Skip to content

fix: scan resources with low permissions #982

fix: scan resources with low permissions

fix: scan resources with low permissions #982

Workflow file for this run

---
# This workflow is triggered on push or pull request for the main branch.
# It runs tests and various checks to validate that the proposed changes
# will not introduce any regression after merging the code to the main branch.
name: Build
on:
push:
branches:
- main
paths-ignore:
- '.github/ISSUE_TEMPLATE/*.md'
- '*.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
- 'NOTICE'
pull_request:
branches:
- main
paths-ignore:
- '.github/ISSUE_TEMPLATE/*.md'
- '*.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
- 'NOTICE'
env:
GO_VERSION: 1.22.3
KIND_VERSION: v0.11.1
# Disable permissions granted to the GITHUB_TOKEN for all the available scopes.
permissions: {}
# Cancel any in-flight jobs for the same PR branch,
# so there's only one active at a time.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
verify-code:
name: Verify code
runs-on: ubuntu-20.04
steps:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout code
uses: actions/checkout@v4
- name: Cached Go dependencies
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Verify Go code
uses: golangci/[email protected]
with:
args: --verbose --deadline=5m
version: v1.55.2
skip-pkg-cache: true
skip-build-cache: true
- name: Verify YAML code
uses: ibiqlik/action-yamllint@v3
- name: Vendor Go modules
run: go mod vendor
unit-tests:
name: Run unit tests
runs-on: ubuntu-20.04
steps:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Run unit tests
run: make unit-tests
- name: Upload code coverage
uses: codecov/codecov-action@v4
with:
files: ./coverage.txt
integrations-testing:
name: Run end to end testing
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: enabled
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install kind and create cluster
run: >
curl -Lo ./kind https://kind.sigs.k8s.io/dl/${{ env.KIND_VERSION
}}/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
kind create cluster
curl -LO https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
- name: Test connection to Kubernetes cluster
run: |
kubectl cluster-info
kubectl wait --for=condition=Ready nodes --all --timeout=300s
kubectl describe node
- name: Run end to end tests
run: make integrations-tests