chore: update Trivy and Trivy dependencies #9837
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Ecosystem client tools" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: [main] | |
release: | |
types: | |
- published | |
permissions: read-all | |
jobs: | |
client-tools: | |
name: Check client tools | |
runs-on: ubuntu-latest-16-cores | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
cache: false | |
go-version: 1.22.x | |
- name: Install dependencies | |
run: | | |
cd $GITHUB_WORKSPACE | |
go install github.com/swaggo/swag/cmd/[email protected] | |
go mod download | |
sudo apt-get update | |
sudo apt-get install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config rpm uidmap haproxy jq | |
# install skopeo | |
git clone -b v1.12.0 https://github.com/containers/skopeo.git | |
cd skopeo | |
make bin/skopeo | |
sudo cp bin/skopeo /usr/bin | |
skopeo -v | |
# install cri-o (for crictl) | |
OS=xUbuntu_22.04 | |
CRIO_VERSION=1.26 | |
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list | |
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION.list | |
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS/Release.key | sudo apt-key add - | |
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | sudo apt-key add - | |
sudo apt update | |
sudo apt install -y cri-o cri-o-runc | |
sudo systemctl enable crio.service | |
sudo systemctl start crio.service | |
sudo chmod 0777 /var/run/crio/crio.sock | |
# install dex | |
git clone https://github.com/dexidp/dex.git | |
cd dex/ | |
git checkout v2.39.1 | |
make bin/dex | |
./bin/dex serve $GITHUB_WORKSPACE/test/dex/config-dev.yaml & | |
cd $GITHUB_WORKSPACE | |
- name: Run CI tests | |
run: | | |
make run-blackbox-ci | |
- name: Log in to GitHub Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ github.token }} | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Install localstack | |
run: | | |
pip install --upgrade pyopenssl | |
pip install localstack==3.3.0 awscli-local[ver1] # install LocalStack cli and awslocal | |
docker pull ghcr.io/project-zot/ci-images/localstack:3.3.0 # Make sure to pull a working version of the image | |
localstack start -d # Start LocalStack in the background | |
echo "Waiting for LocalStack startup..." # Wait 30 seconds for the LocalStack container | |
localstack wait -t 30 # to become ready before timing out | |
echo "Startup complete" | |
- name: Run cloud-only tests | |
run: | | |
make run-blackbox-cloud-ci | |
env: | |
AWS_ACCESS_KEY_ID: fake | |
AWS_SECRET_ACCESS_KEY: fake | |
- name: Run cloud scale-out tests | |
id: scale | |
run: | | |
make run-cloud-scale-out-tests | |
env: | |
AWS_ACCESS_KEY_ID: fake | |
AWS_SECRET_ACCESS_KEY: fake | |
continue-on-error: true | |
- name: print service logs for scale-out | |
run: | | |
find /tmp/zot-ft-logs -name '*.log' -print0 | xargs -0 cat | |
- name: multi-hop detection | |
id: multihop | |
run: | | |
if find /tmp/zot-ft-logs -name '*.log' -print0 | xargs -0 cat | grep 'cannot proxy an already proxied request'; then | |
echo "detected multi-hop" | |
exit 1 | |
else | |
exit 0 | |
fi | |
continue-on-error: true | |
- name: clean up scale-out logs | |
run: | | |
rm -r /tmp/zot-ft-logs | |
- name: fail job if error | |
if: ${{ steps.scale.outcome != 'success' || steps.multihop.outcome != 'success' }} | |
run: | | |
exit 1 | |
- name: Upload zb test results zip as build artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: zb-cloud-scale-out-functional-results-${{ github.sha }} | |
path: ./zb-results/ | |
- uses: ./.github/actions/teardown-localstack |