Upgrade golang.org/x/net to v0.31.0 and update Github action

Signed-off-by: David Alima <davida@armosec.io>
armosec · Jan 23, 2025 · 989ac70 · 989ac70
1 parent b03bcf0
commit 989ac70
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 31 deletions.
diff --git a/.github/workflows/docker-build-scan.yml b/.github/workflows/docker-build-scan.yml
@@ -10,57 +10,66 @@ on:
       - "poc-prerequisite/kubescape-sizing-checker/go.sum"
   workflow_dispatch:
 
-
 jobs:
   build-and-scan:
     runs-on: ubuntu-latest
     steps:
+      # 1) Build a local image for scanning
+
       - name: Check out repository
         uses: actions/checkout@v3
 
-      - name: Log in to Quay.io
-        uses: docker/login-action@v2
+      - name: Build local image for scanning
+        run: |
+          docker build \
+            -t local/kubescape-sizing-checker:latest \
+            ./poc-prerequisite/kubescape-sizing-checker
+
+      # 2) Run Kubescape scan on local image and upload results
+
+      - name: Install Kubescape
+        run: |
+          curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
+
+      - name: Run Kubescape to scan local image
+        run: |
+          $HOME/.kubescape/bin/kubescape scan image local/kubescape-sizing-checker:latest \
+            --severity-threshold high \
+            --format sarif \
+            --output results-image.sarif
+
+      - name: Upload image scan results to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
         with:
-          registry: quay.io
-          username: ${{ secrets.QUAY_ROBOT_ACCOUNT_NAME }}
-          password: ${{ secrets.QUAY_ROBOT_ACCOUNT_PASSWORD }}
+          sarif_file: results-image.sarif
+          category: image-scan
+
+      # 3) Build and push multi-platform images
 
       - name: Set up QEMU (for multi-platform support)
         uses: docker/setup-qemu-action@v2
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
+      - name: Log in to Quay.io
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_ROBOT_ACCOUNT_NAME }}
+          password: ${{ secrets.QUAY_ROBOT_ACCOUNT_PASSWORD }}
+
       - name: Build and push multi-platform Docker image
-        id: build-image
         run: |
-          # Generate a short commit SHA for a unique tag
           SHORT_SHA="${GITHUB_SHA:0:7}"
 
-          # Create and use a new buildx builder (if needed)
-          docker buildx create --use
+          # Create and use a new buildx builder
+          docker buildx create --use || true
 
           # Build and push multi-architecture images
           docker buildx build \
             --platform linux/amd64,linux/arm64 \
             -t quay.io/danvid/kubescape-sizing-checker:latest \
             -t quay.io/danvid/kubescape-sizing-checker:${SHORT_SHA} \
             --push \
-            ./poc-prerequisite/kubescape-sizing-checker
-
-      - name: Install Kubescape
-        run: |
-          curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
-
-      - name: Run Kubescape to scan image
-        run: |
-          $HOME/.kubescape/bin/kubescape scan image quay.io/danvid/kubescape-sizing-checker:latest \
-            --severity-threshold high \
-            --format sarif \
-            --output results-image.sarif
-
-      - name: Upload image scan results to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: results-image.sarif
-          category: image-scan
+            ./poc-prerequisite/kubescape-sizing-checker
diff --git a/poc-prerequisite/kubescape-sizing-checker/go.mod b/poc-prerequisite/kubescape-sizing-checker/go.mod
@@ -33,7 +33,7 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/net v0.31.0 // indirect
 	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/term v0.27.0 // indirect

diff --git a/poc-prerequisite/kubescape-sizing-checker/go.sum b/poc-prerequisite/kubescape-sizing-checker/go.sum
@@ -92,8 +92,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
 golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
 golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=