Skip to content

Merge pull request #40 from KubeLilin/dev #29

Merge pull request #40 from KubeLilin/dev

Merge pull request #40 from KubeLilin/dev #29

Workflow file for this run

name: Compile&Publish
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: "1.18.0"
- name: Build kubelilin apiserver
run: |
go env -w GOPROXY=https://goproxy.cn,direct
cd src
go mod tidy
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o app .
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
if: github.event_name != 'pull_request'
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
if: github.event_name != 'pull_request'
- name: Build And Push kubelilin apiserver
uses: docker/build-push-action@v3
with:
context: .
file: src/Dockerfile_Prod
push: true
cache-from: type=gha,scope=blockcluster
cache-to: type=gha,scope=blockcluster
tags: ${{ secrets.DOCKER_HUB_USERNAME }}/kubelilin-apiserver:latest
if: github.event_name != 'pull_request'
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.6.2
continue-on-error: true
with:
image-ref: ${{ secrets.DOCKER_HUB_USERNAME }}/kubelilin-apiserver:latest
format: 'sarif'
output: 'trivy-results-${{ matrix.image }}.sarif'
ignore-unfixed: 'true'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
continue-on-error: true
with:
sarif_file: 'trivy-results-${{ matrix.image }}.sarif'
- name: Upload Scan Results
uses: actions/upload-artifact@v3
continue-on-error: true
with:
name: 'trivy-results-${{ matrix.image }}.sarif'
path: 'trivy-results-${{ matrix.image }}.sarif'
if: always()