chore: update velero images (#1015) #188
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Image Scan | |
| on: | |
| schedule: | |
| # everyday at midnight. | |
| - cron: '0 0 * * *' | |
| workflow_dispatch: {} | |
| push: | |
| # TODO: add this once we have all images in the metadata.yaml | |
| # paths: | |
| # - '**/metadata.yaml' | |
| branches: | |
| - main | |
| permissions: | |
| security-events: write | |
| jobs: | |
| build-images: | |
| outputs: | |
| local-artifact-mirror: ${{ steps.local-artifact-mirror.outputs.image }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # fetch all history so that we can get the previous tag | |
| - name: Cache Melange | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build/.melange-cache | |
| key: melange-cache | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Setup Melange | |
| uses: chainguard-dev/actions/setup-melange@main | |
| - name: Build and push local-artifact-mirror image | |
| id: local-artifact-mirror | |
| run: | | |
| make -C local-artifact-mirror apko build-ttl.sh | |
| echo "image=$(cat local-artifact-mirror/build/image)" >> $GITHUB_OUTPUT | |
| output-matrix: | |
| runs-on: ubuntu-latest | |
| needs: [build-images] | |
| outputs: | |
| matrix: ${{ steps.build-matrix.outputs.matrix }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Build | |
| run: | | |
| export LOCAL_ARTIFACT_MIRROR_IMAGE=${{ needs.build-images.outputs.local-artifact-mirror }} | |
| make embedded-cluster-linux-amd64 | |
| - name: List images | |
| run: | | |
| ./output/bin/embedded-cluster version list-images > images.txt | |
| - name: Upload images artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: images | |
| path: images.txt | |
| - name: Build images matrix | |
| id: build-matrix | |
| run: | | |
| IMAGES="[$(awk '{print $1}' images.txt | xargs -n1 | awk '{print "\""$1"\","}' | sed '$ s/.$//')]" | |
| echo "matrix=$(jq -cn --argjson images "$IMAGES" '{image: $images}')" >> $GITHUB_OUTPUT | |
| scan: | |
| runs-on: ubuntu-latest | |
| needs: [output-matrix] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{fromJson(needs.output-matrix.outputs.matrix)}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: ./.github/actions/scan-image | |
| with: | |
| image-ref: '${{ matrix.image }}' | |
| upload-sarif: ${{ github.ref == 'refs/heads/main' }} |