forked from openkruise/kruise
-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (123 loc) · 4.1 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: CI
on:
push:
branches:
- master
- release-*
pull_request: {}
workflow_dispatch: {}
env:
# Common versions
GO_VERSION: '1.19'
GOLANGCI_VERSION: 'v1.51'
DOCKER_BUILDX_VERSION: 'v0.4.2'
# Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
# a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
# credentials have been provided before trying to run steps that need them.
DOCKER_USR: ${{ secrets.DOCKER_USR }}
AWS_USR: ${{ secrets.AWS_USR }}
jobs:
typos-check:
name: Spell Check with Typos
runs-on: ubuntu-20.04
steps:
- name: Checkout Actions Repository
uses: actions/checkout@v3
- name: Check spelling with custom config file
uses: crate-ci/typos@v1.13.10
with:
config: ./typos.toml
golangci-lint:
runs-on: ubuntu-20.04
steps:
- name: Checkout Code
uses: actions/checkout@v3
with:
submodules: true
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go Dependencies
uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-
- name: Code generate
run: |
make generate
- name: Lint golang code
uses: golangci/golangci-lint-action@v3.5.0
with:
version: ${{ env.GOLANGCI_VERSION }}
args: --verbose
skip-pkg-cache: true
mod: readonly
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
markdownlint-misspell-shellcheck:
runs-on: ubuntu-20.04
# this image is build from Dockerfile
# https://github.com/pouchcontainer/pouchlinter/blob/master/Dockerfile
container: pouchcontainer/pouchlinter:v0.1.2
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run misspell
run: find ./* -name "*" | grep -v vendor | xargs misspell -error
- name: Run shellcheck
run: find ./ -name "*.sh" | grep -v vendor | xargs shellcheck
- name: Lint markdown files
run: find ./ -name "*.md" | grep -v vendor | grep -v commandline | grep -v .github | grep -v swagger | grep -v api | xargs mdl -r ~MD010,~MD013,~MD014,~MD022,~MD024,~MD029,~MD031,~MD032,~MD033,~MD036
# - name: Check markdown links
# run: |
# set +e
# for name in $(find . -name \*.md | grep -v vendor | grep -v CHANGELOG); do
# if [ -f $name ]; then
# markdown-link-check -q $name -c .github/workflows/markdown-link-check.config.json;
# if [ $? -ne 0 ]; then
# code=1
# fi
# fi
# done
# bash -c "exit $code";
unit-tests:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Fetch History
run: git fetch --prune --unshallow
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go Dependencies
uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-
- name: Run Unit Tests
run: |
make test
git status
- name: Publish Unit Test Coverage
uses: codecov/codecov-action@v3
with:
flags: unittests
file: cover.out
- name: Check diff
run: '[[ -z $(git status -s) ]] || (printf "Existing modified/untracked files.\nPlease run \"make generate manifests\" and push again.\n"; exit 1)'