Skip to content

Upgrade go-git/v5 to remediate critical and high vulnerabilities #769

Upgrade go-git/v5 to remediate critical and high vulnerabilities

Upgrade go-git/v5 to remediate critical and high vulnerabilities #769

name: "11 - Test: Acceptance"
on:
workflow_call:
push:
tags:
- v*
branches:
- main
workflow_dispatch:
pull_request:
env:
POWERPIPE_UPDATE_CHECK: false
SPIPETOOLS_TOKEN: ${{ secrets.SPIPETOOLS_TOKEN }}
jobs:
goreleaser:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: powerpipe
ref: ${{ github.event.ref }}
- name: Checkout Pipe Fittings Components repository
uses: actions/checkout@v4
with:
repository: turbot/pipe-fittings
path: pipe-fittings
ref: v1.6.x
# this is required, check golangci-lint-action docs
- uses: actions/setup-go@v5
with:
go-version: '1.22'
cache: false # setup-go v4 caches by default, do not change this parameter, check golangci-lint-action doc: https://github.com/golangci/golangci-lint-action/pull/704
- name: Build
run: |-
cd powerpipe
make release-dry-run
- name: Move build artifacts
run: |
ls -al $GITHUB_WORKSPACE/powerpipe
sudo chown -R runner:docker $GITHUB_WORKSPACE/powerpipe/dist
mkdir ~/artifacts
mv $GITHUB_WORKSPACE/powerpipe/dist/powerpipe.linux.amd64.tar.gz ~/artifacts/linux.tar.gz
mv $GITHUB_WORKSPACE/powerpipe/dist/powerpipe.darwin.amd64.tar.gz ~/artifacts/darwin.tar.gz
- name: List Build Artifacts
run: ls -l ~/artifacts
- name: Save Linux Build Artifact
uses: actions/upload-artifact@v3
with:
name: build-artifact-linux
path: ~/artifacts/linux.tar.gz
if-no-files-found: error
- name: Save MacOS Build Artifact
uses: actions/upload-artifact@v3
with:
name: build-artifact-darwin
path: ~/artifacts/darwin.tar.gz
if-no-files-found: error
acceptance_test:
name: Test
needs: goreleaser
strategy:
fail-fast: false
matrix:
platform: [ubuntu-latest]
test_block:
- "check"
- "resource_show_outputs"
- "dashboard"
- "backend"
- "mod"
- "mod_install"
- "sp_files"
- "var_resolution"
- "params_and_args"
- "snapshot"
- "dashboard_parsing_validation"
- "database_precedence"
runs-on: ${{ matrix.platform }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
path: powerpipe
ref: ${{ github.event.ref }}
- uses: actions/setup-go@v5
with:
go-version: 1.22
cache: false
- name: Prepare for downloads
id: prepare-for-downloads
run: |
mkdir ~/artifacts
- name: Download Linux Build Artifacts
uses: actions/download-artifact@v3
if: ${{ matrix.platform == 'ubuntu-latest' }}
with:
name: build-artifact-linux
path: ~/artifacts
- name: Download Darwin Build Artifacts
uses: actions/download-artifact@v3
if: ${{ matrix.platform == 'macos-latest' }}
with:
name: build-artifact-darwin
path: ~/artifacts
- name: Extract Darwin Artifacts and Install Binary
if: ${{ matrix.platform == 'macos-latest' }}
run: |
mkdir ~/build
tar -xf ~/artifacts/darwin.tar.gz -C ~/build
- name: Extract Ubuntu Artifacts and Install Binary
if: ${{ matrix.platform == 'ubuntu-latest' }}
run: |
mkdir ~/build
tar -xf ~/artifacts/linux.tar.gz -C ~/build
- name: Install Steampipe(Darwin)
if: ${{ matrix.platform == 'macos-latest' }}
run: |
brew install turbot/tap/steampipe
steampipe -v
- name: Install Steampipe(Linux)
if: ${{ matrix.platform == 'ubuntu-latest' }}
run: |
sudo /bin/sh -c "$(curl -fsSL https://steampipe.io/install/steampipe.sh)"
steampipe -v
- name: Set PATH
run: |
echo "PATH=$PATH:$HOME/build:$GTIHUB_WORKSPACE/powerpipe/tests/acceptance/lib/bats-core/libexec" >> $GITHUB_ENV
- name: Go install jd
run: |
go install github.com/josephburnett/jd@latest
- name: Start steamipipe service
run: |
steampipe service start
- name: Run Test Suite
id: run-test-suite
timeout-minutes: 15
continue-on-error: true
run: |
chmod +x $GITHUB_WORKSPACE/powerpipe/tests/acceptance/run.sh
$GITHUB_WORKSPACE/powerpipe/tests/acceptance/run.sh ${{ matrix.test_block }}.bats
echo "exit_code=$(echo $?)" >> $GITHUB_OUTPUT
echo ">> here"
# This job checks whether the test suite has passed or not.
# Since the exit_code is set only when the bats test suite pass,
# we have added the if-conditional block
- name: Check Test Passed/Failed
if: ${{ success() }}
continue-on-error: false
run: |
if [ ${{ steps.run-test-suite.outputs.exit_code }} -eq 0 ]; then
exit 0
else
exit 1
fi
- name: Stop steampipe service
run: |
steampipe service stop
cleanup:
# let's clean up the artifacts.
# incase this step isn't reached,
# artifacts automatically expire after 90 days anyway
# refer:
# https://docs.github.com/en/actions/configuring-and-managing-workflows/persisting-workflow-data-using-artifacts#downloading-and-deleting-artifacts-after-a-workflow-run-is-complete
name: Clean Up Artifacts
needs: acceptance_test
if: ${{ needs.acceptance_test.result == 'success' }}
runs-on: ubuntu-latest
steps:
- name: Clean up Linux Build
uses: geekyeggo/delete-artifact@v5
with:
name: build-artifact-linux
failOnError: true
- name: Clean up Darwin Build
uses: geekyeggo/delete-artifact@v5
with:
name: build-artifact-darwin
failOnError: true