Improve robustness of security group reconcilers and add defaultDeleteOutboundRule option #628
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: docker | ||
| on: | ||
| pull_request: | ||
| branches: [main] | ||
| paths: | ||
| - "**.go" | ||
| - "**.yaml" | ||
| - "!capm.yaml" | ||
| - "!osc-secret.yaml" | ||
| - "!example/**.yaml" | ||
| - "!helm/**" | ||
| - "Makefile" | ||
| - "!docs/src/**" | ||
| - "!hack/json-format/*.sh" | ||
| - "!hack/json-format/src/*.rs" | ||
| - "!hack/json-format/Makefile" | ||
| - "!hack/json-format/Cargo.*" | ||
| - "!hack/json-format/tests/*.rs" | ||
| push: | ||
| branches: | ||
| - 'main' | ||
| paths: | ||
| - "**.go" | ||
| - "**.yaml" | ||
| - "!capm.yaml" | ||
| - "!osc-secret.yaml" | ||
| - "!example/**.yaml" | ||
| - "!helm/**" | ||
| - "Makefile" | ||
| - "!docs/src/**" | ||
| - "!hack/json-format/*.sh" | ||
| - "!hack/json-format/src/*.rs" | ||
| - "!hack/json-format/Makefile" | ||
| - "!hack/json-format/Cargo.*" | ||
| - "!hack/json-format/tests/*.rs" | ||
| jobs: | ||
| docker: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| # Cache Trivy Database | ||
| - name: Cache Trivy DB | ||
| uses: actions/cache@v2 | ||
| with: | ||
| path: ~/.cache/trivy/db # This is where Trivy DB will be cached locally | ||
| key: ${{ runner.os }}-trivy-db # Unique cache key based on OS | ||
| restore-keys: | | ||
| ${{ runner.os }}-trivy-db # Fallback key if the exact cache key isn't available | ||
| # Download Trivy DB only if cache is missing or outdated | ||
| - name: Download Trivy DB | ||
| run: | | ||
| docker run --rm \ | ||
| -v $HOME/.cache/trivy/db:/root/.cache/trivy/db \ | ||
| aquasec/trivy:latest image --download-db-only | ||
| # Docker Lint | ||
| - name: Docker Lint | ||
| run: bash -c "make dockerlint" | ||
| # Build and Push Docker Image | ||
| - name: Build and Push Docker Image | ||
| run: | | ||
| make docker-buildx | ||
| env: | ||
| IMG: cluster-api-outscale-controller:${{ github.sha }} | ||
| DOCKER_BUILDKIT: 1 | ||
| # Trivy Scan | ||
| - name: Trivy Scan | ||
| run: bash -c "make trivy-scan" | ||
| env: | ||
| IMG: cluster-api-outscale-controller:${{ github.sha }} | ||
| # Mount cached Trivy DB to avoid redundant downloads | ||
| with: | ||
| args: | | ||
| -v $HOME/.cache/trivy/db:/root/.cache/trivy/db | ||
| # Trivy Ignore Check | ||
| - name: Trivy Ignore Check | ||
| run: bash -c "make trivy-ignore-check" | ||
| env: | ||
| IMG: cluster-api-outscale-controller:${{ github.sha }} | ||
| # Upload Trivy SARIF report if errors | ||
| - name: Upload Scan if Errors | ||
| if: ${{ always() && github.event_name != 'pull_request' }} | ||
| uses: github/codeql-action/upload-sarif@v2 | ||
| with: | ||
| sarif_file: './.trivyscan/report.sarif' | ||
