Skip to content

build(deps): bump aquasecurity/trivy-action from 0.20.0 to 0.21.0 #2294

build(deps): bump aquasecurity/trivy-action from 0.20.0 to 0.21.0

build(deps): bump aquasecurity/trivy-action from 0.20.0 to 0.21.0 #2294

Workflow file for this run

name: Post Merge
on:
push:
branches:
- main
jobs:
generate:
name: Sync Generated Code and Docs
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
token: ${{ secrets.GH_PUSH_TOKEN }} # required to push to protected branch below
- name: Generate
run: make clean generate docs-generate-cli-docs
- name: Commit & Push
shell: bash
run: |
# Commit any changes and push as needed.
# See https://github.com/actions/checkout#push-a-commit-using-the-built-in-token
AUTHOR=wasm-updater
git config user.name ${AUTHOR}
git config user.email ${AUTHOR}@github.com
# Prevent looping if the build was non-deterministic..
CAN_PUSH=1
if [[ "$(git log -1 --pretty=format:'%an')" == "${AUTHOR}" ]]; then
CAN_PUSH=0
fi
if ./build/commit-wasm-bins.sh; then
if [[ "${CAN_PUSH}" == "1" ]]; then
git push
else
echo "Previous commit was auto-generated -- Aborting!"
exit 1
fi
else
echo "No generated changes to push!"
fi
AUTHOR=cli-docs-updater
git config user.name ${AUTHOR}
git config user.email ${AUTHOR}@github.com
# Prevent looping if the build was non-deterministic..
CAN_PUSH=1
if [[ "$(git log -1 --pretty=format:'%an')" == "${AUTHOR}" ]]; then
CAN_PUSH=0
fi
if ./build/commit-cli-docs.sh; then
if [[ "${CAN_PUSH}" == "1" ]]; then
git push
else
echo "Previous commit was auto-generated -- Aborting!"
exit 1
fi
else
echo "No generated changes to push!"
fi
code-coverage:
name: Update Go Test Coverage
runs-on: ubuntu-22.04
needs: generate
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Unit Test Golang
run: make ci-go-test-coverage
timeout-minutes: 30
release-build:
name: Release Build (linux, windows)
runs-on: ubuntu-22.04
needs: generate
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Build Linux and Windows
run: make ci-go-ci-build-linux ci-go-ci-build-linux-static ci-go-ci-build-windows
timeout-minutes: 30
env:
TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}
- name: Build Linux arm64
run: make ci-go-ci-build-linux-static
timeout-minutes: 30
env:
GOARCH: arm64
TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}
- name: Upload binaries
uses: actions/upload-artifact@v4
if: always()
with:
name: binaries-linux-windows
path: _release
release-build-darwin:
name: Release Build (darwin)
runs-on: macos-14
needs: generate
steps:
- name: Check out code
uses: actions/checkout@v4
- id: go_version
name: Read go version
run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT
- name: Install Go (${{ steps.go_version.outputs.go_version }})
uses: actions/setup-go@v5
with:
go-version: ${{ steps.go_version.outputs.go_version }}
- name: Build Darwin
run: |
make ci-build-darwin GOARCH=amd64
make ci-build-darwin-arm64-static
timeout-minutes: 30
env:
TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}
- name: Upload binaries (darwin)
uses: actions/upload-artifact@v4
if: always()
with:
name: binaries-darwin
path: _release
deploy-edge:
name: Push Edge Release
runs-on: ubuntu-22.04
needs: [release-build, release-build-darwin]
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Test
run: make ci-release-test
timeout-minutes: 60
- name: Download release binaries
uses: actions/download-artifact@v4
with:
pattern: binaries-*
merge-multiple: true
path: _release
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Deploy OPA Edge
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE }}
S3_RELEASE_BUCKET: ${{ secrets.S3_RELEASE_BUCKET }}
# Only run if required secrets are provided
if: ${{ env.S3_RELEASE_BUCKET && env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY && env.DOCKER_USER && env.DOCKER_PASSWORD }}
run: make deploy-ci
deploy-wasm-builder:
name: Deploy WASM Builder
runs-on: ubuntu-22.04
needs: generate
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Build and Push opa-wasm-builder
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKER_WASM_BUILDER_IMAGE: ${{ secrets.DOCKER_WASM_BUILDER_IMAGE }}
# Only run if required secrets are provided
if: ${{ env.DOCKER_USER && env.DOCKER_PASSWORD }}
run: make push-wasm-builder-image