Skip to content

PR Validation

PR Validation #2409

Workflow file for this run

permissions:
contents: read
name: PR Validation
on:
pull_request:
merge_group:
jobs:
file-checks:
runs-on: ubuntu-latest
steps:
- name: Clone the code
uses: actions/checkout@v4 #v3.2.0
- name: reviewdog
uses: reviewdog/action-setup@3f401fe1d58fe77e10d665ab713057375e39b887 # v1.3.0
with:
reviewdog_version: latest
- name: Trailing Whitespace
shell: bash
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
run: |
set -e
pushd "${GITHUB_WORKSPACE}/" || exit 1
echo '::group:: Flagging trailing whitespace with reviewdog 🐶 ...'
# Don't fail because of grep
set +o pipefail
# Exclude generated and vendored files, plus some legacy
# paths until we update all .gitattributes
git ls-files |
git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 |
git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 |
git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 |
grep -Ev '^(vendor/|third_party/|LICENSES/|.git|bundle/|embeds/grafonnet-lib/)' |
grep -v api.md |
xargs grep -nE " +$" |
reviewdog -efm="%f:%l:%m" \
-name="trailing whitespace" \
-reporter="github-pr-check" \
-filter-mode="added" \
-fail-on-error="true" \
-level="error"
echo '::endgroup::'
popd
- name: EOF newline
shell: bash
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
run: |
set -e
pushd "${GITHUB_WORKSPACE}/" || exit 1
git status
echo '::group:: Flagging missing EOF newlines with reviewdog 🐶 ...'
# Don't fail because of misspell
set +o pipefail
# Lint exclude rule:
# - nothing in vendor/
# - nothing in third_party
# - nothing in .git/
# - no *.ai (Adobe Illustrator) files.
LINT_FILES=$(git ls-files |
git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 |
git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 |
git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 |
grep -Ev '^(vendor/|third_party/|LICENSES/|.git|embeds/grafonnet-lib/)' |
grep -v '\.ai$' |
grep -v '\.svg$')
for x in $LINT_FILES; do
# Based on https://stackoverflow.com/questions/34943632/linux-check-if-there-is-an-empty-line-at-the-end-of-a-file
if [[ -f $x && ! ( -s "$x" && -z "$(tail -c 1 $x)" ) ]]; then
# We add 1 to `wc -l` here because of this limitation (from the man page):
# Characters beyond the final <newline> character will not be included in the line count.
echo $x:$((1 + $(wc -l $x | tr -s ' ' | cut -d' ' -f 1))): Missing newline
fi
done |
reviewdog -efm="%f:%l: %m" \
-name="EOF Newline" \
-reporter="github-pr-check" \
-filter-mode="added" \
-fail-on-error="true" \
-level="error"
echo '::endgroup::'
popd
go-lint:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v4 #v3.2.0
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: golangci-lint
uses: golangci/[email protected]
with:
version: "v1.57.2"
- name: Verify golangci-lint config
run: |
golangci-lint config verify
test:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v4 #v3.2.0
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Run test
run: |
make test
- name: Check if working tree is dirty
run: |
if [[ $(git status --porcelain) ]]; then
git diff
echo '::error::run make test and commit changes'
exit 1
fi
helm:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v4 #v3.2.0
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Run helm-template
run: |
helm template deploy/helm/grafana-operator/
- name: Run helm-lint
run: |
helm lint deploy/helm/grafana-operator/
- name: Run helm-docs
run: |
make helm/docs
- name: Check if working tree is dirty
run: |
if [[ $(git status --porcelain) ]]; then
git diff
echo '::error::run make helm/docs and commit changes'
exit 1
fi
kustomize:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v4 #v3.2.0
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Install kustomize
run: |
make kustomize
- name: Check if overlays can be successfully built
run: |
for d in deploy/kustomize/overlays/*/ ; do
kustomize build "$d" --load-restrictor LoadRestrictionsNone > /dev/null
done
trivy:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v4 #v3.2.0
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
scan-ref: "."
format: "table"
exit-code: "1"
ignore-unfixed: true
severity: "CRITICAL,HIGH"