feat: add codeql GHA and cron job for image build to run trivy #379
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - "**/*.md" | |
| - "LICENSE" | |
| pull_request: | |
| paths-ignore: | |
| - "**/*.md" | |
| - "LICENSE" | |
| schedule: | |
| - cron: '37 21 * * 5' | |
| jobs: | |
| test-and-build: | |
| strategy: | |
| matrix: | |
| go-version: ["1.20"] | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - if: matrix.os == 'ubuntu-latest' | |
| name: golangci-lint | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. | |
| version: v1.54.2 | |
| skip-pkg-cache: true | |
| only-new-issues: true | |
| - name: Run unit tests | |
| run: make test | |
| - name: Build collector | |
| run: make build | |
| - if: matrix.os != 'windows-latest' | |
| name: Launch collector for E2E tests | |
| run: ./collector --config ./_tests/e2e/test-config.yml & | |
| - if: matrix.os != 'windows-latest' | |
| name: Run E2E tests | |
| run: ./_tests/e2e/test.sh ./exported-trace.json | |
| build-docker-image: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Build and push image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| # this workflow runs on PRs, it only tests if the image can be built | |
| push: false | |
| context: . | |
| file: ./Dockerfile | |
| tags: hypertrace/hypertrace-collector:latest | |
| build-args: | | |
| VERSION=latest | |
| GIT_COMMIT=${GITHUB_SHA} | |
| - name: Run Trivy vulnerability scanner | |
| uses: hypertrace/github-actions/trivy-image-scan@main | |
| with: | |
| image: hypertrace/hypertrace-collector | |
| tag: latest | |
| output-mode: github |