Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1 #579

Workflow file for this run

	# SPDX-License-Identifier: MIT
	name: CI

	on:
	push:
	branches:
	- main
	- feature/**
	paths-ignore:
	- '**.md'
	- '.gitignore'
	pull_request:
	branches:
	- main

	env:
	GORELEASER_VERSION: 1.20.0
	TASK_VERSION: 3.x

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	local-build:
	name: Local build
	runs-on: ubuntu-22.04
	permissions: {}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@v4
	with:
	go-version-file: './go.mod'

	- name: Setup Task
	uses: arduino/setup-task@v1
	with:
	version: ${{ env.TASK_VERSION }}
	repo-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Setup GoReleaser
	uses: goreleaser/goreleaser-action@v5
	with:
	install-only: true

	- name: Setup container-structure-test
	run: \|
	set -euo pipefail
	curl -fsSLo /usr/local/bin/container-structure-test https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
	chmod +x /usr/local/bin/container-structure-test
	container-structure-test version

	- name: Check release config
	run: \|
	task goreleaser:check

	- name: Build with GoReleaser
	run: \|
	task goreleaser:build

	- name: Create snapshot release
	run: \|
	task goreleaser:snapshot

	- name: Build
	run: \|
	task build

	- name: Test
	run: \|
	task test

	release-dry-run:
	name: GoReleaser release (dry run)
	runs-on: ubuntu-22.04
	permissions:
	actions: read
	checks: write
	contents: read
	security-events: write
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@v4
	with:
	go-version-file: './go.mod'

	- name: Set environment variables
	run: \|
	set -euo pipefail
	echo "SNAPSHOT_VERSION=$(./scripts/version)" >>"${GITHUB_ENV}"

	IMAGE_BASE_NAME_DISTROLESS="$(sed -n "s/^FROM $.*$/\1/p" build/package/Dockerfile \| tail -n 1)"
	echo "IMAGE_BASE_NAME_DISTROLESS=${IMAGE_BASE_NAME_DISTROLESS}" >>"${GITHUB_ENV}"
	echo "IMAGE_BASE_DIGEST_DISTROLESS=$(docker pull "${IMAGE_BASE_NAME_DISTROLESS}" \| sed -n "s/^Digest: $.*$$/\1/p")" >>"${GITHUB_ENV}"

	IMAGE_BASE_NAME_ALPINE="$(sed -n "s/^FROM $.*$/\1/p" build/package/Dockerfile.alpine \| tail -n 1)"
	echo "IMAGE_BASE_NAME_ALPINE=${IMAGE_BASE_NAME_ALPINE}" >>"${GITHUB_ENV}"
	echo "IMAGE_BASE_DIGEST_ALPINE=$(docker pull "${IMAGE_BASE_NAME_ALPINE}" \| sed -n "s/^Digest: $.*$$/\1/p")" >>"${GITHUB_ENV}"
	cat "${GITHUB_ENV}"

	- name: Check release config
	uses: goreleaser/goreleaser-action@v5
	with:
	version: v${{ env.GORELEASER_VERSION }}
	args: check --config build/package/.goreleaser.yaml

	- name: Create snapshot release
	uses: goreleaser/goreleaser-action@v5
	with:
	version: v${{ env.GORELEASER_VERSION }}
	args: release --config build/package/.goreleaser.yaml --snapshot --skip-publish --clean

	- name: Container structure test (scratch)
	uses: docker://gcr.io/gcp-runtimes/container-structure-test:latest
	with:
	args: 'test --image ghcr.io/ffurrer2/semver:latest --config test/semver_container_test.yml'

	- name: Container structure test (alpine)
	uses: docker://gcr.io/gcp-runtimes/container-structure-test:latest
	with:
	args: 'test --image ghcr.io/ffurrer2/semver:alpine --config test/semver_alpine_container_test.yml'

	- name: Run Trivy vulnerability scanner (scratch)
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'ghcr.io/ffurrer2/semver:latest'
	exit-code: '1'
	vuln-type: 'os,library'
	severity: 'HIGH,CRITICAL'
	format: 'sarif'
	output: 'trivy-results-scratch.sarif'
	github-pat: '${{ secrets.GITHUB_TOKEN }}'

	- name: Inspect Trivy SARIF report (scratch)
	run: \|
	cat trivy-results-scratch.sarif

	- name: Upload Trivy scan results to GitHub Security tab (scratch)
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results-scratch.sarif'
	category: trivy-results-scratch
	if: always()

	- name: Run Trivy vulnerability scanner (alpine)
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'ghcr.io/ffurrer2/semver:alpine'
	exit-code: '1'
	vuln-type: 'os,library'
	severity: 'HIGH,CRITICAL'
	format: 'sarif'
	output: 'trivy-results-alpine.sarif'
	github-pat: '${{ secrets.GITHUB_TOKEN }}'

	- name: Inspect Trivy SARIF report (alpine)
	run: \|
	cat trivy-results-alpine.sarif

	- name: Upload Trivy scan results to GitHub Security tab (alpine)
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results-alpine.sarif'
	category: trivy-results-alpine
	if: always()

	- name: Run Anchore image scanner (scratch)
	uses: anchore/scan-action@v3
	id: anchore-scratch
	with:
	image: 'ghcr.io/ffurrer2/semver:latest'
	fail-build: true
	severity-cutoff: high

	- name: Inspect Anchore SARIF report (scratch)
	run: \|
	cat ${{ steps.anchore-scratch.outputs.sarif }}

	- name: Upload Anchore scan results to GitHub Security tab (scratch)
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: ${{ steps.anchore-scratch.outputs.sarif }}
	category: anchore-results-scratch
	if: always()

	- name: Run Anchore image scanner (alpine)
	uses: anchore/scan-action@v3
	id: anchore-alpine
	with:
	image: 'ghcr.io/ffurrer2/semver:alpine'
	fail-build: true
	severity-cutoff: high

	- name: Inspect Anchore SARIF report (alpine)
	run: \|
	cat ${{ steps.anchore-alpine.outputs.sarif }}

	- name: Upload Anchore scan results to GitHub Security tab (alpine)
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: ${{ steps.anchore-alpine.outputs.sarif }}
	category: anchore-results-alpine
	if: always()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1 #579

Workflow file

Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1 #579

Jobs

Run details

Workflow file for this run