Skip to content

Commit

Permalink
Merge pull request #817 from rstudio/dev
Browse files Browse the repository at this point in the history 
Merge `dev` to `main`
  • Loading branch information
@ianpittwood
ianpittwood authored Jul 22, 2024
2 parents 94e8642 + 6f7c47a commit fab7faa
Show file tree
Hide file tree
Showing 38 changed files with 576 additions and 281 deletions.
44 changes: 43 additions & 1 deletion .github/actions/bake-test-push/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ inputs:
description: Flag to test image once built
default: true
type: boolean
scan-image:
description: Flag to scan image for vulnerabilities once built
default: true
type: boolean
push-image:
description: Flag to push image once built
default: false
Expand All @@ -37,6 +41,14 @@ inputs:
description: JSON for authenticating Google Cloud Platform
default: ""
type: string
snyk-org:
description: Organization ID for Snyk
default: ""
type: string
snyk-token:
description: Token for authenticating with Snyk
default: ""
type: string

runs:
using: "composite"
Expand All @@ -47,6 +59,13 @@ runs:
env:
GITHUB_TOKEN: ${{ inputs.ghcr-token }}

- uses: snyk/actions/setup@master

- name: Snyk auth
shell: bash
run: |
snyk auth ${{ inputs.snyk-token }}
- uses: actions/setup-python@v5
with:
python-version: '3.12'
Expand Down Expand Up @@ -109,7 +128,30 @@ runs:
- name: Test
shell: bash
run: |
just test "${{ inputs.target }}" "${{ inputs.bakefile }}"
if [[ "${{ inputs.test-image }}" == "true" ]]; then
just test "${{ inputs.target }}" "${{ inputs.bakefile }}"
fi
- name: Scan
continue-on-error: true
env:
SNYK_ORG: ${{ inputs.snyk-org }}
shell: bash
run: |
if [[ "${{ inputs.scan-image }}" == "true" ]]; then
if [[ "${{ inputs.push-image }}" == "true" ]]; then
just snyk-monitor "${{ inputs.target }}" "${{ inputs.bakefile }}"
else
just snyk-test "${{ inputs.target }}" "${{ inputs.bakefile }}"
fi
fi
- name: Upload results
uses: github/codeql-action/upload-sarif@v3
continue-on-error: true
with:
sarif_file: "container.sarif"
category: "${{ inputs.target }}-snyk-vulnerabilities"

- name: Push - ${{ inputs.push-image }}
uses: docker/bake-action@v4
Expand Down
180 changes: 0 additions & 180 deletions .github/actions/build-test-scan-push/action.yaml
View file

This file was deleted.

18 changes: 18 additions & 0 deletions .github/workflows/build-bake-preview.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,8 @@ jobs:
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
snyk-org: ${{ secrets.SNYK_ORG }}
snyk-token: '${{ secrets.SNYK_TOKEN }}'

connect-daily:
needs: [versions]
Expand Down Expand Up @@ -137,6 +139,8 @@ jobs:
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
snyk-org: ${{ secrets.SNYK_ORG }}
snyk-token: '${{ secrets.SNYK_TOKEN }}'

connect-content-init-daily:
needs: [versions]
Expand Down Expand Up @@ -175,6 +179,8 @@ jobs:
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
snyk-org: ${{ secrets.SNYK_ORG }}
snyk-token: '${{ secrets.SNYK_TOKEN }}'

package-manager-preview:
needs: [versions]
Expand Down Expand Up @@ -213,6 +219,8 @@ jobs:
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
snyk-org: ${{ secrets.SNYK_ORG }}
snyk-token: '${{ secrets.SNYK_TOKEN }}'

package-manager-daily:
needs: [versions]
Expand Down Expand Up @@ -251,6 +259,8 @@ jobs:
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
snyk-org: ${{ secrets.SNYK_ORG }}
snyk-token: '${{ secrets.SNYK_TOKEN }}'

r-session-complete-preview:
needs: [versions]
Expand Down Expand Up @@ -289,6 +299,8 @@ jobs:
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
snyk-org: ${{ secrets.SNYK_ORG }}
snyk-token: '${{ secrets.SNYK_TOKEN }}'

r-session-complete-daily:
needs: [versions]
Expand Down Expand Up @@ -327,6 +339,8 @@ jobs:
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
snyk-org: ${{ secrets.SNYK_ORG }}
snyk-token: '${{ secrets.SNYK_TOKEN }}'

workbench-preview:
needs: [versions]
Expand Down Expand Up @@ -365,6 +379,8 @@ jobs:
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
snyk-org: ${{ secrets.SNYK_ORG }}
snyk-token: '${{ secrets.SNYK_TOKEN }}'

workbench-daily:
needs: [versions]
Expand Down Expand Up @@ -403,3 +419,5 @@ jobs:
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
snyk-org: ${{ secrets.SNYK_ORG }}
snyk-token: '${{ secrets.SNYK_TOKEN }}'
Loading

0 comments on commit fab7faa

Please sign in to comment.