Fix: Relocate GitHub Summary Vulnerability Report (#321) #912
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: _Test OCI Factory | mock-rock | |
on: | |
workflow_dispatch: | |
push: | |
paths: | |
- ".github/workflows/*" | |
- ".github/actions/**" | |
- "!.github/workflows/CLA-Check.yaml" | |
- "!.github/workflows/PR-Validator.yaml" | |
- "!.github/workflows/_Auto-updates.yaml" | |
- "!.github/workflows/Continuous-Testing.yaml" | |
- "!.github/workflows/CLI-Client.yaml" | |
- "examples/**" | |
- "oci/mock*" | |
- "src/**" | |
- "tools/**" | |
- "tests/**" | |
- "!tools/workflow-engine/**" | |
- "!tools/cli-client/**" | |
env: | |
# local path to clone the oci-factory to | |
# path of pytest junit output | |
PYTEST_RESULT_PATH: pytest_results.xml | |
jobs: | |
access-check: | |
name: Validate access to mock-rock | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/validate-actor | |
with: | |
admin-only: true | |
image-path: "oci/mock-rock" | |
github-token: ${{ secrets.ROCKSBOT_TOKEN }} | |
pytest: | |
# Trigger python unit tests across the repository | |
name: pytest | |
runs-on: ubuntu-22.04 | |
steps: | |
# Job Setup | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
# Note: Add additional dependency installation lines as required below | |
# test-oci-factory/pytest requirements | |
- run: pip install -r tests/etc/requirements.txt | |
# build_rock/configure requirements | |
- run: pip install -r src/build_rock/configure/requirements.txt | |
- name: Run pytest | |
continue-on-error: true | |
run: | | |
python3 -m pytest --junit-xml "${{ env.PYTEST_RESULT_PATH }}" | |
- name: Generate Summary | |
if: ${{ !cancelled() }} | |
run: | | |
python3 -m tools.junit_to_markdown --input-junit "${{ env.PYTEST_RESULT_PATH }}" >> $GITHUB_STEP_SUMMARY | |
- name: Upload pytest Result | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.PYTEST_RESULT_PATH }} | |
path: ${{ env.PYTEST_RESULT_PATH }} | |
if-no-files-found: error | |
bats-test: | |
# Trigger bash unit tests across the repository | |
name: bats | |
runs-on: ubuntu-22.04 | |
steps: | |
# Job Setup | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- name: Install bats | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y bats | |
- name: Run bats | |
env: | |
GITHUB_TOKEN: ${{ secrets.ROCKSBOT_TOKEN }} | |
run: | | |
find ${{ github.workspace }} -name 'test-*.bats' | xargs bats | |
# # Test use case of reuseable workflow | |
# build-rock: | |
# uses: ./.github/workflows/Build-Rock.yaml | |
# with: | |
# # mock rock | |
# oci-archive-name: "mock-rock" | |
# rock-repo: canonical/rocks-toolbox | |
# rock-repo-commit: main | |
# rockfile-directory: mock_rock/1.2 # 1.0 - multi arch, 1.2 single arch rock | |
# test-rock: | |
# uses: ./.github/workflows/Test-Rock.yaml | |
# needs: [build-rock] | |
# with: | |
# oci-archive-name: "mock-rock" | |
# test-black-box: true | |
# test-efficiency: true | |
# test-malware: true | |
# test-oci-compliance: true | |
# test-vulnerabilities: true | |
# # Test workflow used in continuous testing | |
# test-vulnerability-scan: | |
# name: Test vulnerability scan workflow | |
# needs: [access-check] | |
# uses: ./.github/workflows/Vulnerability-Scan.yaml | |
# with: | |
# oci-image-name: "ghcr.io/canonical/oci-factory/mock-rock:1.1-22.04_844" | |
# oci-image-path: "oci/mock-rock" | |
# secrets: inherit | |
# Test full image workflow | |
test-workflows: | |
name: Trigger internal tests for mock-rock | |
needs: [access-check] | |
uses: ./.github/workflows/Image.yaml | |
with: | |
oci-image-name: "mock-rock" | |
upload: true | |
secrets: inherit |