chore: upload zap scan artifacts with different names for different scanned images #10003
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Ecosystem client tools" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: [main] | |
release: | |
types: | |
- published | |
permissions: read-all | |
jobs: | |
client-tools: | |
name: Check client tools | |
runs-on: ubuntu-latest-16-cores | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
cache: false | |
go-version: 1.23.x | |
- name: Install dependencies | |
run: | | |
cd $GITHUB_WORKSPACE | |
go install github.com/swaggo/swag/cmd/swag@v1.16.2 | |
go mod download | |
sudo apt-get update | |
sudo apt-get install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config rpm uidmap haproxy jq | |
# install skopeo | |
git clone -b v1.12.0 https://github.com/containers/skopeo.git | |
cd skopeo | |
make bin/skopeo | |
sudo cp bin/skopeo /usr/bin | |
skopeo -v | |
# install cri-o (for crictl) | |
OS=xUbuntu_22.04 | |
CRIO_VERSION=1.26 | |
curl -fsSL https://download.opensuse.org/repositories/isv:/kubernetes:/addons:/cri-o:/prerelease:/main:/build/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg | |
echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://download.opensuse.org/repositories/isv:/kubernetes:/addons:/cri-o:/prerelease:/main:/build/deb/ /" | sudo tee /etc/apt/sources.list.d/cri-o.list | |
sudo apt update | |
sudo apt install -y cri-o runc | |
sudo systemctl enable crio.service | |
sudo systemctl start crio.service | |
sudo chmod 0777 /var/run/crio/crio.sock | |
# install docker | |
# Add Docker's official GPG key: | |
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc | |
sudo chmod a+r /etc/apt/keyrings/docker.asc | |
echo \ | |
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ | |
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ | |
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null | |
sudo apt update | |
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin | |
# install dex | |
git clone https://github.com/dexidp/dex.git | |
cd dex/ | |
git checkout v2.39.1 | |
make bin/dex | |
./bin/dex serve $GITHUB_WORKSPACE/test/dex/config-dev.yaml & | |
cd $GITHUB_WORKSPACE | |
- name: Run CI tests | |
run: | | |
make run-blackbox-ci | |
- name: Log in to GitHub Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ github.token }} | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Install localstack | |
run: | | |
pip install --upgrade pyopenssl | |
pip install localstack==3.3.0 awscli-local[ver1] # install LocalStack cli and awslocal | |
docker pull ghcr.io/project-zot/ci-images/localstack:3.3.0 # Make sure to pull a working version of the image | |
localstack start -d # Start LocalStack in the background | |
echo "Waiting for LocalStack startup..." # Wait 30 seconds for the LocalStack container | |
localstack wait -t 30 # to become ready before timing out | |
echo "Startup complete" | |
- name: Run cloud-only tests | |
run: | | |
make run-blackbox-cloud-ci | |
env: | |
AWS_ACCESS_KEY_ID: fake | |
AWS_SECRET_ACCESS_KEY: fake | |
- name: Run cloud scale-out tests | |
id: scale | |
run: | | |
make run-cloud-scale-out-tests | |
env: | |
AWS_ACCESS_KEY_ID: fake | |
AWS_SECRET_ACCESS_KEY: fake | |
continue-on-error: true | |
- name: print service logs for scale-out | |
run: | | |
find /tmp/zot-ft-logs -name '*.log' -print0 | xargs -0 cat | |
- name: multi-hop detection | |
id: multihop | |
run: | | |
if find /tmp/zot-ft-logs -name '*.log' -print0 | xargs -0 cat | grep 'cannot proxy an already proxied request'; then | |
echo "detected multi-hop" | |
exit 1 | |
else | |
exit 0 | |
fi | |
continue-on-error: true | |
- name: clean up scale-out logs | |
run: | | |
rm -r /tmp/zot-ft-logs | |
- name: fail job if error | |
if: ${{ steps.scale.outcome != 'success' || steps.multihop.outcome != 'success' }} | |
run: | | |
exit 1 | |
- name: Upload zb test results zip as build artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: zb-cloud-scale-out-functional-results-${{ github.sha }} | |
path: ./zb-results/ | |
- uses: ./.github/actions/teardown-localstack |