fix(#2571): add support for searching by cip-129 identifiers #640
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint,Test,Security Checks | |
on: | |
pull_request: | |
branches: | |
- develop | |
- test | |
- staging | |
- main | |
permissions: | |
contents: read | |
pull-requests: write | |
packages: write | |
jobs: | |
static-checks: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- workdir: ./govtool/backend | |
name: govtool-backend | |
dockerfile: ./govtool/backend/Dockerfile.qovery | |
image: ghcr.io/${{ github.repository }}-govtool-backend | |
qovery_container_name: govtool-backend | |
- workdir: ./govtool/frontend | |
name: govtool-frontend | |
dockerfile: ./govtool/frontend/Dockerfile.qovery | |
image: ghcr.io/${{ github.repository }}-govtool-frontend | |
qovery_container_name: govtool-frontend | |
- workdir: ./govtool/metadata-validation | |
name: govtool-metadata-validation | |
dockerfile: ./govtool/metadata-validation/Dockerfile | |
image: ghcr.io/${{ github.repository }}-govtool-metadata-validation | |
qovery_container_name: govtool-metadata-validation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Lint Dockerfile | |
id: hadolint | |
uses: hadolint/[email protected] | |
with: | |
failure-threshold: error | |
format: json | |
dockerfile: ${{ matrix.dockerfile }} | |
# output-file: hadolint_output.json | |
- name: Save Hadolint output | |
id: save_hadolint_output | |
if: always() | |
run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json | |
- name: Print Dockerfile lint output | |
run: | | |
cd ${{ matrix.workdir }} | |
echo "-----HADOLINT RESULT-----" | |
echo "Outcome: ${{ steps.hadolint.outcome }}" | |
echo "-----DETAILS--------" | |
cat hadolint_output.json | |
echo "--------------------" | |
- name: Code lint | |
id: code_lint | |
run: | | |
cd ${{ matrix.workdir }} | |
if [ ! -f lint.sh ]; then | |
echo "lint skipped" | tee code_lint_output.txt | |
exit 0 | |
fi | |
set -o pipefail | |
sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt | |
- name: Unit tests | |
id: unit_tests | |
run: | | |
cd ${{ matrix.workdir }} | |
if [ ! -f unit-test.sh ]; then | |
echo "unit tests skipped" | tee code_lint_output.txt | |
exit 0 | |
fi | |
set -o pipefail | |
sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- id: image_lowercase | |
uses: ASzc/change-string-case-action@v6 | |
with: | |
string: ${{ matrix.image }}:${{ github.sha }} | |
- name: Build Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: ${{ matrix.workdir }} | |
file: ${{ matrix.dockerfile }} | |
tags: ${{ steps.image_lowercase.outputs.lowercase }} | |
load: false | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar | |
build-args: | | |
VITE_APP_ENV=${{ secrets.VITE_APP_ENV }} | |
VITE_BASE_URL=${{ secrets.VITE_BASE_URL }} | |
VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }} | |
VITE_GTM_ID=${{ secrets.VITE_GTM_ID }} | |
VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }} | |
VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }} | |
NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }} | |
VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }} | |
VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }} | |
VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }} | |
- name: Scan Docker image with Dockle | |
id: dockle | |
run: | | |
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz | |
tar zxf dockle_0.4.14_Linux-64bit.tar.gz | |
sudo mv dockle /usr/local/bin | |
dockle --exit-code 1 --exit-level fatal -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --format json --input '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json | |
rm -rf '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar' | |
cat ${{ matrix.workdir }}/dockle_scan_output.json | |
echo "outcome=success" >> $GITHUB_OUTPUT | |
- name: Create PR comment | |
if: always() | |
uses: actions/github-script@v6 | |
env: | |
HADOLINT_RESULT: ${{ steps.hadolint.outcome }} | |
CODE_LINT_RESULT: ${{ steps.code_lint.outcome }} | |
UNIT_TEST_RESULT: ${{ steps.unit_tests.outcome }} | |
DOCKLE_RESULT: ${{ steps.dockle.outcome }} | |
with: | |
script: | | |
const fs = require('fs'); | |
const hadolintResult = fs.existsSync('${{ matrix.workdir }}/hadolint_output.json') ? fs.readFileSync('${{ matrix.workdir }}/hadolint_output.json', 'utf8') : 'No output'; | |
const codeLintResult = fs.existsSync('${{ matrix.workdir }}/code_lint_output.txt') ? fs.readFileSync('${{ matrix.workdir }}/code_lint_output.txt', 'utf8') : 'No output'; | |
const unitTestResult = fs.existsSync('${{ matrix.workdir }}/unit_test_output.txt') ? fs.readFileSync('${{ matrix.workdir }}/unit_test_output.txt', 'utf8') : 'No output'; | |
const dockleScanResult = fs.existsSync('${{ matrix.workdir }}/dockle_scan_output.json') ? fs.readFileSync('${{ matrix.workdir }}/dockle_scan_output.json', 'utf8') : 'No output'; | |
let commentBody = ''; | |
if (process.env.HADOLINT_RESULT !== 'success') { | |
commentBody = ` | |
:x: Dockerfile Lint (Hadolint) failed | |
\`\`\`json | |
${hadolintResult} | |
\`\`\` | |
`; | |
} else if (process.env.CODE_LINT_RESULT !== 'success') { | |
commentBody = ` | |
:x: Code Lint failed | |
\`\`\` | |
${codeLintResult} | |
\`\`\` | |
`; | |
} else if (process.env.UNIT_TEST_RESULT !== 'success') { | |
commentBody = ` | |
:x: Unit Tests failed | |
\`\`\` | |
${unitTestResult} | |
\`\`\` | |
`; | |
} else if (process.env.DOCKLE_RESULT !== 'success') { | |
commentBody = ` | |
:x: Docker Image Scan (Dockle) failed | |
\`\`\`json | |
${dockleScanResult} | |
\`\`\` | |
`; | |
} else { | |
commentBody = ':white_check_mark: All checks succeeded'; | |
} | |
const { owner, repo } = context.repo; | |
const issue_number = context.issue.number; | |
await github.rest.issues.createComment({ | |
owner, | |
repo, | |
issue_number, | |
body: commentBody | |
}); |