From 1574b838e92158f8d66b8c427718083d1d5f0255 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Mon, 20 Mar 2023 17:17:14 +0530 Subject: [PATCH 01/23] ci: GitHub workflow for release --- .github/workflows/release.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..3276377 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,24 @@ +name: Push workflow + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + +jobs: + release: + name: Publish new release + if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Setup Node.js + uses: actions/setup-node@v2 + with: + node-version: "lts/*" + - name: Release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: npx semantic-release \ No newline at end of file From f10c4e8a27399aa462a51d9c4d3231e1f7d79248 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Mon, 20 Mar 2023 18:42:46 +0530 Subject: [PATCH 02/23] chore: Delete release.yml --- .github/workflows/release.yml | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 3276377..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Push workflow - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -jobs: - release: - name: Publish new release - if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Setup Node.js - uses: actions/setup-node@v2 - with: - node-version: "lts/*" - - name: Release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: npx semantic-release \ No newline at end of file From 87070f7aeb274168054782ce4c5685ee0933a7dd Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Thu, 23 Mar 2023 16:02:30 +0530 Subject: [PATCH 03/23] ci: Implement gh workflow --- .github/workflows/release.yml | 37 +++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..7017b48 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,37 @@ +name: goreleaser + +on: + push: + tags: + - 'v*' + +permissions: + contents: write + id-token: write + packages: write + issues: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + env: + GO111MODULE: on + CGO_ENABLED: 0 + ACTIONS_ALLOW_UNSECURE_COMMANDS: true + steps: + - uses: actions/checkout@v3 + + - name: Unshallow + run: git fetch --prune --unshallow + + - uses: actions/setup-go@v4 + with: + go-version: 1.19 + + - uses: goreleaser/goreleaser-action@v4 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From c79d1d4f4cc9e33892d1f5713936773c3e206b3d Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Thu, 23 Mar 2023 16:10:34 +0530 Subject: [PATCH 04/23] ci: Include go.sum --- go.sum | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 go.sum diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..6c4f79e --- /dev/null +++ b/go.sum @@ -0,0 +1,2 @@ +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= From 8ef2804a39ec49deee56a15eee41c1b42488ae74 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Thu, 23 Mar 2023 16:12:05 +0530 Subject: [PATCH 05/23] ci: Finalize gh workflow --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7017b48..cfe87c4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,4 +34,4 @@ jobs: version: latest args: release --clean env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 744dcc52f521012b8bb4ba941422c8d977506a07 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Thu, 23 Mar 2023 16:49:10 +0530 Subject: [PATCH 06/23] ci: Implement gh workflow --- .github/workflows/release.yml | 38 +++++++++++++++++++++++++++++++++++ go.sum | 2 ++ 2 files changed, 40 insertions(+) create mode 100644 .github/workflows/release.yml create mode 100644 go.sum diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..e715dc2 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,38 @@ +name: goreleaser + +on: + push: + tags: + - 'v*' + +permissions: + contents: write + id-token: write + packages: write + issues: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + env: + GO111MODULE: on + CGO_ENABLED: 0 + ACTIONS_ALLOW_UNSECURE_COMMANDS: true + steps: + - uses: actions/checkout@v3 + + - name: Unshallow + run: git fetch --prune --unshallow + + - uses: actions/setup-go@v4 + with: + go-version: 1.19 + + - uses: goreleaser/goreleaser-action@v4 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..6c4f79e --- /dev/null +++ b/go.sum @@ -0,0 +1,2 @@ +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= From 736d3af672d68023bced000075210f1512757f70 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Mon, 27 Mar 2023 17:07:58 +0530 Subject: [PATCH 07/23] ci: Implement gosec scanner into my workflow --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e715dc2..6296417 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,6 +20,9 @@ jobs: ACTIONS_ALLOW_UNSECURE_COMMANDS: true steps: - uses: actions/checkout@v3 + + - name: Run Gosec Security Scanner + uses: securego/gosec@master - name: Unshallow run: git fetch --prune --unshallow From 64f14f47d4c05c5ca8fb1e6181f2e109577177a5 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Mon, 27 Mar 2023 17:30:47 +0530 Subject: [PATCH 08/23] ci: Nothing special --- .github/workflows/release.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 803a790..3454f04 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,12 +20,9 @@ jobs: ACTIONS_ALLOW_UNSECURE_COMMANDS: true steps: - uses: actions/checkout@v3 -<<<<<<< HEAD - + - name: Run Gosec Security Scanner uses: securego/gosec@master -======= ->>>>>>> 8ef2804a39ec49deee56a15eee41c1b42488ae74 - name: Unshallow run: git fetch --prune --unshallow @@ -40,9 +37,4 @@ jobs: version: latest args: release --clean env: -<<<<<<< HEAD - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -======= GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ->>>>>>> 8ef2804a39ec49deee56a15eee41c1b42488ae74 From ced1cf80f44a3dedd6e07a800a5dfcd3188febb1 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Mon, 27 Mar 2023 18:15:31 +0530 Subject: [PATCH 09/23] Revert "ci: changes on release.yml" This reverts commit 64f14f47d4c05c5ca8fb1e6181f2e109577177a5. --- .github/workflows/release.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3454f04..803a790 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,9 +20,12 @@ jobs: ACTIONS_ALLOW_UNSECURE_COMMANDS: true steps: - uses: actions/checkout@v3 - +<<<<<<< HEAD + - name: Run Gosec Security Scanner uses: securego/gosec@master +======= +>>>>>>> 8ef2804a39ec49deee56a15eee41c1b42488ae74 - name: Unshallow run: git fetch --prune --unshallow @@ -37,4 +40,9 @@ jobs: version: latest args: release --clean env: +<<<<<<< HEAD + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +======= GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +>>>>>>> 8ef2804a39ec49deee56a15eee41c1b42488ae74 From 75ff6dbd74f760a6a98532d025fd26f77ba8b0ac Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Mon, 27 Mar 2023 18:53:07 +0530 Subject: [PATCH 10/23] ci: Complete merge conflict --- .github/workflows/release.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 803a790..d6d54d8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,12 +20,9 @@ jobs: ACTIONS_ALLOW_UNSECURE_COMMANDS: true steps: - uses: actions/checkout@v3 -<<<<<<< HEAD - name: Run Gosec Security Scanner - uses: securego/gosec@master -======= ->>>>>>> 8ef2804a39ec49deee56a15eee41c1b42488ae74 + uses: securego/gosec@main - name: Unshallow run: git fetch --prune --unshallow @@ -40,9 +37,6 @@ jobs: version: latest args: release --clean env: -<<<<<<< HEAD GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -======= - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ->>>>>>> 8ef2804a39ec49deee56a15eee41c1b42488ae74 + From 395a37ee59b8ff4cea264ed9a74d8aa03fff1503 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Mon, 27 Mar 2023 22:54:38 +0530 Subject: [PATCH 11/23] ci: Fix typo error in gosec --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d6d54d8..3433895 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: - uses: actions/checkout@v3 - name: Run Gosec Security Scanner - uses: securego/gosec@main + uses: securego/gosec@master - name: Unshallow run: git fetch --prune --unshallow From 044f8f781aa87eb5858d90001cf50367ca967d61 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 11:08:22 +0530 Subject: [PATCH 12/23] ci: Upload sarif file --- .github/workflows/release.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3433895..ff9ddad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,13 @@ jobs: - name: Run Gosec Security Scanner uses: securego/gosec@master - + with: + args: '-no-fail -fmt sarif -out results.sarif ./...' + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif + - name: Unshallow run: git fetch --prune --unshallow From da94070b2a402faa3bd4c6a9eb527f0d582103f6 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 11:14:08 +0530 Subject: [PATCH 13/23] ci: Change sarif version --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ff9ddad..cf2cba2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: with: args: '-no-fail -fmt sarif -out results.sarif ./...' - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif From 6a7a3890fd3f3646312958ad316394652c0ec9dd Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 11:20:24 +0530 Subject: [PATCH 14/23] ci: Add permission for integration --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cf2cba2..fde21b0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,6 +10,7 @@ permissions: id-token: write packages: write issues: write + security-events: write jobs: goreleaser: From 28b1ec4d5a89a25daa8bc229e2fea3464b856ef2 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 11:32:42 +0530 Subject: [PATCH 15/23] ci: Remove goreleaser for checking purpose --- .github/workflows/release.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fde21b0..714a089 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,12 +38,14 @@ jobs: with: go-version: 1.19 - - uses: goreleaser/goreleaser-action@v4 - with: - distribution: goreleaser - version: latest - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - uses: goreleaser/goreleaser-action@v4 + # with: + # distribution: goreleaser + # version: latest + # args: release --clean + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Listing file + run: ls -la From 19b032b235a79835f75f1f3da6fba5e9eb019d83 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 11:47:10 +0530 Subject: [PATCH 16/23] ci: Add results.sarif file to .gitignore --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 714a089..d632208 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -49,3 +49,6 @@ jobs: - name: Listing file run: ls -la + - name: Add sarif file to .gitignore + run: echo results.sarif >> .gitignore + From 69c7cd4659ceee07af63a5e3b879e87140a8b641 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 11:59:10 +0530 Subject: [PATCH 17/23] ci: Add goreleaser --- .github/workflows/release.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d632208..07509fb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,18 +37,18 @@ jobs: - uses: actions/setup-go@v4 with: go-version: 1.19 - - # - uses: goreleaser/goreleaser-action@v4 - # with: - # distribution: goreleaser - # version: latest - # args: release --clean - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Add sarif file to .gitignore + run: echo results.sarif >> .gitignore - name: Listing file run: ls -la - - name: Add sarif file to .gitignore - run: echo results.sarif >> .gitignore + - uses: goreleaser/goreleaser-action@v4 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 67b9fc3a0483c97369a18e12142c049d8d95deb8 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 12:03:52 +0530 Subject: [PATCH 18/23] chore: Typo in echo command --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 07509fb..e3474a0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,7 +39,7 @@ jobs: go-version: 1.19 - name: Add sarif file to .gitignore - run: echo results.sarif >> .gitignore + run: echo "results.sarif" >> .gitignore - name: Listing file run: ls -la From 2b522a73aa61342d73727da9362ea7223b3cb076 Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 12:12:25 +0530 Subject: [PATCH 19/23] build: Add .gitignore file to the repo --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..824cc76 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +# add the files here to ignore \ No newline at end of file From 91f0d6a270cdaddb33a191e395c5bc5b67e305bb Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 12:58:10 +0530 Subject: [PATCH 20/23] ci: Implement multi jobs and delete gitignore --- .github/workflows/release.yml | 22 ++++++++++------------ .gitignore | 1 - 2 files changed, 10 insertions(+), 13 deletions(-) delete mode 100644 .gitignore diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e3474a0..7fbc43d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,16 +12,15 @@ permissions: issues: write security-events: write -jobs: - goreleaser: - runs-on: ubuntu-latest - env: +env: GO111MODULE: on CGO_ENABLED: 0 ACTIONS_ALLOW_UNSECURE_COMMANDS: true - steps: - - uses: actions/checkout@v3 +jobs: + gosecscanner: + runs-on: ubuntu-latest + steps: - name: Run Gosec Security Scanner uses: securego/gosec@master with: @@ -31,6 +30,11 @@ jobs: with: sarif_file: results.sarif + goreleaser: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Unshallow run: git fetch --prune --unshallow @@ -38,12 +42,6 @@ jobs: with: go-version: 1.19 - - name: Add sarif file to .gitignore - run: echo "results.sarif" >> .gitignore - - - name: Listing file - run: ls -la - - uses: goreleaser/goreleaser-action@v4 with: distribution: goreleaser diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 824cc76..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -# add the files here to ignore \ No newline at end of file From ef0c15265e6546b46122589a1384c59e0964b58a Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 13:04:31 +0530 Subject: [PATCH 21/23] ci: Add checkout in gosec scanner job --- .github/workflows/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7fbc43d..354bcd9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,10 +21,14 @@ jobs: gosecscanner: runs-on: ubuntu-latest steps: + - name: Checkout Source + uses: actions/checkout@v3 + - name: Run Gosec Security Scanner uses: securego/gosec@master with: args: '-no-fail -fmt sarif -out results.sarif ./...' + - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v2 with: From 185da7f9797f8efa33ea6c4d7d83dbbc97f318bb Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 14:12:16 +0530 Subject: [PATCH 22/23] ci: Add extra job for trivy scanner --- .github/workflows/release.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 354bcd9..27242c6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ env: ACTIONS_ALLOW_UNSECURE_COMMANDS: true jobs: - gosecscanner: + gosec: runs-on: ubuntu-latest steps: - name: Checkout Source @@ -28,12 +28,30 @@ jobs: uses: securego/gosec@master with: args: '-no-fail -fmt sarif -out results.sarif ./...' - + - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif + trivy: + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Build an image from Dockerfile + run: | + docker build -t docker.io/my-organization/my-app:${{ github.sha }} . + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + goreleaser: runs-on: ubuntu-latest steps: From f68d8a1185e56b404072cf88ac6e6602796ab46d Mon Sep 17 00:00:00 2001 From: nir3shprabu <115976526+nir3shprabu@users.noreply.github.com> Date: Tue, 28 Mar 2023 16:57:54 +0530 Subject: [PATCH 23/23] ci: Modify gosec args --- .github/workflows/release.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 27242c6..c2a6b26 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,12 +27,7 @@ jobs: - name: Run Gosec Security Scanner uses: securego/gosec@master with: - args: '-no-fail -fmt sarif -out results.sarif ./...' - - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: results.sarif + args: ./... trivy: runs-on: ubuntu-20.04