build(deps): bump github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring from 0.74.0 to 0.78.0 #7261

Workflow file for this run

	name: build
	on:
	push:
	branches:
	- main
	release:
	types: [published]
	pull_request:
	env:
	GO_VERSION: '1.23'
	NIX_VERSION: '2.18.1'
	BOM_VERSION: v0.5.1
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	permissions: {}

	jobs:
	macos:
	runs-on: macos-12
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
	with:
	go-version: ${{ env.GO_VERSION }}
	- run: make test-unit
	- run: make verify-go-lint

	nix:
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v28
	with:
	install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
	- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
	with:
	name: security-profiles-operator
	authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
	pushFilter: security-profiles-operator
	- run: make nix
	- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
	with:
	name: build
	path: build.tar.gz

	nix-spoc:
	if: github.ref == 'refs/heads/main' \|\| contains(github.ref, 'refs/tags')
	runs-on: ubuntu-22.04
	permissions:
	contents: write # required for updating the release
	id-token: write # required for sigstore signing
	steps:
	- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v28
	with:
	install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
	- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
	with:
	name: security-profiles-operator
	authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
	pushFilter: security-profiles-operator
	- run: \|
	sudo curl -sSfL --retry 5 --retry-delay 3 -o /usr/bin/bom \
	https://github.com/kubernetes-sigs/bom/releases/download/${{ env.BOM_VERSION }}/bom-amd64-linux
	sudo chmod +x /usr/bin/bom
	- run: make nix-spoc
	- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
	with:
	name: spoc
	path: \|
	build/*
	- uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
	if: startsWith(github.ref, 'refs/tags/')
	with:
	files: \|
	build/*

	bpf:
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
	with:
	go-version: ${{ env.GO_VERSION }}
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v28
	with:
	install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
	- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
	with:
	name: security-profiles-operator
	authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
	pushFilter: security-profiles-operator
	- run: make verify-bpf

	build-image:
	runs-on: ubuntu-22.04
	steps:
	- name: Remove unnecessary files
	run: \|
	sudo rm -rf /usr/share/dotnet
	sudo rm -rf "$AGENT_TOOLSDIRECTORY"
	sudo rm -rf /opt/ghc
	sudo rm -rf /usr/local/share/boost
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
	- name: Login to Quay
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	registry: quay.io/security-profiles-operator
	username: security-profiles-operator+github
	password: ${{ secrets.QUAY_TOKEN }}
	if: github.ref == 'refs/heads/main'
	- name: Image metadata
	id: meta
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	with:
	images: \|
	quay.io/security-profiles-operator/build
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=ref,event=tag
	type=sha,format=long
	- name: Build (and push if needed)
	uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
	with:
	context: .
	file: Dockerfile.build-image
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	push: ${{ github.ref == 'refs/heads/main' }}
	# Only load on PR builds
	load: ${{ github.ref != 'refs/heads/main' }}
	- name: Run container image vulnerability scanner
	uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
	with:
	image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
	format: 'table'
	exit-code: '0'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	timeout: 30m

	operator-image:
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
	- name: Login to Quay
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	registry: quay.io/security-profiles-operator
	username: security-profiles-operator+github
	password: ${{ secrets.QUAY_TOKEN }}
	if: github.ref == 'refs/heads/main'
	- name: Image metadata
	id: meta
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	with:
	images: \|
	quay.io/security-profiles-operator/spo
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=ref,event=tag
	type=sha,format=long
	- name: Build
	uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
	with:
	context: .
	file: Dockerfile
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	load: true
	- name: Run container image vulnerability scanner
	uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
	with:
	image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

	ubi-image:
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
	- name: Login to Quay
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	registry: quay.io/security-profiles-operator
	username: security-profiles-operator+github
	password: ${{ secrets.QUAY_TOKEN }}
	if: github.ref == 'refs/heads/main'
	- name: Image metadata
	id: meta
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	with:
	images: \|
	quay.io/security-profiles-operator/build
	flavor: \|
	suffix=-ubi
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=ref,event=tag
	type=sha,format=long
	# TODO(jaosorior): Push UBI image too
	- name: Build
	uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
	with:
	context: .
	file: Dockerfile.ubi
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	load: true
	- name: Run container image vulnerability scanner
	uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
	with:
	image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring from 0.74.0 to 0.78.0 #7261

Workflow file

build(deps): bump github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring from 0.74.0 to 0.78.0 #7261

Jobs

Run details

Workflow file for this run