Skip to content

docs: clarify docs #102

docs: clarify docs

docs: clarify docs #102

Workflow file for this run

name: "build"
on: [push, pull_request]
env:
TRIVY_VERSION: 0.48.3
BUILDKIT_VERSION: 0.12.4
BATS_VERSION: 1.10.0
permissions: read-all
jobs:
build:
name: build
runs-on: ubuntu-latest
strategy:
matrix:
test-type: ["buildx", "buildkit-container", "custom-socket"]
steps:
- name: Setup BATS
uses: mig4/setup-bats@af9a00deb21b5d795cabfeaa8d9060410377686d # v1.2.0
with:
bats-version: ${{ env.BATS_VERSION }}
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Trivy
run: |
curl -fsSL -o trivy.tar.gz https://github.com/aquasecurity/trivy/releases/download/v${{ env.TRIVY_VERSION }}/trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
tar -zxvf trivy.tar.gz
cp trivy /usr/local/bin/
- name: Generate trivy vuln report for opa image
run: |
trivy image --vuln-type os --ignore-unfixed -f json -o /tmp/opa.0.46.0.json docker.io/openpolicyagent/opa:0.46.0
- name: Get latest copa version
run: |
latest_tag=$(curl --retry 5 -s "https://api.github.com/repos/project-copacetic/copacetic/releases/latest" | jq -r '.tag_name')
version=${latest_tag:1}
echo "Copa version: $version"
echo "COPA_VERSION=$version" >> $GITHUB_ENV
- name: Install Copa
run: |
curl --retry 5 -fsSL -o copa.tar.gz https://github.com/project-copacetic/copacetic/releases/download/v${COPA_VERSION}/copa_${COPA_VERSION}_linux_amd64.tar.gz
tar -zxvf copa.tar.gz
cp copa /usr/local/bin/
- name: Run Buildkit container
if: matrix.test-type == 'buildkit-container'
run : |
docker run --net=host --detach --rm --privileged -p 127.0.0.1:8888:8888 --name buildkitd --entrypoint buildkitd moby/buildkit:v${{ env.BUILDKIT_VERSION }} --addr tcp://0.0.0.0:8888
- name: Set up Docker
if: matrix.test-type == 'custom-socket'
uses: crazy-max/ghaction-setup-docker@v3
with:
daemon-config: |
{
"debug": true,
"experimental": true,
"features": {
"containerd-snapshotter": true
}
}
- name: Bats Test
run: |
set -ex
export SOCKET="/var/run/docker.sock"
export CONTEXT="default"
if [ "${{ matrix.test-type }}" = "custom-socket" ]; then
url=$(docker context inspect | jq -r .[0].Endpoints.docker.Host)
SOCKET=$(echo "$url" | awk -F// '{print $2}')
CONTEXT="setup-docker-action"
fi
docker build --build-arg copa_version=${COPA_VERSION} -t copa-action .
docker run --net=host \
--mount=type=bind,source=/tmp,target=/data \
--mount=type=bind,source="$SOCKET",target=/var/run/docker.sock \
--mount=type=bind,source=$GITHUB_OUTPUT,target=$GITHUB_OUTPUT -e GITHUB_OUTPUT \
--name=copa-action \
copa-action 'docker.io/openpolicyagent/opa:0.46.0' 'opa.0.46.0.json' '0.46.0-patched' '10m' "${{ matrix.test-type }}" 'openvex' 'output.json'
# saving patched image to give trivy access when using a custom socket
docker -c "$CONTEXT" save -o patched.tar openpolicyagent/opa:0.46.0-patched
bats --print-output-on-failure ./test/test.bats