container-structure-test-action@v1
with:
image: ${{ env.image_tag }}
config_files: 'container-structure-test.yaml'