Skip to content

Bump the security group across 1 directory with 7 updates (#4896) #1931

Bump the security group across 1 directory with 7 updates (#4896)

Bump the security group across 1 directory with 7 updates (#4896) #1931

Workflow file for this run

name: alpha
on:
push:
branches:
- main
jobs:
generate-tag:
runs-on: ubuntu-20.04
outputs:
tag: ${{ steps.get_tag.outputs.GIT_TAG }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get tags
id: get_tag
uses: ./.github/actions/version-tag
build-migrations-melange-packages:
needs: [generate-tag]
strategy:
fail-fast: true
matrix:
runner: [
{name: ubuntu-20.04, arch: amd64},
{name: arm64-runner-set, arch: arm64}
]
runs-on: ${{ matrix.runner.name }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-custom-melange-package
with:
context: migrations/deploy
component: kotsadm-migrations
git-tag: ${{ needs.generate-tag.outputs.tag }}
arch: ${{ matrix.runner.arch }}
build-migrations:
runs-on: ubuntu-20.04
needs: [generate-tag, build-migrations-melange-packages]
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-custom-image-with-apko
with:
context: migrations/deploy
component: kotsadm-migrations
git-tag: ${{ needs.generate-tag.outputs.tag }}
image-name: index.docker.io/kotsadm/kotsadm-migrations:alpha
registry-username: ${{ secrets.DOCKERHUB_USER }}
registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}
build-kotsadm-melange-packages:
needs: [generate-tag]
strategy:
fail-fast: true
matrix:
runner: [
{name: ubuntu-20.04, arch: amd64},
{name: arm64-runner-set, arch: arm64}
]
runs-on: ${{ matrix.runner.name }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-custom-melange-package
with:
context: deploy
component: kotsadm
git-tag: ${{ needs.generate-tag.outputs.tag }}
arch: ${{ matrix.runner.arch }}
build-kotsadm:
runs-on: ubuntu-20.04
needs: [generate-tag, build-kotsadm-melange-packages]
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-custom-image-with-apko
with:
context: deploy
component: kotsadm
git-tag: ${{ needs.generate-tag.outputs.tag }}
image-name: index.docker.io/kotsadm/kotsadm:alpha
registry-username: ${{ secrets.DOCKERHUB_USER }}
registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}
build-kurl-proxy-melange-packages:
needs: [generate-tag]
strategy:
fail-fast: true
matrix:
runner: [
{name: ubuntu-20.04, arch: amd64},
{name: arm64-runner-set, arch: arm64}
]
runs-on: ${{ matrix.runner.name }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-custom-melange-package
with:
context: kurl_proxy/deploy
component: kurl-proxy
git-tag: ${{ needs.generate-tag.outputs.tag }}
arch: ${{ matrix.runner.arch }}
build-kurl-proxy:
runs-on: ubuntu-20.04
needs: [generate-tag, build-kurl-proxy-melange-packages]
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-custom-image-with-apko
with:
context: kurl_proxy/deploy
component: kurl-proxy
git-tag: ${{ needs.generate-tag.outputs.tag }}
image-name: index.docker.io/kotsadm/kurl-proxy:alpha
registry-username: ${{ secrets.DOCKERHUB_USER }}
registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}
scan_rqlite:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Read image tags from env file
uses: falti/dotenv-action@v1
id: dotenv
with:
path: .image.env
- name: Scan rqlite for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/kotsadm/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'rqlite-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Print scan report
run: cat rqlite-scan-output.sarif
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: rqlite-scan-output.sarif
scan_minio:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Read image tags from env file
uses: falti/dotenv-action@v1
id: dotenv
with:
path: .image.env
- name: Scan minio for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/kotsadm/minio:${{ steps.dotenv.outputs.MINIO_TAG }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'minio-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Print scan report
run: cat minio-scan-output.sarif
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'minio-scan-output.sarif'
scan_dex:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Read image tags from env file
uses: falti/dotenv-action@v1
id: dotenv
with:
path: .image.env
- name: Scan dex for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/kotsadm/dex:${{ steps.dotenv.outputs.DEX_TAG }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'dex-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Print scan report
run: cat dex-scan-output.sarif
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: dex-scan-output.sarif
scan_kurl_proxy:
runs-on: ubuntu-20.04
needs: [build-kurl-proxy]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Scan kurl-proxy for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/kotsadm/kurl-proxy:alpha'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'kurl-proxy-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Print scan report
run: cat kurl-proxy-scan-output.sarif
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: kurl-proxy-scan-output.sarif
scan_local_volume_provider:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Read image tags from env file
uses: falti/dotenv-action@v1
id: dotenv
with:
path: .image.env
- name: Scan replicated/local-volume-provider for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/replicated/local-volume-provider:${{ steps.dotenv.outputs.LVP_TAG }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Print scan report
run: cat scan-output.sarif
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: scan-output.sarif
scan_kotsadm:
runs-on: ubuntu-20.04
needs: [build-kotsadm]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Scan kotsadm for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/kotsadm/kotsadm:alpha'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'kotsadm-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Print scan report
run: cat kotsadm-scan-output.sarif
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: kotsadm-scan-output.sarif
scan_kotsadm_migrations:
runs-on: ubuntu-20.04
needs: [build-migrations]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Scan migrations for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/kotsadm/kotsadm-migrations:alpha'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'kotsadm-migration-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Print scan report
run: cat kotsadm-migration-scan-output.sarif
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: kotsadm-migration-scan-output.sarif