Skip to content
Tests

Enable renovate bot, CodeQL and tweak dependabot #486

Sign in to view logs

Enable renovate bot, CodeQL and tweak dependabot

Enable renovate bot, CodeQL and tweak dependabot #486

Workflow file for this run

.github/workflows/tests.yml at 8b6c4a9
name: Tests
on:
push:
branches:
- main
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
code-tests:
name: Code tests
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v4
if: github.event_name == 'pull_request'
- name: Check compatibility with min Go version (${{ matrix.go }})
if: matrix.go == '1.22.x'
run: |
set -eux
go mod tidy -go=1.22.0
- id: ShellCheck
name: Differential ShellCheck
uses: redhat-plumbers-in-action/differential-shellcheck@v5
with:
token: ${{ secrets.GITHUB_TOKEN }}
if: github.event_name == 'pull_request'
- name: Upload artifact with ShellCheck defects in SARIF format
uses: actions/upload-artifact@v4
with:
name: Differential ShellCheck SARIF
path: ${{ steps.ShellCheck.outputs.sarif }}
if: github.event_name == 'pull_request'
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.22.x
- name: Install dependencies
run: |
sudo add-apt-repository ppa:dqlite/dev -y --no-update
sudo apt-get update
sudo apt-get install --no-install-recommends -y libdqlite-dev pkg-config
- name: Build
working-directory: microcloud
run: make
- name: Run static analysis
working-directory: microcloud
run: make check-static
- name: Unit tests
working-directory: microcloud
run: make check-unit
documentation-checks:
uses: canonical/documentation-workflows/.github/workflows/documentation-checks.yaml@main
with:
working-directory: './doc'
snap:
name: Trigger snap edge build
runs-on: ubuntu-22.04
needs: [code-tests, documentation-checks]
if: ${{ github.repository == 'canonical/microcloud' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Launchpad SSH access
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}
run: |
set -eux
mkdir -m 0700 -p ~/.ssh/
ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null
ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}"
ssh-add -L > ~/.ssh/id_ed25519.pub
# In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security
# so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints
ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts
ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo'
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.22.x
- name: Trigger Launchpad snap build
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
TARGET: >-
${{ fromJson('{
"main": "latest-edge",
"stable-5.0": "5.0-edge",
}')[github.ref_name] }}
run: |
set -eux
git config --global transfer.fsckobjects true
git config --global user.name "Canonical LXD Bot"
git config --global user.email "[email protected]"
git config --global commit.gpgsign true
git config --global gpg.format "ssh"
git config --global user.signingkey ~/.ssh/id_ed25519.pub
localRev="$(git rev-parse HEAD)"
GOPROXY=direct go install github.com/canonical/lxd-ci/lxd-snapcraft@latest
git clone -b "${TARGET}" git+ssh://[email protected]/~canonical-lxd/microcloud ~/microcloud-pkg-snap-lp
cd ~/microcloud-pkg-snap-lp
lxd-snapcraft -package microcloud -set-version "git-${localRev:0:7}" -set-source-commit "${localRev}"
git add --all
git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}"
git show
git push --quiet