Add custom CA when deploying replicated-sdk (#4914) #1949

Workflow file for this run

	name: alpha

	on:
	push:
	branches:
	- main

	jobs:

	generate-tag:
	runs-on: ubuntu-20.04
	outputs:
	tag: ${{ steps.get_tag.outputs.GIT_TAG }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Get tags
	id: get_tag
	uses: ./.github/actions/version-tag


	build-migrations-melange-packages:
	needs: [generate-tag]
	strategy:
	fail-fast: true
	matrix:
	runner: [
	{name: ubuntu-20.04, arch: amd64},
	{name: arm64-runner-set, arch: arm64}
	]
	runs-on: ${{ matrix.runner.name }}
	steps:
	- uses: actions/checkout@v4
	- uses: ./.github/actions/build-custom-melange-package
	with:
	context: migrations/deploy
	component: kotsadm-migrations
	git-tag: ${{ needs.generate-tag.outputs.tag }}
	arch: ${{ matrix.runner.arch }}

	build-migrations:
	runs-on: ubuntu-20.04
	needs: [generate-tag, build-migrations-melange-packages]
	steps:
	- uses: actions/checkout@v4
	- uses: ./.github/actions/build-custom-image-with-apko
	with:
	context: migrations/deploy
	component: kotsadm-migrations
	git-tag: ${{ needs.generate-tag.outputs.tag }}
	image-name: index.docker.io/kotsadm/kotsadm-migrations:alpha
	registry-username: ${{ secrets.DOCKERHUB_USER }}
	registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}


	build-kotsadm-melange-packages:
	needs: [generate-tag]
	strategy:
	fail-fast: true
	matrix:
	runner: [
	{name: ubuntu-20.04, arch: amd64},
	{name: arm64-runner-set, arch: arm64}
	]
	runs-on: ${{ matrix.runner.name }}
	steps:
	- uses: actions/checkout@v4
	- uses: ./.github/actions/build-custom-melange-package
	with:
	context: deploy
	component: kotsadm
	git-tag: ${{ needs.generate-tag.outputs.tag }}
	arch: ${{ matrix.runner.arch }}

	build-kotsadm:
	runs-on: ubuntu-20.04
	needs: [generate-tag, build-kotsadm-melange-packages]
	steps:
	- uses: actions/checkout@v4
	- uses: ./.github/actions/build-custom-image-with-apko
	with:
	context: deploy
	component: kotsadm
	git-tag: ${{ needs.generate-tag.outputs.tag }}
	image-name: index.docker.io/kotsadm/kotsadm:alpha
	registry-username: ${{ secrets.DOCKERHUB_USER }}
	registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}


	build-kurl-proxy-melange-packages:
	needs: [generate-tag]
	strategy:
	fail-fast: true
	matrix:
	runner: [
	{name: ubuntu-20.04, arch: amd64},
	{name: arm64-runner-set, arch: arm64}
	]
	runs-on: ${{ matrix.runner.name }}
	steps:
	- uses: actions/checkout@v4
	- uses: ./.github/actions/build-custom-melange-package
	with:
	context: kurl_proxy/deploy
	component: kurl-proxy
	git-tag: ${{ needs.generate-tag.outputs.tag }}
	arch: ${{ matrix.runner.arch }}

	build-kurl-proxy:
	runs-on: ubuntu-20.04
	needs: [generate-tag, build-kurl-proxy-melange-packages]
	steps:
	- uses: actions/checkout@v4
	- uses: ./.github/actions/build-custom-image-with-apko
	with:
	context: kurl_proxy/deploy
	component: kurl-proxy
	git-tag: ${{ needs.generate-tag.outputs.tag }}
	image-name: index.docker.io/kotsadm/kurl-proxy:alpha
	registry-username: ${{ secrets.DOCKERHUB_USER }}
	registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}


	scan_rqlite:
	runs-on: ubuntu-20.04
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Read image tags from env file
	uses: falti/dotenv-action@v1
	id: dotenv
	with:
	path: .image.env
	- name: Scan rqlite for vulnerabilities
	id: scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "docker.io/kotsadm/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}"
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'rqlite-scan-output.sarif'
	exit-code: '0'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH,MEDIUM'
	- name: Print scan report
	run: cat rqlite-scan-output.sarif
	- name: Upload scan report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: rqlite-scan-output.sarif


	scan_minio:
	runs-on: ubuntu-20.04
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Read image tags from env file
	uses: falti/dotenv-action@v1
	id: dotenv
	with:
	path: .image.env
	- name: Scan minio for vulnerabilities
	id: scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "docker.io/kotsadm/minio:${{ steps.dotenv.outputs.MINIO_TAG }}"
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'minio-scan-output.sarif'
	exit-code: '0'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH,MEDIUM'
	- name: Print scan report
	run: cat minio-scan-output.sarif
	- name: Upload scan report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: 'minio-scan-output.sarif'


	scan_dex:
	runs-on: ubuntu-20.04
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Read image tags from env file
	uses: falti/dotenv-action@v1
	id: dotenv
	with:
	path: .image.env
	- name: Scan dex for vulnerabilities
	id: scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "docker.io/kotsadm/dex:${{ steps.dotenv.outputs.DEX_TAG }}"
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'dex-scan-output.sarif'
	exit-code: '0'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH,MEDIUM'
	- name: Print scan report
	run: cat dex-scan-output.sarif
	- name: Upload scan report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: dex-scan-output.sarif


	scan_kurl_proxy:
	runs-on: ubuntu-20.04
	needs: [build-kurl-proxy]
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Scan kurl-proxy for vulnerabilities
	id: scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'docker.io/kotsadm/kurl-proxy:alpha'
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'kurl-proxy-scan-output.sarif'
	exit-code: '0'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH,MEDIUM'
	- name: Print scan report
	run: cat kurl-proxy-scan-output.sarif
	- name: Upload scan report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: kurl-proxy-scan-output.sarif


	scan_local_volume_provider:
	runs-on: ubuntu-20.04
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Read image tags from env file
	uses: falti/dotenv-action@v1
	id: dotenv
	with:
	path: .image.env
	- name: Scan replicated/local-volume-provider for vulnerabilities
	id: scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "docker.io/replicated/local-volume-provider:${{ steps.dotenv.outputs.LVP_TAG }}"
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'scan-output.sarif'
	exit-code: '0'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH,MEDIUM'
	- name: Print scan report
	run: cat scan-output.sarif
	- name: Upload scan report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: scan-output.sarif


	scan_kotsadm:
	runs-on: ubuntu-20.04
	needs: [build-kotsadm]
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Scan kotsadm for vulnerabilities
	id: scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'docker.io/kotsadm/kotsadm:alpha'
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'kotsadm-scan-output.sarif'
	exit-code: '0'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH,MEDIUM'
	- name: Print scan report
	run: cat kotsadm-scan-output.sarif
	- name: Upload scan report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: kotsadm-scan-output.sarif


	scan_kotsadm_migrations:
	runs-on: ubuntu-20.04
	needs: [build-migrations]
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Scan migrations for vulnerabilities
	id: scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'docker.io/kotsadm/kotsadm-migrations:alpha'
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'kotsadm-migration-scan-output.sarif'
	exit-code: '0'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH,MEDIUM'
	- name: Print scan report
	run: cat kotsadm-migration-scan-output.sarif
	- name: Upload scan report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: kotsadm-migration-scan-output.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add custom CA when deploying replicated-sdk (#4914) #1949

Workflow file

Add custom CA when deploying replicated-sdk (#4914) #1949

Jobs

Run details

Workflow file for this run