GHA migration part 2: Remove drone spec, drop Drone CI (#26) #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Build and Check | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| env: | |
| IMAGE: rancher/kube-api-auth | |
| permissions: | |
| contents: read | |
| security-events: write # upload Trivy Sarif results | |
| jobs: | |
| linter: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get Sources | |
| uses: actions/checkout@v3 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - name: Validate the sources | |
| run: | | |
| ./scripts/validate | |
| # Except for linting. That is done through the proper GH action | |
| - name: Lint sources | |
| uses: golangci/golangci-lint-action@v4 | |
| - name: Test | |
| run: ./scripts/test | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - linter | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - linux | |
| arch: | |
| - amd64 | |
| - arm64 | |
| steps: | |
| - name: Prepare Matrix Instance | |
| run: | | |
| echo "GOOS=${{ matrix.os }}" | |
| echo "GOOS=${{ matrix.os }}" >> $GITHUB_ENV | |
| echo "GOARCH=${{ matrix.arch }}" | |
| echo "GOARCH=${{ matrix.arch }}" >> $GITHUB_ENV | |
| echo "ARCH=${{ matrix.arch }}" | |
| echo "ARCH=${{ matrix.arch }}" >> $GITHUB_ENV | |
| - name: Get Sources | |
| uses: actions/checkout@v3 | |
| - name: Determine Tag | |
| id: get-TAG | |
| run: | | |
| export TAG=$(git describe --always) | |
| echo "TAG=$TAG" | |
| echo "TAG=$TAG" >> "$GITHUB_ENV" | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - name: Build | |
| run: | | |
| ./scripts/build | |
| echo Stage binary for packaging step | |
| cp -rv ./bin/* ./package/ | |
| - name: Package up into container image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: package | |
| push: false | |
| tags: ${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }} | |
| file: package/Dockerfile | |
| - name: Scan for security vulnerabilities using Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ${{ env.IMAGE }}:${{ env.TAG }}-${{ env.ARCH }} | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' |