chore(deps): update aquasecurity/trivy-action action to v0.31.0 #3131
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push/PR pipeline | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - renovate/** | |
| env: | |
| # NOTICE that apart from this, the versions in the chart linter matrix needs to be bumped too. | |
| LATEST_K8S_VERSION: 'v1.32.0' | |
| MINIKUBE_VERSION: 'v1.35.0' | |
| jobs: | |
| chart-lint: | |
| name: Helm chart Lint | |
| runs-on: ubuntu-24.04 # Pinning this version is needed till k8s 1.16, 1.17, 1.18 are supported/tested | |
| timeout-minutes: 10 | |
| strategy: | |
| matrix: | |
| kubernetes-version: ["v1.32.0", "v1.31.0", "v1.30.0", "v1.29.5", "v1.28.3"] | |
| steps: | |
| - uses: azure/setup-helm@v4 | |
| with: | |
| version: 'v3.0.0' | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: helm/[email protected] | |
| - name: Lint charts | |
| run: ct --config .github/ct.yaml lint --debug | |
| - name: Check for changed installable charts | |
| id: list-changed | |
| run: | | |
| changed=$(ct --config .github/ct.yaml list-changed) | |
| if [[ -n "$changed" ]]; then | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Run helm unit tests | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: | | |
| helm plugin install https://github.com/helm-unittest/helm-unittest --version=0.3.2 | |
| for chart in $(ct --config .github/ct.yaml list-changed); do | |
| if [ -d "$chart/tests/" ]; then | |
| helm unittest $chart | |
| else | |
| echo "No unit tests found for $chart" | |
| fi | |
| done | |
| - uses: actions/setup-go@v5 | |
| if: steps.list-changed.outputs.changed == 'true' | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Check README.md is up to date | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: | | |
| go install github.com/norwoodj/helm-docs/cmd/[email protected] | |
| make build-chart-docs | |
| if [ ! -z "$(git status --porcelain)" ]; then | |
| git diff | |
| exit 1 | |
| fi | |
| - name: Setup Minikube | |
| uses: manusa/[email protected] | |
| if: steps.list-changed.outputs.changed == 'true' | |
| with: | |
| minikube version: ${{ env.MINIKUBE_VERSION }} | |
| kubernetes version: ${{ matrix.kubernetes-version }} | |
| # default driver doesn't support 'eval $$(minikube docker-env)'. | |
| driver: docker | |
| github token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create image for chart testing | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: | | |
| make build-multiarch | |
| GOOS=linux GOARCH=amd64 DOCKER_BUILDKIT=1 docker build -t ct/prometheus-configurator:ct . | |
| minikube image load ct/prometheus-configurator:ct | |
| kubectl create ns ct | |
| - name: Test install charts | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: ct install --namespace ct --config .github/ct.yaml --debug | |
| - name: Test upgrade charts | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: ct install --namespace ct --config .github/ct.yaml --debug --upgrade | |
| e2e-test: | |
| name: E2e Tests | |
| if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci/skip-e2e') }} | |
| runs-on: ubuntu-latest | |
| # If the environment is broken this job could timeout since the default timeout for tilt ci is 30m. | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Minikube | |
| uses: manusa/[email protected] | |
| with: | |
| minikube version: ${{ env.MINIKUBE_VERSION }} | |
| kubernetes version: ${{ env.LATEST_K8S_VERSION }} | |
| # default driver doesn't support 'eval $$(minikube docker-env)'. | |
| driver: docker | |
| github token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| # tilt 0.33.3 introduces a breaking change that results in | |
| # "ERROR: Failed to connect to Docker: Error response from daemon: Client sent an HTTP request to an HTTPS server." | |
| # So we explicitly adopt tilt 0.33.2 to prevent the E2e Tests failure. | |
| - name: Install Tilt | |
| run: | | |
| curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v0.33.2/tilt.0.33.2.linux.x86_64.tar.gz | tar -xzv tilt && sudo mv tilt /usr/local/bin/tilt | |
| - name: Run e2e-test | |
| env: | |
| SECRET_AVAILABLE: ${{ secrets.K8S_AGENTS_E2E_ACCOUNT_ID }} | |
| if: ${{ env.SECRET_AVAILABLE != '' }} | |
| uses: newrelic/newrelic-integration-e2e-action@v1 | |
| with: | |
| retry_seconds: 90 | |
| retry_attempts: 5 | |
| agent_enabled: false | |
| spec_path: test/e2e/test-specs.yml | |
| account_id: ${{ secrets.K8S_AGENTS_E2E_ACCOUNT_ID }} | |
| api_key: ${{ secrets.K8S_AGENTS_E2E_API_KEY }} | |
| license_key: ${{ secrets.K8S_AGENTS_E2E_LICENSE_KEY }} | |
| test: | |
| name: Run tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Run unit tests | |
| run: make test | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 | |
| with: | |
| fail_ci_if_error: false | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Setup Minikube | |
| uses: manusa/[email protected] | |
| with: | |
| minikube version: ${{ env.MINIKUBE_VERSION }} | |
| kubernetes version: ${{ env.LATEST_K8S_VERSION }} | |
| driver: docker | |
| github token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run integration tests | |
| run: make integration-test | |
| static-analysis: | |
| name: Static analysis and linting | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| - uses: newrelic/newrelic-infra-checkers@v1 | |
| with: | |
| golangci-lint-config: golangci-lint | |
| # - name: Semgrep | |
| # uses: returntocorp/semgrep-action@v1 | |
| # with: | |
| # auditOn: push | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v8 | |
| continue-on-error: ${{ github.event_name != 'pull_request' }} | |
| with: | |
| only-new-issues: true | |
| - name: Prometheus versions match | |
| run: make check-prometheus-version | |
| # TODO Check is failing, for some reason the generated file does not contain | |
| # some of the indirect dependencies. | |
| # - name: Check THIRD_PARTY_NOTICES.md is up to date | |
| # run: | | |
| # go install go.elastic.co/[email protected] | |
| # make build-license-notice | |
| # if [ ! -z "$(git status --porcelain)" ]; then | |
| # git diff | |
| # exit 1 | |
| # fi | |
| codespell: | |
| name: Codespell | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Codespell test | |
| uses: codespell-project/actions-codespell@master | |
| with: | |
| skip: go.mod,go.sum |