DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CI updates (#9440)

Browse source 
* add labels to dependabot prs

Signed-off-by: cpanato <ctadeu@gmail.com>

* sync hashes and versions dependabot can update the version comment now

Signed-off-by: cpanato <ctadeu@gmail.com>

Signed-off-by: cpanato <ctadeu@gmail.com>
This commit is contained in:
Carlos Tadeu Panato Junior 2022-12-22 16:37:26 +01:00 committed by GitHub
parent 21aa7f55a3
commit bb60e02e96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 125 additions and 119 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.github/dependabot.yml vendored
View file

@ -5,7 +5,15 @@ updates:
directory: "/"
schedule:
interval: "weekly"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
interval: "weekly"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"

81
.github/workflows/ci.yaml vendored
View file

@ -33,9 +33,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -59,10 +59,10 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Run Gosec Security Scanner
uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # master
uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # v2.14.0
with:
# G601 for zz_generated.deepcopy.go
# G306 TODO: Expect WriteFile permissions to be 0600 or less
@ -74,26 +74,25 @@ jobs:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Set up Go 1.19.4
- name: Set up Go
id: go
uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.19.4'
go-version: '1.19'
check-latest: true
- name: Set up QEMU
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 #v2.0.0
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.0.0
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
with:
version: latest
@ -104,7 +103,7 @@ jobs:
run: |
sudo apt-get -qq update || true
sudo apt-get install -y pigz
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.25.5/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
@ -138,24 +137,24 @@ jobs:
- changes
- build
if: |
(needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
strategy:
matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3]
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Setup Go
uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.19.4'
go-version: '1.19'
check-latest: true
- name: cache
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
with:
name: docker.tar.gz
@ -192,7 +191,7 @@ jobs:
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0
with:
name: docker.tar.gz
failOnError: false
@ -211,7 +210,6 @@ jobs:
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-chart-tests
kubernetes:
name: Kubernetes
runs-on: ubuntu-latest
@ -219,19 +217,18 @@ jobs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
strategy:
matrix:
k8s: [v1.23.13, v1.24.7, v1.25.3]
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: cache
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v2
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
with:
name: docker.tar.gz
@ -240,7 +237,7 @@ jobs:
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v1
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0
with:
name: docker.tar.gz
failOnError: false
@ -260,7 +257,7 @@ jobs:
make kind-e2e-test
- name: Uplaod e2e junit-reports
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
if: success() || failure()
with:
name: e2e-test-reports-${{ matrix.k8s }}
@ -273,7 +270,7 @@ jobs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
strategy:
matrix:
@ -282,10 +279,10 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: cache
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
with:
name: docker.tar.gz
@ -294,7 +291,7 @@ jobs:
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af
- uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0
with:
name: docker.tar.gz
failOnError: false
@ -313,9 +310,9 @@ jobs:
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Uplaod e2e junit-reports
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
if: success() || failure()
with:
name: e2e-test-reports-chroot-${{ matrix.k8s }}
@ -331,9 +328,9 @@ jobs:
PLATFORMS: linux/amd64,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -388,7 +385,6 @@ jobs:
run: |
cd images/ext-auth-example-authsvc && make build
test-image:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
@ -405,9 +401,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -421,12 +417,13 @@ jobs:
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: Set up Go 1.19.4
- name: Set up Go
id: go
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.19.4'
go-version: '1.19'
check-latest: true
- name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}

4
.github/workflows/depreview.yaml vendored
View file

@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: 'Dependency Review'
uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 #v2.0.2
uses: actions/dependency-review-action@0ff3da6f81b812d4ec3cf37a04e2308c7a723730 # v3.0.2

10
.github/workflows/docs.yaml vendored
View file

@ -22,11 +22,10 @@ jobs:
charts: ${{ steps.filter.outputs.charts }}
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -47,11 +46,10 @@ jobs:
contents: write # needed to write releases
steps:
- name: Checkout master
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b #v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Deploy
uses: ./.github/actions/mkdocs
env:
PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

14
.github/workflows/helm.yaml vendored
View file

@ -22,11 +22,10 @@ jobs:
charts: ${{ steps.filter.outputs.charts }}
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -49,9 +48,8 @@ jobs:
(needs.changes.outputs.charts == 'true')
steps:
- name: Checkout master
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
# Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
fetch-depth: 0
@ -61,12 +59,12 @@ jobs:
run: |
git config --global user.name "$GITHUB_ACTOR"
git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Helm Chart Releaser
uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f #v1.4.1
uses: helm/chart-releaser-action@98bccfd32b0f76149d188912ac8e45ddd3f8695f # v1.4.1
env:
CR_SKIP_EXISTING: "false"
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
with:
charts_dir: charts
charts_dir: charts

13
.github/workflows/junit-reports.yaml vendored
View file

@ -1,4 +1,5 @@
name: 'E2E Test Report'
on:
workflow_run:
workflows: ['CI'] # runs after CI workflow
@ -8,9 +9,9 @@ jobs:
report:
runs-on: ubuntu-latest
steps:
- uses: dorny/test-reporter@v1
with:
artifact: /e2e-test-reports-(.*)/
name: JEST Tests $1 # Name of the check run which will be created
path: 'report*.xml' # Path to test results (inside artifact .zip)
reporter: jest-junit # Format of test results
- uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0
with:
artifact: /e2e-test-reports-(.*)/
name: JEST Tests $1 # Name of the check run which will be created
path: 'report*.xml' # Path to test results (inside artifact .zip)
reporter: jest-junit # Format of test results

7
.github/workflows/perftest.yaml vendored
View file

@ -1,4 +1,5 @@
name: Performance Test
on:
workflow_dispatch:
inputs:
@ -18,7 +19,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Install K6
run: |
@ -33,7 +34,7 @@ jobs:
mkdir $HOME/.kube
make dev-env
podName=`kubectl -n ingress-nginx get po | grep -i controller | awk '{print $1}'`
if [[ -z ${podName} ]] ; then
if [[ -z ${podName} ]] ; then
sleep 5
fi
kubectl wait pod -n ingress-nginx --for condition=Ready $podName
@ -46,7 +47,7 @@ jobs:
kubectl create ing k6 --class nginx \
--rule test.ingress-nginx-controller.ga/*=k6:80
podName=`kubectl get po | grep -i k6 | awk '{print $1}'`
if [[ -z ${podName} ]] ; then
if [[ -z ${podName} ]] ; then
sleep 5
fi
kubectl wait pod --for condition=Ready $podName

9
.github/workflows/plugin.yaml vendored
View file

@ -17,17 +17,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.2.0
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: 1.19.4
go-version: 1.19
check-latest: true
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v3.0.0
uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v4.1.0
with:
version: latest
args: release --rm-dist

4
.github/workflows/project.yml vendored
View file

@ -11,9 +11,9 @@ jobs:
runs-on: ubuntu-latest
permissions:
repository-projects: write
issues: write
issues: write
steps:
- uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 #v0.4.0
- uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 # v0.4.0
with:
project-url: https://github.com/orgs/kubernetes/projects/104
github-token: ${{ secrets.PROJECT_WRITER }}

20
.github/workflows/scorecards.yml vendored
View file

@ -1,11 +1,13 @@
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '20 11 * * 5'
push:
branches: [ "main" ]
branches:
- "main"
# Declare default permissions as read only.
permissions: read-all
@ -22,15 +24,15 @@ jobs:
# Needs for private repositories.
contents: read
actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.0
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@937ffa90d79c7d720498178154ad4c7ba1e4ad8c # v1.1.1
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
with:
results_file: results.sarif
results_format: sarif
@ -41,22 +43,22 @@ jobs:
# repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.0.0
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.14
uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37
with:
sarif_file: results.sarif

72
.github/workflows/vulnerability-scans.yaml vendored
View file

@ -22,7 +22,7 @@ jobs:
versions: ${{ steps.version.outputs.TAGS }}
steps:
- name: Checkout code
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
fetch-depth: 0
@ -46,47 +46,47 @@ jobs:
scan:
runs-on: ubuntu-latest
needs: version
needs: version
strategy:
matrix:
versions: ${{ fromJSON(needs.version.outputs.versions) }}
steps:
- name: Checkout code
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
- name: Checkout code
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- shell: bash
id: test
run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}"
- shell: bash
id: test
run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}"
- name: Scan image with AquaSec/Trivy
id: scan
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 #v0.5.1
with:
image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
format: 'sarif'
output: trivy-results-${{ matrix.versions }}.sarif
exit-code: 0
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
- name: Scan image with AquaSec/Trivy
id: scan
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # v0.8.0
with:
image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
format: 'sarif'
output: trivy-results-${{ matrix.versions }}.sarif
exit-code: 0
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
- name: Output Sarif File
shell: bash
run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
- name: Output Sarif File
shell: bash
run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
# This step checks out a copy of your repository.
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394
with:
token: ${{ github.token }}
# Path to SARIF file relative to the root of the repository
sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
# This step checks out a copy of your repository.
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37
with:
token: ${{ github.token }}
# Path to SARIF file relative to the root of the repository
sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
- name: Vulz Count
shell: bash
run: |
TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
echo "TRIVY_COUNT: $TRIVY_COUNT"
echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY
echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY
- name: Vulz Count
shell: bash
run: |
TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
echo "TRIVY_COUNT: $TRIVY_COUNT"
echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY
echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY