Add GAS folder to golangci lint and Trivy scans

This PR will also: - update Trivy scans to look only for HIGH & CRITICAL issues Signed-off-by: Madalina Lazar <[email protected]>
intel · Aug 11, 2023 · e72fc46 · e72fc46
1 parent 85aa651
commit e72fc46
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 9 deletions.
diff --git a/.github/workflows/static-analysis.yaml b/.github/workflows/static-analysis.yaml
@@ -83,7 +83,7 @@ jobs:
     runs-on: ${{ inputs.runsOn }}
     strategy:
       matrix:
-        workingdir: [extender, telemetry-aware-scheduling]
+        workingdir: [extender, telemetry-aware-scheduling, gpu-aware-scheduling]
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3

diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ${{ inputs.runsOn }}
     strategy:
       matrix:
-        workingdir: [extender, telemetry-aware-scheduling]
+        workingdir: [extender, telemetry-aware-scheduling, gpu-aware-scheduling]
     name: vulnerability-scanners
     steps:
       - name: Checkout project
@@ -36,15 +36,25 @@ jobs:
       - name: trivy config $DIR
         run: |
           cd ./${{ matrix.workingdir }}
-          echo "Running trivy config for ${{ matrix.workingdir }} "
-          trivy config ./
-          output=$(trivy config ./)
-          if echo "$output" | grep -E "CRITICAL|HIGH"; then
-            echo "::warning::severities CRITICAL and HIGH found in ${{ matrix.workingdir }}"
-            return 1
+          echo "Running trivy config for ${{ matrix.workingdir }}, looking for CRITICAL or HIGH severity items..."
+          trivy config ./ --severity=CRITICAL
+          output=$(trivy config ./ --severity=CRITICAL)
+          if [ -n "${output}" ]; then
+            echo "::warning::severities CRITICAL issues spotted by Trivy in ${{ matrix.workingdir }}"
+            exit 1
           else
-            echo "trivy config ./ ran successfully"
+            echo "trivy config ./ --severity=CRITICAL ran successfully"
           fi
+          # look for HIGH severity issues
+          trivy config ./ --severity=HIGH
+          output=$(trivy config ./ --severity=HIGH)
+          if [ -n "${output}" ]; then
+            echo "::warning::severities HIGH issues spotted by Trivy in ${{ matrix.workingdir }}"
+            exit 1
+          else
+            echo "trivy config ./ --severity=HIGH ran successfully"
+          fi
+
           cd ..
         shell: bash     
       - name: trivy fs --all packages