Skip to content

fix(ci): cluster bundle is broken in airgap mode (#1032) #200

fix(ci): cluster bundle is broken in airgap mode (#1032)

fix(ci): cluster bundle is broken in airgap mode (#1032) #200

Workflow file for this run

name: Image Scan
on:
schedule:
# everyday at midnight.
- cron: '0 0 * * *'
workflow_dispatch: {}
push:
# TODO: add this once we have all images in the metadata.yaml
# paths:
# - '**/metadata.yaml'
branches:
- main
permissions:
security-events: write
jobs:
build-images:
outputs:
local-artifact-mirror: ${{ steps.local-artifact-mirror.outputs.image }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # fetch all history so that we can get the previous tag
- name: Cache Melange
uses: actions/cache@v4
with:
path: |
build/.melange-cache
key: melange-cache
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Setup Melange
uses: chainguard-dev/actions/setup-melange@main
- name: Build and push local-artifact-mirror image
id: local-artifact-mirror
run: |
make -C local-artifact-mirror apko build-ttl.sh
echo "image=$(cat local-artifact-mirror/build/image)" >> $GITHUB_OUTPUT
output-matrix:
runs-on: ubuntu-latest
needs: [build-images]
outputs:
matrix: ${{ steps.build-matrix.outputs.matrix }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Build
run: |
export LOCAL_ARTIFACT_MIRROR_IMAGE=${{ needs.build-images.outputs.local-artifact-mirror }}
make embedded-cluster-linux-amd64
- name: List images
run: |
./output/bin/embedded-cluster version list-images > images.txt
- name: Upload images artifact
uses: actions/upload-artifact@v4
with:
name: images
path: images.txt
- name: Build images matrix
id: build-matrix
run: |
IMAGES="[$(awk '{print $1}' images.txt | xargs -n1 | awk '{print "\""$1"\","}' | sed '$ s/.$//')]"
echo "matrix=$(jq -cn --argjson images "$IMAGES" '{image: $images}')" >> $GITHUB_OUTPUT
scan:
runs-on: ubuntu-latest
needs: [output-matrix]
strategy:
fail-fast: false
matrix: ${{fromJson(needs.output-matrix.outputs.matrix)}}
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./.github/actions/scan-image
with:
image-ref: '${{ matrix.image }}'
upload-sarif: ${{ github.ref == 'refs/heads/main' }}