-
Notifications
You must be signed in to change notification settings - Fork 0
159 lines (153 loc) · 6.23 KB
/
lint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: (all packages) Lints
on:
push:
branches:
- main
pull_request:
jobs:
pre-commit:
name: Pre-commit checks
runs-on: ubuntu-latest
steps:
- name: Checkout the Repo
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0 # needed for pre-commit to work correctly
- name: Install Nix
uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Run pre-commit checks
run: |
nix develop -c sh -c "pre-commit run --hook-stage pre-commit --show-diff-on-failure --color=always"
tools:
name: Get tool-versions
runs-on: ubuntu-latest
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Parse tool-versions file
uses: goplugin/tool-versions-to-env-action@aabd5efbaf28005284e846c5cf3a02f2cba2f4c2 # v1.0.8
id: tool-versions
outputs:
golangci-lint-version: ${{ steps.tool-versions.outputs.golangci-lint_version }}
golangci:
name: Linting-${{ matrix.project.name }}
runs-on: ubuntu-latest
needs: [tools]
strategy:
fail-fast: false
matrix:
project:
- name: lib
path: ./lib/
- name: gotestloghelper
path: ./tools/gotestloghelper/
- name: k8s-test-runner
path: ./k8s-test-runner/
- name: testlistgenerator
path: ./tools/testlistgenerator/
- name: ecrimagefetcher
path: ./tools/ecrimagefetcher/
- name: ghlatestreleasechecker
path: ./tools/ghlatestreleasechecker/
- name: asciitable
path: ./tools/asciitable/
- name: workflowresultparser
path: ./tools/workflowresultparser/
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Go
uses: goplugin/plugin-github-actions/plugin-testing-framework/setup-go@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
with:
test_download_vendor_packages_command: cd ${{ matrix.project.path }} && go mod download
go_mod_path: ${{ matrix.project.path }}go.mod
cache_key_id: ctf-go-${{ matrix.project.name }}
cache_restore_only: 'false'
- name: golangci-lint ${{ needs.tools.outputs.golangci-lint-version }}
uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc # v5.1.0
with:
version: v${{ needs.tools.outputs.golangci-lint-version }}
args: --out-format checkstyle:golangci-lint-report.xml
skip-cache: true
working-directory: ${{ matrix.project.path }}
- name: Print lint report artifact
if: always()
run: test -f ${{ matrix.project.path }}golangci-lint-report.xml || true
- name: Store lint report artifact
if: always()
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: golangci-lint-report-${{ matrix.project.name }}
path: ${{ matrix.project.path }}golangci-lint-report.xml
vulnerabilities-check:
name: Check for Vulnerabilities
runs-on: ubuntu-latest
needs: [tools]
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Go
uses: goplugin/plugin-github-actions/plugin-testing-framework/setup-go@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
with:
test_download_vendor_packages_command: cd lib && go mod download
go_mod_path: ./lib/go.mod
cache_key_id: ctf-go
cache_restore_only: 'false'
- name: Write Go List
working-directory: lib
run: go list -json -deps ./... > ../go.list
- name: Nancy
uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3
asdf-install:
name: Install ASDF Dependencies
runs-on: ubuntu-latest
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install asdf dependencies
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3.0.2
helmlint:
name: Lint Helm Charts
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
# Without this parameter, the merged commit that CI produces will make it so that ct will
# not detect a diff even if one exists
fetch-depth: 0
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Add helm chart repo
run: helm repo add plugin-qa https://raw.githubusercontent.com/goplugin/qa-charts/gh-pages/
- name: Run chart-testing (lint)
run: ct lint --config ${{ github.workspace }}/.github/configs/ct.yaml
actionlint:
name: Validate GitHub Action Workflows
runs-on: ubuntu-latest
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Run actionlint
uses: reviewdog/action-actionlint@9d8b58041eed1373f173e91b9a3db5a844197236 # v1.44.0
sonarqube:
name: SonarQube Analysis
needs: [golangci]
runs-on: ubuntu-latest
steps:
- name: Checkout the repo
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0 # fetches all history for all tags and branches to provide more metadata for sonar reports
- name: Download all workflow run artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0 # v2.0.2
with:
args: >
-Dsonar.go.golangci-lint.reportPaths=golangci-lint-report/golangci-lint-report.xml
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}