diff --git a/.github/workflows/deploy-DEV-linters.yml b/.github/workflows/deploy-DEV-linters.yml index 9935b4e3991..360c6e67e0e 100644 --- a/.github/workflows/deploy-DEV-linters.yml +++ b/.github/workflows/deploy-DEV-linters.yml @@ -32,33 +32,16 @@ concurrency: jobs: - prepare: - name: Prepare matrix - runs-on: ubuntu-latest - outputs: - tag: ${{ steps.image_tag.outputs.tag }} - steps: - - - name: Build image tag name - id: image_tag - run: | - BRANCH_NAME="${GITHUB_REF##*/}" - TAG="test-${{ github.actor }}-${BRANCH_NAME}" - echo "Tag name: ${TAG}" - echo "tag=${TAG}" >>"$GITHUB_OUTPUT" - build: # Name the Job - name: Deploy Docker Image - DEV - Linters - needs: prepare + name: DEV/Linters # Set the agent to run on - runs-on: ${{ matrix.os }} + runs-on: ubuntu-latest permissions: read-all strategy: fail-fast: false - max-parallel: 10 + max-parallel: 14 matrix: - os: [ubuntu-latest] # linters-start linter: [ @@ -182,6 +165,7 @@ jobs: "yaml_v8r", ] # linters-end + platform: ['linux/amd64'] # Only run this on the main repo if: | ( @@ -194,35 +178,44 @@ jobs: # Load all steps # ################## steps: + - name: Collect Workflow Telemetry + uses: runforesight/workflow-telemetry-action@v1 + with: + comment_on_pr: false - name: Checkout Code uses: actions/checkout@v4 + + - name: Docker Metadata action + uses: docker/metadata-action@v5.0.0 + id: meta + with: + images: | + ${{ github.repository }}-only-${{ matrix.linter }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 + if: ${{ ( ( runner.arch != 'X64' || runner.os != 'Linux' ) && matrix.platform == 'linux/amd64' ) || matrix.platform != 'linux/amd64' }} + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Get current date - run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV} - - name: Build Image uses: docker/build-push-action@v5 with: context: . file: linters/${{ matrix.linter }}/Dockerfile - platforms: linux/amd64 + platforms: ${{ matrix.platform }} build-args: | - BUILD_DATE=${{ env.BUILD_DATE }} - BUILD_REVISION=${{ github.sha }} - BUILD_VERSION=${{ needs.prepare.outputs.tag }} + BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} + BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} + BUILD_REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} load: true push: false secrets: | GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} - tags: | - oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }} + tags: ${{ steps.meta.outputs.tags }} ##################################### # Run Linter test cases # @@ -236,7 +229,7 @@ jobs: TEST_KEYWORDS_TO_USE_UPPER="${{ matrix.linter }}" TEST_KEYWORDS_TO_USE="${TEST_KEYWORDS_TO_USE_UPPER,,}" docker image ls - docker run -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -e GITHUB_BRANCH=${GITHUB_BRANCH} -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -e TEST_KEYWORDS="${TEST_KEYWORDS_TO_USE}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }} + docker run -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -e GITHUB_BRANCH=${GITHUB_BRANCH} -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -e TEST_KEYWORDS="${TEST_KEYWORDS_TO_USE}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint ${{ fromJson(steps.meta.outputs.json).tags[0]}} timeout-minutes: 30 ############################################## @@ -245,7 +238,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'docker.io/oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }}' + image-ref: 'docker.io/${{ fromJson(steps.meta.outputs.json).tags[0] }}' format: 'table' exit-code: '1' ignore-unfixed: true @@ -253,3 +246,4 @@ jobs: vuln-type: 'os,library' severity: 'CRITICAL,HIGH' timeout: 10m0s + diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d533e65a34..28aa93e9d1b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l - CI - Upgrade pymdown-extensions and markdown, by @BryanQuigley in [#3053](https://github.com/oxsecurity/megalinter/pull/3053) + - Use docker/metadata-action for some internal CI, by @echoix in [#3110](https://github.com/oxsecurity/megalinter/pull/3110) - Linter versions upgrades - [protolint](https://github.com/yoheimuta/protolint) from 0.46.2 to **0.46.3** on 2023-10-29 diff --git a/Dockerfile b/Dockerfile index a61f400e31a..5e299307817 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,7 +39,7 @@ FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee -FROM ghcr.io/terraform-linters/tflint:v0.48.0 as tflint +FROM ghcr.io/terraform-linters/tflint:v0.49.0 as tflint FROM tenable/terrascan:1.18.3 as terrascan FROM alpine/terragrunt:latest as terragrunt # Next FROM line commented because already managed by another linter