CLOUDP-283292. AtlasCustomRole CRDs #5651

Workflow file for this run

.github/workflows/code-health.yml at 065ca22

	---
	name: Code Health
	on:
	push:
	branches:
	- master
	pull_request:
	permissions:
	pull-requests: write # For PR-specific operations
	issues: write # For commenting functionality
	jobs:
	golangci:
	name: lint
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- uses: actions/checkout@v4
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	cache: false # see https://github.com/golangci/golangci-lint-action/issues/807
	- name: golangci-lint
	uses: golangci/[email protected]
	with:
	version: v1.61.0
	unit-tests:
	env:
	COVERAGE: coverage.out
	TEST_CMD: gotestsum --junitfile unit-tests.xml --format standard-verbose --
	UNIT_TAGS: unit
	INTEGRATION_TAGS: integration
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, windows-latest, macos-latest]
	runs-on: ${{ matrix.os }}
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	if: ${{ matrix.os=='ubuntu-latest' }}
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	- run: go install gotest.tools/gotestsum@latest
	- run: make unit-test
	- name: Test Summary
	id: test_summary
	uses: test-summary/[email protected]
	with:
	paths: unit-tests.xml
	if: always() && matrix.os == 'ubuntu-latest'
	- name: Upload coverage file
	if: matrix.os == 'ubuntu-latest' && github.event_name == 'pull_request'
	uses: actions/upload-artifact@v4
	with:
	name: coverage-file
	path: coverage.out

	code-coverage:
	needs: unit-tests
	if: github.event_name == 'pull_request'
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Get merge base
	id: merge_base
	run: \|
	MERGE_BASE=$(git merge-base "${{ github.event.pull_request.head.sha }}" "${{ github.event.pull_request.base.sha }}")
	echo "merge_base=$MERGE_BASE" >> "$GITHUB_OUTPUT"
	echo "Checking coverage against: $MERGE_BASE"
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	- name: Download coverage file
	uses: actions/download-artifact@v4
	with:
	name: coverage-file
	- name: Check coverage cache
	id: cache-coverage
	uses: actions/cache@v4
	with:
	path: coverage.base.out
	key: coverage-${{ steps.merge_base.outputs.merge_base }}
	- name: Generate base coverage
	if: steps.cache-coverage.outputs.cache-hit != 'true'
	run: \|
	# Get coverage from base branch
	git checkout ${{ steps.merge_base.outputs.merge_base }}
	COVERAGE=coverage.base.out make unit-test
	- name: Save coverage to cache
	if: steps.cache-coverage.outputs.cache-hit != 'true'
	uses: actions/cache/save@v4
	with:
	path: coverage.base.out
	key: coverage-${{ steps.merge_base.outputs.merge_base }}
	- name: Compare coverage
	id: compare
	env:
	BASE_REF: ${{ github.base_ref }}
	HEAD_REF: ${{ github.head_ref }}
	run: \|
	# use go tool cover to calculate coverage percentage
	base_coverage=$(go tool cover -func=coverage.base.out \| grep total: \| awk '{print $3}' \| sed 's/%//')
	pr_coverage=$(go tool cover -func=coverage.out \| grep total: \| awk '{print $3}' \| sed 's/%//')

	# Calculate difference
	diff=$(echo "$pr_coverage - $base_coverage" \| bc)
	echo "diff=$diff" >> "$GITHUB_OUTPUT"

	# Create comment content
	if (( $(echo "$diff >= 0" \| bc -l) )); then
	trend="📈"
	else
	trend="📉"
	fi

	{
	echo "Coverage Report $trend"
	echo "\| Branch \| Commit \| Coverage \|"
	echo "\|--------\|--------\|----------\|"
	echo "\| ${BASE_REF} \| ${{ steps.merge_base.outputs.merge_base }} \| ${base_coverage}% \|"
	echo "\| ${HEAD_REF} \| ${{ github.event.pull_request.head.sha }} \| ${pr_coverage}% \|"
	echo "\| \| Difference \| ${diff}% \|"
	} > comment.md
	cat "comment.md" >> "$GITHUB_STEP_SUMMARY"
	- name: set Apix Bot token
	id: app-token
	uses: mongodb/apix-action/token@v4
	with:
	app-id: ${{ secrets.APIXBOT_APP_ID }}
	private-key: ${{ secrets.APIXBOT_APP_PEM }}
	- name: Comment PR
	uses: marocchino/[email protected]
	with:
	GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
	recreate: true
	path: comment.md
	- name: Check coverage threshold
	run: \|
	if (( $(echo "${{ steps.compare.outputs.diff }} < 0" \| bc -l) )); then
	echo "Error: Coverage difference (${{ steps.compare.outputs.diff }}%) is negative"
	fi

	fuzz-tests:
	env:
	COVERAGE: coverage.out
	TEST_CMD: gotestsum --format standard-verbose --
	UNIT_TAGS: unit
	INTEGRATION_TAGS: integration
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	- run: go install gotest.tools/gotestsum@latest
	- run: make fuzz-normalizer-test
	libraryOwners:
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	- name: Run check-library-owners
	run: make check-library-owners
	docs:
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	- name: Generate docs
	run: make gen-docs > /dev/null
	- name: Check for uncommitted files
	run: \|
	export FILES=
	FILES=$(git ls-files -o -m --directory --exclude-standard --no-empty-directory)
	export LINES=
	LINES=$(echo "$FILES" \| awk 'NF' \| wc -l)
	if [ "$LINES" -ne 0 ]; then
	echo "Detected files that need to be committed:"
	echo "${FILES//^/ }"
	echo ""
	echo "Try running: make gen-docs"
	exit 1
	fi
	actionlint:
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- uses: actions/checkout@v4
	- name: Download actionlint
	id: get_actionlint
	run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
	shell: bash
	- name: Check workflow files
	run: \|
	echo "::add-matcher::.github/actionlint-matcher.json"
	${{ steps.get_actionlint.outputs.executable }} -color
	shell: bash
	mocks:
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	- name: Install go-mock
	run: go install github.com/golang/mock/mockgen@latest
	- name: Generate mocks
	run: make gen-mocks
	- name: Check for uncommitted files
	run: \|
	export FILES=
	FILES=$(git ls-files -o -m --directory --exclude-standard --no-empty-directory)
	export LINES=
	LINES=$(echo "$FILES" \| awk 'NF' \| wc -l)
	if [ "$LINES" -ne 0 ]; then
	echo "Detected files that need to be committed:"
	echo "${FILES//^/ }"
	echo ""
	echo "Try running: make gen-mocks"
	exit 1
	fi
	shellcheck:
	name: shellcheck
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- uses: actions/checkout@v4
	- name: Run ShellCheck
	uses: bewuethr/shellcheck-action@v2
	tidy:
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	- name: Run 'go mod tidy'
	run: go mod tidy
	- name: Check for uncommitted files
	run: \|
	export FILES=
	FILES=$(git ls-files -o -m --directory --exclude-standard --no-empty-directory)
	export LINES=
	LINES=$(echo "$FILES" \| awk 'NF' \| wc -l)
	if [ "$LINES" -ne 0 ]; then
	echo "Detected files that need to be committed:"
	echo "${FILES//^/ }"
	echo ""
	echo "Try running: go mod tidy"
	exit 1
	fi
	licensecheck:
	name: licensecheck
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- uses: actions/checkout@v4
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	- run: make devtools
	- run: ./build/ci/check-licenses.sh
	checktemplates:
	name: checktemplates
	runs-on: ubuntu-latest
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- uses: actions/checkout@v4
	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	- run: make check-templates
	verify_image:
	name: Build docker image
	runs-on: ubuntu-latest
	env:
	DOCKER_CLI_EXPERIMENTAL: enabled
	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}
	- name: Check out the repo
	uses: actions/checkout@v4
	- name: Linting
	uses: hadolint/[email protected]
	with:
	dockerfile: Dockerfile
	- name: Enable containerd image store
	uses: crazy-max/[email protected]
	with:
	version: v24.0.6
	daemon-config: \|
	{
	"features": {
	"containerd-snapshotter": true
	}
	}
	- name: Set up Docker Buildx
	uses: docker/[email protected]
	- name: Build image to dockerhub staging registry
	uses: docker/[email protected]
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	tags: mongodb/atlas:test
	file: Dockerfile

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CLOUDP-283292. AtlasCustomRole CRDs #5651

Workflow file

CLOUDP-283292. AtlasCustomRole CRDs #5651

Jobs

Run details

Workflow file for this run