mirror of
https://github.com/percona/percona-toolkit.git
synced 2025-09-04 11:37:16 +00:00
28bcd06b07
* Create toolkit.yml Added github action that will build go binaries on each commit. After that we will scan all binaries on CVEs. And if there are no CVEs binaries will be available for downloads * Update toolkit.yml Update GA
41 lines
1.1 KiB
YAML
41 lines
1.1 KiB
YAML
name: toolkit
|
|
|
|
on:
|
|
push:
|
|
branches: [ "3.x" ]
|
|
pull_request:
|
|
branches: [ "3.x" ]
|
|
|
|
jobs:
|
|
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: 1.19
|
|
- name: Install make
|
|
run: sudo apt-get update && sudo apt-get -y install make
|
|
- name: Build
|
|
run: cd src/go; make linux-amd64; cd ../../
|
|
|
|
- name: Build the Docker image
|
|
run: echo "FROM oraclelinux:9-slim" > Dockerfile; echo "COPY bin/* /usr/bin/" >> Dockerfile; docker build . --file Dockerfile --tag percona-toolkit:${{ github.sha }}
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@0.8.0
|
|
with:
|
|
image-ref: 'percona-toolkit:${{ github.sha }}'
|
|
format: 'table'
|
|
exit-code: '1'
|
|
ignore-unfixed: true
|
|
vuln-type: 'os,library'
|
|
severity: 'CRITICAL,HIGH'
|
|
- name: Upload a Build Artifact
|
|
uses: actions/upload-artifact@v3.1.2
|
|
with:
|
|
name: binaries
|
|
path: bin/*
|