This repository has been archived by the owner on Mar 20, 2024. It is now read-only.

CI now builds docker image specifically (#89) #353

Workflow file for this run

.github/workflows/public-ci.yml at 49bd136

	name: 'Public-CI'

	on: [push, pull_request]

	permissions: # added using https://github.com/step-security/secure-repo
	contents: read

	jobs:

	# Super-linter consists of several lint tools
	# lint tools are assigned to the pipeline via the env field
	# For more information, please see https://github.com/github/super-linter
	super-linter:
	permissions:
	contents: read # for actions/checkout to fetch code
	statuses: write # for github/super-linter to mark status of each linter run
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
	- name: super-linter
	uses: github/super-linter@985ef206aaca4d560cb9ee2af2b42ba44adc1d55 # v4.10.0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	LINTER_RULES_PATH: /
	VALIDATE_BASH: true
	VALIDATE_GO: true
	VALIDATE_DOCKERFILE_HADOLINT: true
	VALIDATE_CLANG_FORMAT: true
	VALIDATE_JSON: true

	# Build stage executes binary builds for CNI and device-plugin
	build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
	- name: Set up Go
	uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0
	with:
	go-version: 1.19

	- name: Install libbpf and libxdp
	run: \|
	sudo apt update
	sudo apt install -y wget build-essential golang
	sudo wget http://security.ubuntu.com/ubuntu/pool/main/libb/libbpf/libbpf1_1.1.0-1_amd64.deb
	sudo wget http://security.ubuntu.com/ubuntu/pool/main/libb/libbpf/libbpf-dev_1.1.0-1_amd64.deb
	sudo wget https://mirrors.edge.kernel.org/ubuntu/pool/main/x/xdp-tools/libxdp1_1.3.0-2ubuntu2_amd64.deb
	sudo wget https://mirrors.edge.kernel.org/ubuntu/pool/main/x/xdp-tools/libxdp-dev_1.3.0-2ubuntu2_amd64.deb
	sudo apt install -y ./libbpf1_1.1.0-1_amd64.deb
	sudo apt install -y ./libbpf-dev_1.1.0-1_amd64.deb
	sudo apt install -y ./libxdp1_1.3.0-2ubuntu2_amd64.deb
	sudo apt install -y ./libxdp-dev_1.3.0-2ubuntu2_amd64.deb
	sudo apt install -y clang
	sudo apt install -y llvm
	sudo apt install -y gcc-multilib



	- name: Run build
	run: make build

	# go-static-tools scans code base and packages using go-vet, go mod verify and staticcheck
	go-static-tools:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
	- name: Set up Go
	uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
	with:
	go-version: 1.19

	- name: Install libbpf and libxdp
	run: \|
	sudo apt update
	sudo apt install -y wget build-essential golang
	sudo wget http://security.ubuntu.com/ubuntu/pool/main/libb/libbpf/libbpf1_1.1.0-1_amd64.deb
	sudo wget http://security.ubuntu.com/ubuntu/pool/main/libb/libbpf/libbpf-dev_1.1.0-1_amd64.deb
	sudo wget https://mirrors.edge.kernel.org/ubuntu/pool/main/x/xdp-tools/libxdp1_1.3.0-2ubuntu2_amd64.deb
	sudo wget https://mirrors.edge.kernel.org/ubuntu/pool/main/x/xdp-tools/libxdp-dev_1.3.0-2ubuntu2_amd64.deb
	sudo apt install -y ./libbpf1_1.1.0-1_amd64.deb
	sudo apt install -y ./libbpf-dev_1.1.0-1_amd64.deb
	sudo apt install -y ./libxdp1_1.3.0-2ubuntu2_amd64.deb
	sudo apt install -y ./libxdp-dev_1.3.0-2ubuntu2_amd64.deb

	- name: Install staticcheck
	run: go install honnef.co/go/tools/cmd/staticcheck@latest

	- name: run static analysis
	run: make static-ci

	# unit-test stage
	unit-tests:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
	- name: Set up Go
	uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0
	with:
	go-version: 1.19

	- name: Install libbpf and libxdp
	run: \|
	sudo apt update
	sudo apt install -y wget build-essential golang
	sudo wget http://security.ubuntu.com/ubuntu/pool/main/libb/libbpf/libbpf1_1.1.0-1_amd64.deb
	sudo wget http://security.ubuntu.com/ubuntu/pool/main/libb/libbpf/libbpf-dev_1.1.0-1_amd64.deb
	sudo wget https://mirrors.edge.kernel.org/ubuntu/pool/main/x/xdp-tools/libxdp1_1.3.0-2ubuntu2_amd64.deb
	sudo wget https://mirrors.edge.kernel.org/ubuntu/pool/main/x/xdp-tools/libxdp-dev_1.3.0-2ubuntu2_amd64.deb
	sudo apt install -y ./libbpf1_1.1.0-1_amd64.deb
	sudo apt install -y ./libbpf-dev_1.1.0-1_amd64.deb
	sudo apt install -y ./libxdp1_1.3.0-2ubuntu2_amd64.deb
	sudo apt install -y ./libxdp-dev_1.3.0-2ubuntu2_amd64.deb
	sudo apt install -y clang
	sudo apt install -y llvm
	sudo apt install -y gcc-multilib

	- name: unit-tests
	run: make test

	# Trivy Scan
	trivy-scan:
	runs-on: ubuntu-latest
	permissions: write-all
	steps:

	- name: Checkout code
	uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0

	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	ignore-unfixed: true
	format: 'sarif'
	output: 'trivy-results.sarif'
	severity: 'CRITICAL'

	- name: Build Docker image
	run: make docker

	- name: Generate .tar image
	run: docker save -o vul-image.tar afxdp-device-plugin:latest


	- name: Run Trivy on tarballed image
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: /github/workspace/vul-image.tar
	scan-type: 'fs'
	ignore-unfixed: false
	format: 'sarif'
	output: 'trivy-image-results.sarif'
	severity: 'CRITICAL'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'

	- name: Print sarif file
	run: cat < trivy-results.sarif

	- name: Print image sarif file
	run: cat trivy-image-results.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI now builds docker image specifically (#89) #353

Workflow file

CI now builds docker image specifically (#89) #353

Jobs

Run details

Workflow file for this run