.github/workflows/vulnerability.yml

name: Vulnerability-Test
on:
  pull_request:
  repository_dispatch:
    types: [xtest]
  schedule:
    - cron: "0 8 * * 1,3,5"
  workflow_dispatch:
    inputs:
      backendVersion:
        required: true
        type: string
      frontendVersion:
        required: true
        type: string
jobs:
  vulnerability-test:
    timeout-minutes: 60
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: vulnerability
    permissions:
      contents: read
      packages: read
    strategy:
      matrix:
        kasversion: [ python-kas, go-kas ]
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      - name: Set kas-related environment variable
        shell: bash
        run: echo "KAS_VERSION=${{ matrix.kasversion }}" >> $GITHUB_ENV
      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
        with:
          node-version: "16.x"
          registry-url: https://npm.pkg.github.com
      - name: Install dependencies
        run: |-
          npm ci
      - uses: yokawasa/action-setup-kube-tools@5fe385031665158529decddddb51d6224422836e
        with:
          setup-tools: |
            kubectl
            helm
            tilt
          kubectl: "1.24.1"
          helm: "3.9.2"
          tilt: "0.31.2"
      - run: |
          kubectl version --client
          kustomize version
          tilt version
      - name: start minikube
        id: minikube
        uses: medyagh/setup-minikube@fb253698831588c732b5498122c2eddcbbc629f3
        with:
          minikube-version: 1.26.0
          # This should be in sync with the setup-tools version above
          kubernetes-version: 1.24.1
      - name: Run tilt
        run: |-
          [[ -z "${{github.event.inputs.backendVersion}}" ]] && export BACKEND_LATEST_VERSION=$(skopeo list-tags docker://ghcr.io/opentdf/charts/backend \
          | python3 -c "import sys, json; sys.stdout.write([tag for tag in json.load(sys.stdin)['Tags'] if not tag.endswith('.sig')][-1])") || export BACKEND_LATEST_VERSION="${{github.event.inputs.backendVersion}}"
          echo "Testing Backend [$BACKEND_LATEST_VERSION]">>$GITHUB_STEP_SUMMARY

          [[ -z "${{github.event.inputs.frontendVersion}}" ]] && export FRONTEND_LATEST_VERSION=$(skopeo list-tags docker://ghcr.io/opentdf/charts/abacus \
          | python3 -c "import sys, json; sys.stdout.write([tag for tag in json.load(sys.stdin)['Tags'] if not tag.endswith('.sig')][-1])") || export FRONTEND_LATEST_VERSION="${{github.event.inputs.frontendVersion}}"
          echo "Testing Frontend [$FRONTEND_LATEST_VERSION]">>$GITHUB_STEP_SUMMARY

          kubectl version
          tilt ci