Build

Merge pull request #58 from raft-tech/dependabot/go_modules/ginkgo-6d… #77

	name: Build

	permissions: { }

	on:
	push:
	branches: ['develop']
	pull_request:
	branches: ['develop']
	types:
	- opened
	- ready_for_review
	- reopened
	- synchronize
	paths-ignore:
	- '.github/**'
	- 'charts/**'
	- 'LICENSE'
	- 'README.md'

	jobs:

	Test:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Set up Go
	uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
	with:
	go-version: stable
	- name: Install Dependencies
	run: go mod download
	- name: Test
	run: make test

	Build:
	needs: ['Test']
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	env:
	VERSION: latest
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Set up Go
	uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
	with:
	go-version: stable
	- name: Install Dependencies
	run: go mod download
	- name: Build
	run: make image
	- name: Scan with Trivy
	uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
	with:
	scan-type: 'image'
	scanners: 'vuln'
	image-ref: 'ghcr.io/raft-tech/konfirm/inspections:${{ env.VERSION }}'
	ignore-unfixed: 'true'
	limit-severities-for-sarif: true
	output: 'trivy-results.sarif'
	format: 'sarif'
	severity: 'MEDIUM,HIGH,CRITICAL'
	vuln-type: 'os,library'
	- name: Upload scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback