ci(deps): bump hashicorp/setup-terraform from 2 to 3 #154
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and test | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - "v[0-9]+.[0-9]+.[0-9]+*" | |
| pull_request: | |
| branches: | |
| - "master" | |
| paths-ignore: | |
| - "**/*.md" | |
| - "doc/**" | |
| - ".gitignore" | |
| - ".hadolint.yaml" | |
| - ".pre-commit-config.yaml" | |
| - ".yamllint.yaml" | |
| - "LICENSE" | |
| - "Makefile" | |
| jobs: | |
| build_binary: | |
| name: Build the binary | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ^1.19 | |
| - name: Install UPX | |
| run: sudo apt-get install -y upx | |
| - name: Install Syft | |
| uses: anchore/sbom-action/download-syft@v0 | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| distribution: goreleaser | |
| version: latest | |
| args: ${{ startsWith(github.event.ref, 'refs/tags/') && 'release --rm-dist' || 'build --snapshot --rm-dist' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload the binaries | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: dist | |
| path: dist/* | |
| retention-days: 7 | |
| ##### | |
| test_binary: | |
| name: Test the binary | |
| needs: build_binary | |
| uses: ./.github/workflows/test.yml | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - os: linux | |
| runner: ubuntu-latest | |
| - os: darwin | |
| runner: macos-latest | |
| - os: windows | |
| runner: windows-latest | |
| with: | |
| os: ${{ matrix.platform.os }} | |
| runner: ${{ matrix.platform.runner }} | |
| test_docker_image: false | |
| ##### | |
| build_docker_image: | |
| name: Build the Docker image | |
| needs: test_binary | |
| permissions: | |
| packages: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - os: linux | |
| platforms: "linux/amd64,linux/arm64" | |
| - os: darwin | |
| platforms: "linux/amd64,linux/arm64" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Make binaries executable | |
| run: chmod +x dist/*/terraform-graph-beautifier | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: ${{ matrix.platform.platforms }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: docker_metadata | |
| name: Generate the Docker metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} # Will give: ghcr.io/owner/repository | |
| flavor: | | |
| latest=auto | |
| suffix=-${{ matrix.platform.os }},onlatest=true | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: Export the Docker metadata | |
| run: echo "${{ toJSON(steps.docker_metadata.outputs.json) }}" > docker_metadata_${{ matrix.platform.os }}.json | |
| - name: Upload the Docker metadata | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: docker_metadata_${{ matrix.platform.os }} | |
| path: docker_metadata_${{ matrix.platform.os }}.json | |
| retention-days: 7 | |
| - name: Get the first image tag | |
| # Take the first tag and make it available as an environment variable. | |
| run: echo "DOCKER_IMAGE_TAG=$(jq -r .tags[0] docker_metadata_${{ matrix.platform.os }}.json)" >> "${GITHUB_ENV}" | |
| - name: Build and push the Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| target: binary_from_build_context | |
| platforms: ${{ matrix.platform.platforms }} | |
| tags: ${{ steps.docker_metadata.outputs.tags }} | |
| labels: ${{ steps.docker_metadata.outputs.labels }} | |
| push: true | |
| - name: Analyze the image efficiency | |
| run: | | |
| docker run --rm \ | |
| -v /var/run/docker.sock:/var/run/docker.sock \ | |
| wagoodman/dive:latest \ | |
| --ci \ | |
| --lowestEfficiency=0.95 \ | |
| --highestUserWastedPercent=0.05 \ | |
| ${{ env.DOCKER_IMAGE_TAG }} | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ${{ env.DOCKER_IMAGE_TAG }} | |
| format: "table" | |
| exit-code: "1" | |
| ignore-unfixed: true | |
| vuln-type: "os,library" | |
| security-checks: "vuln,secret,config" | |
| severity: "CRITICAL,HIGH" | |
| ##### | |
| test_docker_image: | |
| name: Test the Docker image | |
| needs: build_docker_image | |
| uses: ./.github/workflows/test.yml | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - os: linux | |
| runner: ubuntu-latest | |
| - os: darwin | |
| runner: macos-latest | |
| with: | |
| os: ${{ matrix.platform.os }} | |
| runner: ${{ matrix.platform.runner }} | |
| test_docker_image: true |