From 2237bfc89ef28347af25530ae54ea449b33b26dd Mon Sep 17 00:00:00 2001 From: Muhammad Tahir Nawaz <41270547+muhammad-tahir-nawaz@users.noreply.github.com> Date: Mon, 8 Jun 2026 11:05:13 +0500 Subject: [PATCH] Revert "Merge pull request #22 from wanaware/image-scan" This reverts commit 79d74642d6cd971e4a887c63f3680694d444f743. --- .github/workflows/deployment.yaml | 20 ++------------ .github/workflows/trivy-go-tests.yaml | 39 +++++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml index 9f62b9e..e42cb8f 100644 --- a/.github/workflows/deployment.yaml +++ b/.github/workflows/deployment.yaml @@ -132,34 +132,18 @@ jobs: name: env-file path: ${{ inputs.docker_context }} - - name: Build Docker image + - name: Build and push Docker image if: ${{ inputs.deploy_type != 'release-only' }} id: build uses: docker/build-push-action@v4 with: context: ${{ inputs.docker_context }} file: ${{ inputs.docker_context }}/${{ inputs.dockerfile_path }} - push: false - load: true + push: true tags: ${{ secrets.GCP_REGISTRY }}/${{ secrets.GCP_PROJECT }}/${{ inputs.image_path }}:latest build-args: | GH_ACCESS_TOKEN=${{ secrets.GH_ACCESS_TOKEN }} - - name: Run Trivy vulnerability scanner on image - if: ${{ inputs.deploy_type != 'release-only' }} - uses: aquasecurity/trivy-action@0.35.0 - with: - scan-type: 'image' - image-ref: ${{ secrets.GCP_REGISTRY }}/${{ secrets.GCP_PROJECT }}/${{ inputs.image_path }}:latest - ignore-unfixed: true - format: 'table' - severity: 'CRITICAL,HIGH' - exit-code: '1' - - - name: Push Docker image - if: ${{ inputs.deploy_type != 'release-only' }} - run: docker push ${{ secrets.GCP_REGISTRY }}/${{ secrets.GCP_PROJECT }}/${{ inputs.image_path }}:latest - # --- GKE deploy --- - name: Get GKE Credentials if: ${{ inputs.deploy_type == 'gke' }} diff --git a/.github/workflows/trivy-go-tests.yaml b/.github/workflows/trivy-go-tests.yaml index f03d9c1..2e28c0f 100644 --- a/.github/workflows/trivy-go-tests.yaml +++ b/.github/workflows/trivy-go-tests.yaml @@ -30,6 +30,7 @@ on: permissions: contents: read + pull-requests: write jobs: trivy-scan-and-test: @@ -69,7 +70,41 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM,LOW' exit-code: '1' - - name: Run Go Unit Tests + - name: Comment Trivy Results on the Pull Request + if: always() + run: | + echo '### Trivy Scan Results' > comment_trivy.md + if [ -s trivy-results.txt ]; then + echo '#### Vulnerabilities Found' >> comment_trivy.md + echo '```' >> comment_trivy.md + cat trivy-results.txt >> comment_trivy.md + echo '```' >> comment_trivy.md + else + echo '#### No vulnerabilities found :white_check_mark:' >> comment_trivy.md + fi + + gh pr comment ${{ github.event.pull_request.number }} --body-file comment_trivy.md + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Run Go Unit Tests and Comment Results if: ${{ inputs.run_go_tests }} working-directory: ${{ inputs.working_directory }} - run: go test -v ${{ inputs.test_path }} + run: | + echo '### Go Unit Test Results' > comment_go_tests.md + echo '| Test Name | Status |' >> comment_go_tests.md + echo '| --------- | ------ |' >> comment_go_tests.md + + # Run Go tests and check for failures in real-time + go test -v ${{ inputs.test_path }} | grep -E '^(--- PASS|--- FAIL)' | sed -E 's/^(--- PASS: )(.*)/\|\2\|Pass\|/; s/^(--- FAIL: )(.*)/\|\2\|Fail\|/' >> comment_go_tests.md + + # Post test results to PR + gh pr comment ${{ github.event.pull_request.number }} --body-file comment_go_tests.md + + # Check for failed tests and exit if any test fails + if go test -v ${{ inputs.test_path }} | grep -q '^--- FAIL'; then + echo "There are failed tests. Failing the job." + exit 1 + fi + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}