test #6

Workflow file for this run

.github/workflows/test-v4-dump.yaml at b140dd4

	name: Test Scanner V4 Dump

	on:
	schedule:
	- cron: '0 /3 * *'
	push:
	branches:
	- master
	- yli3/*

	jobs:
	pre-build-updater:
	runs-on: ubuntu-latest
	container:
	image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ github.event.pull_request.head.sha }}

	- uses: ./.github/actions/job-preamble

	- name: Cache Go dependencies
	uses: ./.github/actions/cache-go-dependencies

	- name: Build updater
	run: make build-updater

	- name: Archive the build to preserve permissions
	run: tar -cvzf updater-build.tgz bin/updater

	- uses: actions/upload-artifact@v4
	with:
	name: updater-build
	path: updater-build.tgz

	pre-build-scanner:
	runs-on: ubuntu-latest
	container:
	image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ github.event.pull_request.head.sha }}

	- uses: ./.github/actions/job-preamble

	- name: Cache Go dependencies
	uses: ./.github/actions/cache-go-dependencies

	- name: Build Scanner
	run: make scanner-build-nodeps

	- name: Archive the build to preserve permissions
	run: tar -cvzf scanner-build.tgz image/scanner/bin/scanner

	- uses: actions/upload-artifact@v4
	with:
	name: scanner-build
	path: scanner-build.tgz

	style-check:
	runs-on: ubuntu-latest
	container:
	image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ github.event.pull_request.head.sha }}

	- uses: ./.github/actions/job-preamble

	- name: Cache Go dependencies
	uses: ./.github/actions/cache-go-dependencies

	- name: Run style checks
	run: ./scripts/ci/jobs/style-checks.sh

	generate-genesis-dump:
	env:
	NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
	runs-on: ubuntu-latest
	needs:
	- pre-build-updater
	container:
	image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ github.event.pull_request.head.sha }}

	- uses: ./.github/actions/job-preamble

	- uses: actions/download-artifact@v4
	with:
	name: updater-build

	- name: Unpack updater build
	run: \|
	tar xvzf updater-build.tgz

	- name: genesis-dump
	run: \|
	source ./scripts/ci/lib.sh
	generate_genesis_dump

	- uses: actions/upload-artifact@v4
	with:
	name: genesis-dump
	path: /tmp/genesis-dump/genesis-dump.zip

	- uses: actions/upload-artifact@v4
	with:
	name: vuln-dump
	path: /tmp/vuln-dump

	generate-v4-dumps:
	runs-on: ubuntu-latest
	env:
	GOOGLE_SA_STACKROX_HUB_VULN_DUMP_UPLOADER: ${{ secrets.GOOGLE_SA_STACKROX_HUB_VULN_DUMP_UPLOADER }}
	SCANNER_GCP_SERVICE_ACCOUNT_CREDS: ${{ secrets.SCANNER_GCP_SERVICE_ACCOUNT_CREDS }}
	GOOGLE_SA_CIRCLECI_SCANNER: ${{ secrets.GOOGLE_SA_CIRCLECI_SCANNER }}
	needs:
	- generate-genesis-dump
	container:
	image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ github.event.pull_request.head.sha }}

	- name: Setup Job Environment
	uses: ./.github/actions/job-preamble

	- name: Download Updater Build Artifact
	uses: actions/download-artifact@v4
	with:
	name: updater-build

	- name: Unpack Updater Build
	run: tar xvzf updater-build.tgz

	- name: Download Genesis Dump Artifact
	if: ${{ !startsWith(github.ref, 'refs/tags/') }}
	uses: actions/download-artifact@v4
	with:
	name: genesis-dump
	path: /tmp/genesis-dump

	- name: Execute Offline V4 Dump Script
	run: ./scripts/ci/jobs/offline-v4-vuln.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test #6

Workflow file

test #6

Jobs

Run details

Workflow file for this run