Mirrors
/
flux2
mirror of https://github.com/fluxcd/flux2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #944 from fluxcd/build/codeql-on-push

Browse Source
pull/945/head
Hidde Beydals 4 years ago committed by GitHub
parent 9fb9965ffe ff78af5808
commit b5f48bee78
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 68 additions and 57 deletions
Show Stats Download Patch File Download Diff File

6
.github/workflows/bootstrap.yaml vendored
Unescape Escape View File

@ -2,12 +2,14 @@ name: bootstrap
on: on:
push: push:
branches: branches: [ main ]
- '*' pull_request:
branches: [ main ]
jobs: jobs:
github: github:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'fluxcd' }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2

5
.github/workflows/docs.yaml vendored
Unescape Escape View File

@ -1,9 +1,8 @@
name: Publish docs via GitHub Pages name: Publish docs via GitHub Pages
on: on:
push: push:
branches: branches: [ 'docs*', main ]
- docs*
- main
jobs: jobs:
build: build:

6
.github/workflows/e2e.yaml vendored
Unescape Escape View File

@ -1,10 +1,10 @@
name: e2e name: e2e
on: on:
pull_request:
push: push:
branches: branches: [ main ]
- main pull_request:
branches: [ main ]
jobs: jobs:
kind: kind:

4
.github/workflows/rebase.yml → .github/workflows/rebase.yaml vendored
Unescape Escape View File

@ -2,9 +2,9 @@ name: rebase
on: on:
pull_request: pull_request:
types: [opened] types: [ opened ]
issue_comment: issue_comment:
types: [created] types: [ created ]
jobs: jobs:
rebase: rebase:

3
.github/workflows/release.yaml vendored
Unescape Escape View File

@ -2,8 +2,7 @@ name: release
on: on:
push: push:
tags: tags: [ '*' ]
- '*'
jobs: jobs:
goreleaser: goreleaser:

55
.github/workflows/scan.yaml vendored
Unescape Escape View File

@ -0,0 +1,55 @@
name: Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '18 10 * * 3'
jobs:
fossa:
name: FOSSA
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run FOSSA scan and upload build data
uses: fossa-contrib/fossa-action@v1
with:
# FOSSA Push-Only API Token
fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
github-token: ${{ github.token }}
snyk:
name: Snyk
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'fluxcd' }}
steps:
- uses: actions/checkout@v2
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/golang@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: snyk.sarif
codeql:
name: CodeQL
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@v1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

44
.github/workflows/scan.yml vendored
Unescape Escape View File

@ -1,44 +0,0 @@
name: scan
on:
push:
pull_request:
branches: [main]
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: 1.15.x
- name: FOSSA Analysis
if: github.event_name == 'pull_request'
uses: fossa-contrib/fossa-action@v1
with:
fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
github-token: ${{ github.token }}
- name: CodeQL Init
if: github.event_name == 'pull_request'
uses: github/codeql-action/init@v1
with:
languages: "go"
- name: CodeQL Autobuild
if: github.event_name == 'pull_request'
uses: github/codeql-action/autobuild@v1
- name: CodeQL Analysis
if: github.event_name == 'pull_request'
uses: github/codeql-action/analyze@v1
- name: Snyk Init
if: github.event_name == 'push'
uses: snyk/actions/setup@master
- name: Snyk Analysis
if: github.event_name == 'push'
run: snyk test --sarif-file-output=snyk.sarif
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Snyk Upload result to GitHub Code Scanning
if: github.event_name == 'push'
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: snyk.sarif

0
.github/workflows/update.yml → .github/workflows/update.yaml vendored
Unescape Escape View File

2
docs/internal/release.md
Unescape Escape View File

@ -130,7 +130,7 @@ Upgrade procedure:
`fluxcd/flux2`: `fluxcd/flux2`:
1. Update the `github.com/fluxcd/*-controller/api` version in `flux2/go.mod` (automated with [GitHub Actions](../../.github/workflows/update.yml)) 1. Update the `github.com/fluxcd/*-controller/api` version in `flux2/go.mod` (automated with [GitHub Actions](../../.github/workflows/update.yaml))
1. Update the `github.com/fluxcd/pkg/*` version in `flux2/go.mod` 1. Update the `github.com/fluxcd/pkg/*` version in `flux2/go.mod`
1. Update the `k8s.io/*` and `github.com/fluxcd/pkg/runtime` version in `flux2/go.mod` 1. Update the `k8s.io/*` and `github.com/fluxcd/pkg/runtime` version in `flux2/go.mod`

Write Preview
Loading…
Cancel
Save