Bump aquasecurity/trivy-action from 0.10.0 to 0.29.0 #9131
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Github Actions | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- "*" | |
pull_request: | |
env: | |
DEFAULT_PYTHON_VERSION: "3.10" | |
jobs: | |
test: | |
name: Run Tests | |
runs-on: ubuntu-24.04 | |
#missing matrix | |
strategy: | |
fail-fast: false | |
steps: | |
- name: Checkout git repository 🕝 | |
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c | |
- name: Download gomplate | |
run: |- | |
sudo curl -o /usr/local/bin/gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/v3.9.0/gomplate_linux-amd64 | |
sudo chmod +x /usr/local/bin/gomplate | |
- name: Set up Python ${{ env.DEFAULT_PYTHON_VERSION }} 🐍 | |
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON_VERSION }} | |
- name: Read Poetry Version 🔢 | |
run: | | |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV | |
shell: bash | |
- name: Install poetry 🦄 | |
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 # v8 | |
with: | |
poetry-version: ${{ env.POETRY_VERSION }} | |
- name: Load Poetry Cached Libraries ⬇ | |
id: cache-poetry | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
with: | |
path: .venv | |
key: ${{ runner.os }}-poetry-${{ env.POETRY_VERSION }}-${{ env.DEFAULT_PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }}-${{ secrets.POETRY_CACHE_VERSION }} | |
restore-keys: ${{ runner.os }}-poetry-${{ env.DEFAULT_PYTHON_VERSION }} | |
- name: Clear Poetry cache | |
if: steps.cache-poetry.outputs.cache-hit == 'true' && contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests') | |
run: rm -r .venv | |
- name: Create virtual environment | |
if: (steps.cache-poetry.outputs.cache-hit != 'true' || contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')) | |
run: python -m venv create .venv | |
- name: Set up virtual environment | |
run: poetry config virtualenvs.in-project true | |
- name: Install Dependencies 📦 | |
run: | | |
make install-full | |
- name: Lint Code 🎎 | |
run: | | |
poetry run ruff check .github --extend-ignore D | |
poetry run black --check .github | |
- name: Test Code 🔍 | |
run: | | |
make test-gh-actions |