Merge branch 'main' into fix-relative-paths-last-good

Signed-off-by: Simar <[email protected]>
aquasecurity · Apr 5, 2023 · 0337b65 · 0337b65
2 parents bd52bba + 6c8b042
commit 0337b65
Show file tree

Hide file tree

Showing 165 changed files with 3,392 additions and 1,268 deletions.
diff --git a/.github/workflows/canary.yaml b/.github/workflows/canary.yaml
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Restore Trivy binaries from cache
-        uses: actions/cache@v3.2.6
+        uses: actions/cache@v3.3.1
         with:
           path: dist/
           key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}

diff --git a/.github/workflows/publish-chart.yaml b/.github/workflows/publish-chart.yaml
@@ -35,7 +35,7 @@ jobs:
           python-version: 3.7
       - name: Setup Chart Linting
         id: lint
-        uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76
       - name: Setup Kubernetes cluster (KIND)
         uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00
         with:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -24,7 +24,7 @@ jobs:
           fetch-depth: 0
 
       - name: Restore Trivy binaries from cache
-        uses: actions/cache@v3.2.6
+        uses: actions/cache@v3.3.1
         with:
           path: dist/
           key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}

diff --git a/.github/workflows/reusable-release.yaml b/.github/workflows/reusable-release.yaml
@@ -65,7 +65,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
 
@@ -75,25 +75,13 @@ jobs:
           args: mod -licenses -json -output bom.json
           version: ^v1
 
-      - name: "save gpg key"
-        env:
-          GPG_KEY: ${{ secrets.GPG_KEY }}
-        run: |
-          echo "$GPG_KEY" > gpg.txt
-
       - name: GoReleaser
         uses: goreleaser/goreleaser-action@v4
         with:
           version: v1.4.1
           args: release -f=${{ inputs.goreleaser_config}} ${{ inputs.goreleaser_options}}
         env:
           GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
-          NFPM_DEFAULT_RPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-          GPG_FILE: "gpg.txt"
-
-      - name: "remove gpg key"
-        run: |
-          rm gpg.txt
 
       ## push images to registries
       ## only for canary build
@@ -111,7 +99,7 @@ jobs:
             public.ecr.aws/aquasecurity/trivy:canary
 
       - name: Cache Trivy binaries
-        uses: actions/cache@v3.2.6
+        uses: actions/cache@v3.3.1
         with:
           path: dist/
           # use 'github.sha' to create a unique cache folder for each run.

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -25,7 +25,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: oldstable
 
@@ -46,13 +46,22 @@ jobs:
           skip-cache: true # https://github.com/golangci/golangci-lint-action/issues/244#issuecomment-1052197778
         if: matrix.operating-system == 'ubuntu-latest'
 
-      # Install tools
-      - uses: aquaproj/[email protected]
+      - name: Install tools
+        uses: aquaproj/[email protected]
         with:
           aqua_version: v1.25.0
 
+      - name: Check if CLI references are up-to-date
+        run: |
+          mage docs:generate
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "Run 'mage docs:generate' and push it"
+            exit 1
+          fi
+        if: matrix.operating-system == 'ubuntu-latest'
+
       - name: Run unit tests
-        run: make test
+        run: mage test:unit
 
   integration:
     name: Integration Test
@@ -62,12 +71,17 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
 
+      - name: Install tools
+        uses: aquaproj/[email protected]
+        with:
+          aqua_version: v1.25.0
+
       - name: Run integration tests
-        run: make test-integration
+        run: mage test:integration
 
   module-test:
     name: Module Integration Test
@@ -77,19 +91,19 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
 
-      # Install tools
-      - uses: aquaproj/[email protected]
+      - name: Install tools
+        uses: aquaproj/[email protected]
         with:
           aqua_version: v1.25.0
 
       - name: Run module integration tests
         shell: bash
         run: |
-          make test-module-integration
+          mage test:module
 
   build-test:
     name: Build Test
@@ -111,7 +125,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Go
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version-file: go.mod
 
@@ -120,5 +134,4 @@ jobs:
       with:
         version: v1.4.1
         args: release --skip-sign --snapshot --rm-dist --skip-publish --timeout 90m
-      env:
-        GPG_FILE: "nofile"
+
diff --git a/.github/workflows/vm-test.yaml b/.github/workflows/vm-test.yaml
@@ -24,9 +24,13 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
+      - name: Install tools
+        uses: aquaproj/[email protected]
+        with:
+          aqua_version: v1.25.0
       - name: Run vm integration tests
         run: |
-          make test-vm-integration
+          mage test:vm
diff --git a/.gitignore b/.gitignore
@@ -34,4 +34,7 @@ integration/testdata/fixtures/vm-images
 dist
 
 # WebAssembly
-*.wasm
+*.wasm
+
+# Signing
+gpg.key
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 RUN apk --no-cache add ca-certificates git
 COPY trivy /usr/local/bin/trivy
 COPY contrib/*.tpl contrib/

diff --git a/Dockerfile.canary b/Dockerfile.canary
@@ -1,4 +1,4 @@
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 RUN apk --no-cache add ca-certificates git
 
 # binaries were created with GoReleaser

diff --git a/Dockerfile.protoc b/Dockerfile.protoc
@@ -10,3 +10,6 @@ RUN curl --retry 5 -OL https://github.com/protocolbuffers/protobuf/releases/down
 
 RUN go install github.com/twitchtv/twirp/[email protected]
 RUN go install google.golang.org/protobuf/cmd/[email protected]
+RUN go install github.com/magefile/[email protected]
+
+ENV TRIVY_PROTOC_CONTAINER=true
diff --git a/Makefile b/Makefile
diff --git a/aqua.yaml b/aqua.yaml
@@ -6,3 +6,4 @@ registries:
   ref: v3.106.0 # renovate: depName=aquaproj/aqua-registry
 packages:
 - name: tinygo-org/[email protected]
+- name: magefile/[email protected]
-Original file line number
+Diff line change
@@ Expand Up / @@ -34,4 +34,7 @@ integration/testdata/fixtures/vm-images @@
     dist
     # WebAssembly
-    *.wasm
+    *.wasm
+    # Signing
+    gpg.key