forked from zephyrproject-rtos/zephyr
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding reusable workflows and actions for use across FMOS build proce…
…sses (zephyrproject-rtos#9) * actions: adding trivy-cve-scan * workflows: adding fmos-ci-self-test.yml
- Loading branch information
1 parent
8cddc19
commit 2723c23
Showing
3 changed files
with
67 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| name: fmos-ci-self-test standard workflow | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| container: | ||
| required: true | ||
| type: string | ||
| runner: | ||
| required: true | ||
| type: string | ||
| secrets: | ||
| token: | ||
| required: true | ||
|
|
||
| jobs: | ||
| fmos-ci-self-test: | ||
| runs-on: ${{ inputs.runner }} | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| container: | ||
| image: ${{ inputs.container }} | ||
| options: -v/opt/toolchains:/opt/toolchains | ||
| strategy: | ||
| matrix: | ||
| batch: [1, 2, 3] | ||
| batch_total: [ 3 ] | ||
| steps: | ||
| - name: checkout zephyr ci-self-test tag | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| path: 'zephyrproject/zephyr' | ||
| repository: 'intel-innersource/os.rtos.zephyr.zephyr.git' | ||
| ref: '1rtos-ci-self-test' | ||
| token: ${{ secrets.token }} | ||
| - name: run 1rtos-ci twister wrapper with batch options | ||
| run: /opt/1rtos/container-api.sh 1rtos-ci $GITHUB_WORKSPACE ${{ matrix.batch }} ${{ matrix.batch_total }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| name: 'trivy-cve-scan' | ||
| description: 'executes trivy CVE scan on selected container url' | ||
| inputs: | ||
| container-url: | ||
| description: 'url pointint to container to scan' | ||
| required: true | ||
| cve-level: | ||
| description: 'label for this instance' | ||
| required: true | ||
| default: 'CRITICAL,HIGH' | ||
| exit-code: | ||
| description: 'testnet hostname to target for install' | ||
| required: true | ||
| default: '1' | ||
| dockerio-user: | ||
| description: 'username for docker.io, required to login for pull operation' | ||
| required: true | ||
| dockerio-pass: | ||
| description: 'password for docker.io, required to login for pull operation' | ||
| required: true | ||
|
|
||
| runs: | ||
| using: "composite" | ||
| steps: | ||
| - name: execute trivy scan on external container | ||
| run: | | ||
| docker login -u ${{ inputs.dockerio-user }} -p ${{ inputs.dockerio-pass }} && \ | ||
| docker run --rm -e http_proxy -e https_proxy -v/var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest i --security-checks vuln,config --exit-code ${{ inputs.exit-code }} --ignore-unfixed --severity ${{ inputs.cve-level }} ${{ inputs.container-url }} && \ | ||
| docker logout | ||
| shell: bash |
This file was deleted.
Oops, something went wrong.