prepare v5.4.2 #1508
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
permissions: | |
contents: read | |
name: PR Validation | |
on: pull_request | |
jobs: | |
file-checks: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone the code | |
uses: actions/checkout@v4 #v3.2.0 | |
- name: reviewdog | |
uses: reviewdog/action-setup@80a06617492b461a66508e2dedf16233f0506804 # v1.0.6 | |
with: | |
reviewdog_version: latest | |
- name: Trailing Whitespace | |
shell: bash | |
env: | |
REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} | |
run: | | |
set -e | |
pushd "${GITHUB_WORKSPACE}/" || exit 1 | |
echo '::group:: Flagging trailing whitespace with reviewdog 🐶 ...' | |
# Don't fail because of grep | |
set +o pipefail | |
# Exclude generated and vendored files, plus some legacy | |
# paths until we update all .gitattributes | |
git ls-files | | |
git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | | |
git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | | |
git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 | | |
grep -Ev '^(vendor/|third_party/|LICENSES/|.git|bundle/|embeds/grafonnet-lib/)' | | |
grep -v api.md | | |
xargs grep -nE " +$" | | |
reviewdog -efm="%f:%l:%m" \ | |
-name="trailing whitespace" \ | |
-reporter="github-pr-check" \ | |
-filter-mode="added" \ | |
-fail-on-error="true" \ | |
-level="error" | |
echo '::endgroup::' | |
popd | |
- name: EOF newline | |
shell: bash | |
env: | |
REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} | |
run: | | |
set -e | |
pushd "${GITHUB_WORKSPACE}/" || exit 1 | |
git status | |
echo '::group:: Flagging missing EOF newlines with reviewdog 🐶 ...' | |
# Don't fail because of misspell | |
set +o pipefail | |
# Lint exclude rule: | |
# - nothing in vendor/ | |
# - nothing in third_party | |
# - nothing in .git/ | |
# - no *.ai (Adobe Illustrator) files. | |
LINT_FILES=$(git ls-files | | |
git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | | |
git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | | |
git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 | | |
grep -Ev '^(vendor/|third_party/|LICENSES/|.git|embeds/grafonnet-lib/)' | | |
grep -v '\.ai$' | | |
grep -v '\.svg$') | |
for x in $LINT_FILES; do | |
# Based on https://stackoverflow.com/questions/34943632/linux-check-if-there-is-an-empty-line-at-the-end-of-a-file | |
if [[ -f $x && ! ( -s "$x" && -z "$(tail -c 1 $x)" ) ]]; then | |
# We add 1 to `wc -l` here because of this limitation (from the man page): | |
# Characters beyond the final <newline> character will not be included in the line count. | |
echo $x:$((1 + $(wc -l $x | tr -s ' ' | cut -d' ' -f 1))): Missing newline | |
fi | |
done | | |
reviewdog -efm="%f:%l: %m" \ | |
-name="EOF Newline" \ | |
-reporter="github-pr-check" \ | |
-filter-mode="added" \ | |
-fail-on-error="true" \ | |
-level="error" | |
echo '::endgroup::' | |
popd | |
go-lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v4 #v3.2.0 | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: "go.mod" | |
- name: golangci-lint | |
uses: golangci/[email protected] | |
with: | |
version: "v1.51.2" | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v4 #v3.2.0 | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: "go.mod" | |
- name: Run test | |
run: | | |
make test | |
- name: Check if working tree is dirty | |
run: | | |
if [[ $(git status --porcelain) ]]; then | |
git diff | |
echo '::error::run make test and commit changes' | |
exit 1 | |
fi | |
helm: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v4 #v3.2.0 | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: "go.mod" | |
- name: Run helm-docs | |
run: | | |
make helm/docs | |
- name: Check if working tree is dirty | |
run: | | |
if [[ $(git status --porcelain) ]]; then | |
git diff | |
echo '::error::run make helm/docs and commit changes' | |
exit 1 | |
fi | |
kustomize: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v4 #v3.2.0 | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: "go.mod" | |
- name: Run kustomize-crd | |
run: | | |
make kustomize-crd | |
- name: Check if working tree is dirty | |
run: | | |
if [[ $(git status --porcelain) ]]; then | |
git diff | |
echo '::error::run make kustomize-crd or make all and commit changes' | |
exit 1 | |
fi | |
trivy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v4 #v3.2.0 | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: "fs" | |
scan-ref: "." | |
format: "table" | |
exit-code: "1" | |
ignore-unfixed: true | |
severity: "CRITICAL,HIGH" |