Skip updating Trivy DB because of 429 issue #390
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test actions | |
| on: | |
| pull_request: | |
| branches: [trunk] | |
| paths-ignore: ['README.md'] | |
| workflow_dispatch: | |
| inputs: | |
| runner: | |
| description: 'Runner' | |
| required: true | |
| default: 'elvia-runner' | |
| type: 'string' | |
| env: | |
| APPLICATION_BASE_NAME: 'demo-api' | |
| SYSTEM_NAME: 'core' | |
| jobs: | |
| set-matrices: | |
| name: Set matrices | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrices.outputs.matrix }} | |
| matrix-trivy: ${{ steps.set-matrices.outputs.matrix-trivy }} | |
| matrix-build: ${{ steps.set-matrices.outputs.matrix-build }} | |
| matrix-deploy: ${{ steps.set-matrices.outputs.matrix-deploy }} | |
| steps: | |
| - name: Set matrices | |
| id: set-matrices | |
| run: | | |
| # Runner matrix | |
| echo "matrix={\"runner\":[\"$RUNNER\"]}" >> "$GITHUB_OUTPUT" | |
| # Trivy matrix | |
| { | |
| echo 'matrix-trivy<<EOF' | |
| cat << EOF | |
| { | |
| "runner": ["$RUNNER","ubuntu-latest"] | |
| } | |
| EOF | |
| echo EOF | |
| } >> "$GITHUB_OUTPUT" | |
| # Build matrix | |
| { | |
| echo 'matrix-build<<EOF' | |
| cat << EOF | |
| { | |
| "runner": ["$RUNNER","ubuntu-latest"], | |
| "project-file": [".github/test/src/core-demo-api.csproj",".github/test-go/go.mod",".github/test-go/Dockerfile"], | |
| "registry": ["acr","ghcr"], | |
| "include": [ | |
| { | |
| "application-name": "${{ env.APPLICATION_BASE_NAME }}-go", | |
| }, | |
| { | |
| "project-file": ".github/test/src/core-demo-api.csproj", | |
| "application-name": "${{ env.APPLICATION_BASE_NAME }}", | |
| } | |
| ] | |
| } | |
| EOF | |
| echo EOF | |
| } >> "$GITHUB_OUTPUT" | |
| # Deploy matrix | |
| { | |
| echo 'matrix-deploy<<EOF' | |
| cat << EOF | |
| { | |
| "runner": ["$RUNNER"], | |
| "application-name": ["${{ env.APPLICATION_BASE_NAME }}", "${{ env.APPLICATION_BASE_NAME }}-go"], | |
| "include": [ | |
| { | |
| "helm-values-path": ".github/test/deploy/values.yml" | |
| }, | |
| { | |
| "application-name": "${{ env.APPLICATION_BASE_NAME }}-go", | |
| "helm-values-path": ".github/test-go/deploy/values.yml" | |
| } | |
| ] | |
| } | |
| EOF | |
| echo EOF | |
| } >> "$GITHUB_OUTPUT" | |
| env: | |
| RUNNER: ${{ github.event_name == 'workflow_dispatch' && inputs.runner || 'elvia-runner' }} | |
| unit-tests: | |
| name: Unit Tests | |
| needs: [set-matrices] | |
| strategy: | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix) }} | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.event_name }}-${{ matrix.runner }}-unit-tests' | |
| cancel-in-progress: true | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| contents: read | |
| checks: write | |
| issues: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./unittest | |
| with: | |
| checkout: 'false' | |
| integration-tests: | |
| name: Integration Tests | |
| needs: [set-matrices] | |
| strategy: | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix) }} | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.event_name }}-${{ matrix.runner }}-integration-tests' | |
| cancel-in-progress: true | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| contents: read | |
| checks: write | |
| issues: read | |
| pull-requests: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./integrationtest | |
| with: | |
| checkout: 'false' | |
| system: ${{ env.SYSTEM_NAME }} | |
| analyze: | |
| name: Analyze | |
| needs: [set-matrices] | |
| strategy: | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix) }} | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.event_name }}-${{ matrix.runner }}-analyze' | |
| cancel-in-progress: true | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./analyze | |
| with: | |
| checkout: 'false' | |
| build: | |
| name: Build | |
| needs: [set-matrices] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix-build) }} | |
| concurrency: | |
| group: | | |
| ${{ github.workflow }}-${{ github.event_name }}-${{ github.job }}-${{ matrix.runner }}-${{ matrix.application-name }}-${{ matrix.project-file }}-${{ matrix.docker-include-files }}-${{ matrix.registry }} | |
| cancel-in-progress: true | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write # Required for publishing to GitHub Container Registry | |
| security-events: write | |
| environment: build | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./build | |
| with: | |
| checkout: 'false' | |
| name: ${{ matrix.application-name }} | |
| namespace: ${{ env.SYSTEM_NAME }} | |
| project-file: ${{ matrix.project-file }} | |
| docker-additional-tags: 'v42,v1.2.3' | |
| docker-include-files: ${{ matrix.docker-include-files }} | |
| severity: 'CRITICAL' | |
| registry: ${{ matrix.registry }} | |
| trivy-upload-report: 'true' | |
| trivy-post-comment: 'true' | |
| github-token: ${{ matrix.registry == 'ghcr' && secrets.GITHUB_TOKEN || '' }} | |
| AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} | |
| deploy-dev: | |
| name: Deploy Dev | |
| needs: [set-matrices, build] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix-deploy) }} | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.event_name }}-${{ matrix.application-name }}-deploy-dev' | |
| cancel-in-progress: false | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| environment: dev | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./deploy | |
| with: | |
| checkout: 'false' | |
| name: ${{ matrix.application-name }} | |
| namespace: ${{ env.SYSTEM_NAME }} | |
| environment: 'dev' | |
| helm-values-path: ${{ matrix.helm-values-path }} | |
| slack-channel: '#team-core-alerts-muted' | |
| AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }} | |
| deploy-dev-gke: | |
| name: Deploy Dev GKE | |
| needs: [set-matrices, build] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix-deploy) }} | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.event_name }}-${{ matrix.application-name }}-deploy-dev-gke' | |
| cancel-in-progress: false | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| environment: dev | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./deploy | |
| with: | |
| checkout: 'false' | |
| name: ${{ matrix.application-name }} | |
| namespace: ${{ env.SYSTEM_NAME }} | |
| environment: 'dev' | |
| helm-values-path: ${{ matrix.helm-values-path }} | |
| runtime-cloud-provider: 'GKE' | |
| GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} | |
| GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} | |
| trivy-iac-scan: | |
| name: Trivy IaC Scan | |
| needs: [set-matrices] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix-trivy) }} | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.event_name }}-${{ matrix.runner }}-trivy-iac-scan' | |
| cancel-in-progress: true | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./trivy-iac-scan | |
| with: | |
| checkout: 'false' | |
| terraform-format-check: | |
| name: Terraform Format Check | |
| needs: [set-matrices] | |
| strategy: | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix) }} | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.event_name }}-${{ matrix.runner }}-terraform-format-check' | |
| cancel-in-progress: true | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./terraform-format | |
| with: | |
| checkout: 'false' | |
| slack-message-vault: | |
| name: Slack Message using Vault | |
| needs: [set-matrices] | |
| strategy: | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix) }} | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.event_name }}-${{ matrix.runner }}-slack-message-vault' | |
| cancel-in-progress: true | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./slack-message | |
| with: | |
| slack-channel: '#team-core-alerts-muted' | |
| message: ':test_tube: Testing Slack Message using Vault in ${{ github.workflow }} for ${{ github.event_name }} event.' | |
| environment: 'dev' | |
| namespace: 'core' | |
| slack-message-token: | |
| name: Slack Message using token | |
| needs: [set-matrices] | |
| strategy: | |
| matrix: ${{ fromJson(needs.set-matrices.outputs.matrix) }} | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.event_name }}-${{ matrix.runner }}-slack-message-token' | |
| cancel-in-progress: true | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: ./slack-message | |
| with: | |
| slack-channel: '#team-core-alerts-muted' | |
| message: ':test_tube: Testing Slack Message using token in ${{ github.workflow }} for ${{ github.event_name }} event.' | |
| slack-api-token: ${{ secrets.SLACK_API_TOKEN }} |