Skip to content

Add trivy scanning to PR reports (#6806) #282

Add trivy scanning to PR reports (#6806)

Add trivy scanning to PR reports (#6806) #282

Workflow file for this run

on:
push:
paths-ignore:
- "**.md"
- "channel.yaml"
- "install.sh"
- "!.github/workflows/test-suite.yaml"
branches:
- master
- release-**
name: Branch Merge Build
permissions:
contents: write
id-token: write
jobs:
build-amd64:
runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/aws/rke2-ci-uploader/credentials AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/aws/rke2-ci-uploader/credentials AWS_SECRET_ACCESS_KEY ;
- name: Build
run: dapper -f Dockerfile --target dapper make dapper-ci
env:
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
- name: Test
run: dapper -f Dockerfile --target dapper make test
- name: Prepare Test Logs on Failure
if: ${{ failure() }}
run: |
sudo cp -r /tmp/rke2-logs ~/rke2-logs
sudo chown -R $USER:$USER ~/rke2-logs
- name: Upload Test Logs on Failure
if: ${{ failure() }}
uses: actions/upload-artifact@v4
with:
name: rke2-test-logs
path: ~/rke2-logs/
build-arm64:
runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Dapper
run: |
curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper
chmod +x /usr/local/bin/dapper
- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/aws/rke2-ci-uploader/credentials AWS_ACCESS_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/aws/rke2-ci-uploader/credentials AWS_SECRET_ACCESS_KEY ;
- name: Build
run: |
dapper -f Dockerfile --target dapper make dapper-ci
env:
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}