DEVOPS-2804 Update docker scout creds #314

Workflow file for this run

	name: CI

	on:
	pull_request:
	branches: [ 'stable/**' ]
	types: [ 'opened', 'reopened', 'synchronize' ]
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	build:
	name: Build
	runs-on: ${{ matrix.RUNNER }}
	strategy:
	fail-fast: false
	matrix:
	include:
	- PLATFORM: amd64
	ARCH: x86_64
	RUNNER: self-hosted-amd64-1cpu
	- PLATFORM: arm64
	ARCH: aarch64
	RUNNER: self-hosted-arm64-1cpu
	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2

	- name: Build image
	run: make ARCHS=${{ matrix.ARCH }} PLATFORMS=${{ matrix.PLATFORM }} BUILDX_ARGS=--load build

	- name: Save image
	run: docker save -o node-${{ matrix.ARCH }}.tar docker.io/wallarm/node:test

	- name: Cache image
	uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b
	with:
	retention-days: 1
	name: node-${{ matrix.ARCH }}.tar
	path: node-${{ matrix.ARCH }}.tar

	test:
	name: Test
	runs-on: ${{ matrix.RUNNER }}
	env:
	## US preset
	env_code: ingress-us1
	CLIENT_ID: 7119
	## EU preset
	# env_code: ingress
	# CLIENT_ID: 5
	needs:
	- build
	strategy:
	matrix:
	case: [ single, split ]
	ARCH: [ x86_64, aarch64 ]
	include:
	- ARCH: x86_64
	RUNNER: self-hosted-amd64-2cpu
	- ARCH: aarch64
	RUNNER: self-hosted-arm64-2cpu
	fail-fast: false
	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2

	- name: Import secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	id: secrets
	with:
	exportEnv: false
	url: ${{ secrets.VAULT_URL }}
	role: ${{ secrets.VAULT_ROLE }}
	method: kubernetes
	path: kubernetes-ci
	secrets: \|
	kv-gitlab-ci/data/github/${{ env.env_code }} api_token ;
	kv-gitlab-ci/data/github/${{ env.env_code }} api_host ;
	kv-gitlab-ci/data/github/${{ env.env_code }} api_preset ;
	kv-gitlab-ci/data/github/${{ env.env_code }} user_token ;
	kv-gitlab-ci/data/github/${{ env.env_code }} webhook_uuid ;
	kv-gitlab-ci/data/github/${{ env.env_code }} webhook_api_key ;
	kv-gitlab-ci/data/github/${{ env.env_code }} allure_server_token ;
	kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_name ;
	kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ;
	kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds registry_name ;

	- name: Login
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
	with:
	registry: ${{ steps.secrets.outputs.registry_name }}
	username: ${{ steps.secrets.outputs.token_name }}
	password: ${{ steps.secrets.outputs.token_secret }}

	- name: Load cache
	uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
	with:
	name: node-${{ matrix.ARCH }}.tar

	- name: Load images
	run: docker load -i node-${{ matrix.ARCH }}.tar

	- name: Run test
	env:
	USER_TOKEN: ${{ steps.secrets.outputs.user_token }}
	WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }}
	WALLARM_API_HOST: ${{ steps.secrets.outputs.api_host }}
	WALLARM_API_PRESET: ${{ steps.secrets.outputs.api_preset }}
	ALLURE_TOKEN: ${{ steps.secrets.outputs.ALLURE_SERVER_TOKEN }}
	ALLURE_ENVIRONMENT_ARCH: ${{ matrix.ARCH }}
	ALLURE_UPLOAD_REPORT: true
	WEBHOOK_API_KEY: ${{ steps.secrets.outputs.webhook_api_key }}
	WEBHOOK_UUID: ${{ steps.secrets.outputs.webhook_uuid }}
	run: make ${{ matrix.case }}

	scan:
	name: Vulnerability scanner
	runs-on: self-hosted-amd64-1cpu
	permissions:
	pull-requests: write
	needs:
	- build
	env:
	ARCH: x86_64
	steps:
	- name: Load cache
	uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
	with:
	name: node-${{ env.ARCH }}.tar

	- name: Import secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	id: secrets
	with:
	exportEnv: false
	url: ${{ secrets.VAULT_URL }}
	role: ${{ secrets.VAULT_ROLE }}
	method: kubernetes
	path: kubernetes-ci
	secrets: \|
	kv-gitlab-ci/data/github/shared/docker-hub-wallarmadmin user \| DOCKERHUB_USER ;
	kv-gitlab-ci/data/github/shared/docker-hub-wallarmadmin password \| DOCKERHUB_PASSWORD ;

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ steps.secrets.outputs.DOCKERHUB_USER }}
	password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }}

	- name: Docker Scout
	uses: docker/scout-action@v1
	with:
	command: compare,cves
	image: archive://node-${{ env.ARCH }}.tar
	to: docker.io/wallarm/node:latest
	ignore-unchanged: false
	only-severities: critical,high
	write-comment: true
	github-token: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DEVOPS-2804 Update docker scout creds #314

Workflow file

DEVOPS-2804 Update docker scout creds #314

Jobs

Run details

Workflow file for this run