Update Workflow #19
Update Workflow #19
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
There was a problem hiding this comment.
Pull Request Overview
This PR consolidates multiple GitHub Actions workflows into a single comprehensive CI pipeline. The change removes four separate workflow files (test, linter, vulncheck, and build) and replaces them with a unified ci.yml workflow that handles all CI/CD operations.
- Consolidates linting, testing, vulnerability checking, and Docker image building into one workflow
- Updates Go version from 1.21.2/1.24.2 to 1.25 and standardizes action versions
- Adds security scanning with Trivy and enhanced Docker image metadata handling
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/ci.yml | New unified CI workflow with testing, linting, vulnerability checks, and Docker build/push |
| .github/workflows/test.yml | Removed standalone test workflow |
| .github/workflows/linter.yml | Removed standalone linter workflow |
| .github/workflows/vulncheck.yml | Removed standalone vulnerability check workflow |
| .github/workflows/build.yml | Removed standalone Docker build workflow |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| type=raw,value=develop,enable=${{ github.ref == 'refs/heads/develop' }} | ||
| type=semver,pattern={{version}} | ||
| type=semver,pattern={{major}}.{{minor}} | ||
| type=raw,value=1.0.0 |
There was a problem hiding this comment.
Hardcoded version tag '1.0.0' should be removed from the metadata action as it will create the same tag regardless of the actual version being released. This conflicts with the semver patterns above and could cause confusion.
| type=raw,value=1.0.0 |
Copilot uses AI. Check for mistakes.
| - name: Scan Image with Trivy | ||
| uses: aquasecurity/trivy-action@master | ||
| with: | ||
| image-ref: ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:develop |
There was a problem hiding this comment.
The Trivy scan is hardcoded to scan the 'develop' tag, but this job runs for main branch and tags as well. This should use the actual image tag that was built, such as referencing the metadata outputs from the previous step.
| image-ref: ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:develop | |
| image-ref: ${{ steps.meta.outputs.tags }} |
Copilot uses AI. Check for mistakes.
Update workfow github action