-
Notifications
You must be signed in to change notification settings - Fork 768
136 lines (127 loc) · 4.76 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: CI
on:
push:
branches:
- master
- release-*
pull_request: {}
workflow_dispatch: {}
# Declare default permissions as read only.
permissions: read-all
env:
# Common versions
GO_VERSION: '1.20'
GOLANGCI_VERSION: 'v1.55.2'
DOCKER_BUILDX_VERSION: 'v0.4.2'
# Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
# a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
# credentials have been provided before trying to run steps that need them.
DOCKER_USR: ${{ secrets.DOCKER_USR }}
AWS_USR: ${{ secrets.AWS_USR }}
jobs:
typos-check:
name: Spell Check with Typos
runs-on: ubuntu-20.04
steps:
- name: Checkout Actions Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Check spelling with custom config file
uses: crate-ci/typos@b74202f74b4346efdbce7801d187ec57b266bac8 # v1.27.3
with:
config: ./typos.toml
golangci-lint:
runs-on: ubuntu-20.04
permissions:
security-events: write
steps:
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go Dependencies
uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-
- name: Code generate
run: |
make generate
- name: Lint golang code
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: ${{ env.GOLANGCI_VERSION }}
args: --verbose
skip-pkg-cache: true
mod: readonly
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@d2a392a13760cb64cb6bbd31d4bed2a7d9a5298d # master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
with:
sarif_file: 'trivy-results.sarif'
# markdownlint-misspell-shellcheck:
# runs-on: ubuntu-20.04
# # this image is build from Dockerfile
# # https://github.com/pouchcontainer/pouchlinter/blob/master/Dockerfile
# container: pouchcontainer/pouchlinter:v0.1.2
# steps:
# - name: Checkout
# uses: actions/checkout@v3
# - name: Run misspell
# run: find ./* -name "*" | grep -v vendor | xargs misspell -error
# - name: Run shellcheck
# run: find ./ -name "*.sh" | grep -v vendor | xargs shellcheck
# - name: Lint markdown files
# run: find ./ -name "*.md" | grep -v vendor | grep -v commandline | grep -v .github | grep -v swagger | grep -v api | xargs mdl -r ~MD010,~MD013,~MD014,~MD022,~MD024,~MD029,~MD031,~MD032,~MD033,~MD036
# - name: Check markdown links
# run: |
# set +e
# for name in $(find . -name \*.md | grep -v vendor | grep -v CHANGELOG); do
# if [ -f $name ]; then
# markdown-link-check -q $name -c .github/workflows/markdown-link-check.config.json;
# if [ $? -ne 0 ]; then
# code=1
# fi
# fi
# done
# bash -c "exit $code";
unit-tests:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
- name: Fetch History
run: git fetch --prune --unshallow
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go Dependencies
uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-
- name: Run Unit Tests
run: |
make test
git status
- name: Publish Unit Test Coverage
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
with:
flags: unittests
file: cover.out
- name: Check diff
run: '[[ -z $(git status -s) ]] || (printf "Existing modified/untracked files.\nPlease run \"make generate manifests\" and push again.\n"; exit 1)'