Upgrade Go to 1.20, other libraries to remove vulnerabilities #95
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: V1 Security Tests | |
on: | |
push: | |
branches: [ master, rabbitmq* ] | |
pull_request: | |
branches: [ master, rabbitmq* ] | |
workflow_dispatch: | |
jobs: | |
security-python: | |
runs-on: ubuntu-latest | |
container: snyk/snyk:python-3.8 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: security-python | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
run: | | |
pip install -e python/. | |
snyk test --file=python/setup.py --fail-on=upgradable --severity-threshold=high | |
security-operator: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: security-operator | |
# NOTE: We use the Snyk action (instead of the Snyk base image) so that | |
# it respects the Go version we use. | |
uses: snyk/actions/golang@master | |
with: | |
args: --fail-on=upgradable | |
--severity-threshold=high | |
--file=operator/go.mod | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
security-executor: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: snyk/actions/setup@master | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: '^1.17.0' | |
- name: Set up executor's environmnet | |
# NOTE: The executor needs a couple extra steps before we can build it, | |
# like copying the operator's package into the executor's folder so that | |
# it's accessible. | |
run: make -C executor/ executor | |
- name: security-executor | |
run: snyk test \ | |
--fail-on=upgradable | |
--severity-threshold=high | |
--file=executor/go.mod | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
security-image-executor: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: security-image-executor | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: seldonio/seldon-core-executor:1.16.0-dev | |
args: --fail-on=upgradable --app-vulns --severity-threshold=high --file=executor/Dockerfile.executor | |
security-image-operator: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: security-image-operator | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: seldonio/seldon-core-operator:1.16.0-dev | |
args: --fail-on=upgradable --app-vulns --severity-threshold=high --file=operator/Dockerfile | |
security-image-python-base: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: security-image-python-base | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: seldonio/seldon-core-s2i-python37-ubi8:1.16.0-dev | |
args: --fail-on=upgradable --app-vulns --severity-threshold=high --file=wrappers/s2i/python/Dockerfile | |
security-image-python-sklearn: | |
runs-on: ubuntu-latest | |
steps: | |
- name: security-image-python-sklearn | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: seldonio/sklearnserver:1.16.0-dev | |
args: --fail-on=upgradable --app-vulns --severity-threshold=high | |
security-image-python-mlflow: | |
runs-on: ubuntu-latest | |
steps: | |
- name: security-image-python-mlflow | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: seldonio/mlflowserver:1.16.0-dev | |
args: --fail-on=upgradable --app-vulns --severity-threshold=high | |
security-image-python-xgboost: | |
runs-on: ubuntu-latest | |
steps: | |
- name: security-image-python-xgboost | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: seldonio/xgboostserver:1.16.0-dev | |
args: --fail-on=upgradable --app-vulns --severity-threshold=high | |
security-image-alibi-explain: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: security-image-alibi-explain | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: seldonio/alibiexplainer:1.16.0-dev | |
args: --fail-on=upgradable --app-vulns --severity-threshold=high --file=components/alibi-explain-server/Dockerfile | |
security-image-alibi-detect: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: security-image-alibi-detect | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: seldonio/alibi-detect-server:1.16.0-dev | |
args: --fail-on=upgradable --app-vulns --severity-threshold=high --file=components/alibi-detect-server/Dockerfile | |
security-image-initializer-rclone: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: security-image-request-logger | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: seldonio/rclone-storage-initializer:1.16.0-dev | |
args: --fail-on=upgradable --app-vulns --severity-threshold=high --file=components/rclone-storage-initializer/Dockerfile |