Skip to content

Commit

Permalink
fix: [#73] Use cached Trivy DBs to prevent bump into pull rate limiti…
Browse files Browse the repository at this point in the history 
…ng issues (#74)
  • Loading branch information
@sbp-bvanb
sbp-bvanb authored Sep 26, 2024
1 parent e10746d commit 065dcb1
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 11 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
.vscode
31 changes: 21 additions & 10 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,17 @@ In summary, using this action will ensure that Golang code meets certain
standards before it will be deployed to production as the assembly line will
fail if an issue arises.

## usage
## Usage

Create a `.github/workflows/golang.yml` file with the following content:

```bash
```yaml
---
name: Golang
'on': push
"on": push
permissions:
contents: read
packages: read
jobs:
MCVS-golang-action:
runs-on: ubuntu-20.04
Expand All @@ -38,18 +41,26 @@ jobs:
with:
golang-unit-tests-exclusions: |-
\(cmd\/some-app\|internal\/app\/some-app\)
token: ${{ secrets.GITHUB_TOKEN }}
```
and a [.golangci.yml](https://golangci-lint.run/usage/configuration/).
| option | default |
| ---------------------------------- | ------- |
| code_coverage_expected | 80 |
| golang-unit-tests-exclusions | ' ' |
| golangci-lint-version | v1.55.2 |
| golang-number-of-tests-in-parallel | 4 |
<!-- markdownlint-disable MD013 -->
| Option | Default | Required | Description |
| :--------------------------------- | :----------------------------------- | -------- | :--------------------------------------------------------------------------------------------------------------- |
| code_coverage_expected | 80 | | |
| golang-unit-tests-exclusions | ' ' | | |
| golangci-lint-version | v1.55.2 | | |
| golang-number-of-tests-in-parallel | 4 | | |
| token | ' ' | x | GitHub token that is required to push an image to the registry of the project and to pull cached Trivy DB images |
| trivy-action-db | ghcr.io/aquasecurity/trivy-db:2 | | Replace this with a cached image to prevent bump into pull rate limiting issues |
| trivy-action-java-db | ghcr.io/aquasecurity/trivy-java-db:1 | | Replace this with a cached image to prevent bump into pull rate limiting issues |
<!-- markdownlint-enable MD013 -->
## integration
## Integration
To execute integration tests, make sure that the code is located in a file with
a `_integration_test.go` postfix, such as `some_integration_test.go`.
Expand Down
24 changes: 23 additions & 1 deletion action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,23 @@ inputs:
description: |
The Golangci-lint version that has to be installed and used.
default: v1.55.2
required: true
golang-number-of-tests-in-parallel:
description: |
Number of test in parallel.
default: "4"
trivy-action-db:
default: "ghcr.io/aquasecurity/trivy-db:2"
description: |
OCI repository to retrieve trivy-db from.
trivy-action-java-db:
description: |
OCI repository to retrieve trivy-java-db from.
default: "ghcr.io/aquasecurity/trivy-java-db:1"
token:
description: |
A token is required to allow the mcvs-golang-action to pull the
cached trivy DBs to prevent bump into pull rate limits.
required: true
runs:
using: "composite"
steps:
Expand Down Expand Up @@ -73,7 +85,17 @@ runs:
path: "."
severity-cutoff: high
- uses: 030/[email protected]
- name: Log in to GitHub Packages Docker registry
shell: bash
run: |
echo "${{ inputs.token }}" |\
docker login ghcr.io -u ${{ github.actor }} --password-stdin
- uses: aquasecurity/[email protected]
env:
TRIVY_DB_REPOSITORY: ${{ inputs.trivy-action-db }}
TRIVY_JAVA_DB_REPOSITORY: ${{ inputs.trivy-action-java-db }}
TRIVY_PASSWORD: ${{ inputs.token }}
TRIVY_USERNAME: ${{ github.actor }}
with:
scan-type: "fs"
scan-ref: "."
Expand Down

0 comments on commit 065dcb1

Please sign in to comment.