support exposure analysis + tests #110
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Style | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| branches: | |
| - master | |
| - release-* | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| env: | |
| ROX_PRODUCT_BRANDING: RHACS_BRANDING | |
| jobs: | |
| check-generated-files: | |
| env: | |
| ARTIFACT_DIR: junit-reports/ | |
| runs-on: ubuntu-latest | |
| container: | |
| image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.4 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: ./.github/actions/job-preamble | |
| with: | |
| gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} | |
| - name: Create artifacts dir | |
| run: mkdir -p "$ARTIFACT_DIR" | |
| - name: Cache Go dependencies | |
| uses: ./.github/actions/cache-go-dependencies | |
| - name: Check Generated | |
| run: scripts/ci/jobs/check-generated.sh | |
| misc-checks: | |
| env: | |
| ARTIFACT_DIR: junit-reports/ | |
| runs-on: ubuntu-latest | |
| container: | |
| image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.4 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: ./.github/actions/job-preamble | |
| with: | |
| gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} | |
| - name: Create artifacts dir | |
| run: mkdir -p "$ARTIFACT_DIR" | |
| - name: Ensure no trailing whitespaces | |
| if: github.event_name == 'pull_request' | |
| # Markdown files aren't checked for trailing whitespaces because it's a valid linebreak there. | |
| run: git diff --check "${{ github.event.pull_request.base.sha }}" ':(exclude)*.md' | |
| - name: Check PR fixes | |
| run: scripts/ci/jobs/check-pr-fixes.sh | |
| - name: Check TODOs | |
| run: scripts/ci/jobs/check-todos.sh | |
| - name: Check Policies | |
| run: scripts/ci/jobs/policy-checks.sh | |
| style-check: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.4 | |
| volumes: | |
| - /usr:/mnt/usr | |
| - /opt:/mnt/opt | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: ./.github/actions/job-preamble | |
| with: | |
| gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} | |
| - name: Free more disk space | |
| shell: bash | |
| run: | | |
| set +e | |
| set -x | |
| df -h | |
| for delete in /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL; do | |
| rm -rf "/mnt${delete:?}" | |
| done | |
| df -h | |
| - name: Cache Go dependencies | |
| uses: ./.github/actions/cache-go-dependencies | |
| - name: Cache UI dependencies | |
| uses: ./.github/actions/cache-ui-dependencies | |
| - name: Cache QA Test dependencies | |
| uses: ./.github/actions/cache-gradle-dependencies | |
| - name: Fetch UI deps | |
| run: make -C ui deps | |
| - name: make style-slim | |
| run: make style-slim | |
| golangci-lint: | |
| timeout-minutes: 240 | |
| runs-on: ubuntu-latest | |
| container: | |
| image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.4 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: ./.github/actions/job-preamble | |
| with: | |
| gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} | |
| - name: Cache Go dependencies | |
| uses: ./.github/actions/cache-go-dependencies | |
| - name: Check Cache golangci-lint | |
| run: make golangci-lint-cache-status | |
| - name: Cache golangci-lint | |
| uses: actions/cache@v4 | |
| with: | |
| path: /github/home/.cache/golangci-lint | |
| key: go-lint-v2-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| go-lint-v2-${{ hashFiles('**/go.sum') }} | |
| go-lint-v2- | |
| - name: Check cache golangci-lint | |
| run: make golangci-lint-cache-status | |
| - name: make golangci-lint | |
| run: make golangci-lint | |
| - name: Check Cache golangci-lint | |
| run: make golangci-lint-cache-status | |
| slack-on-style-failure: | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SLACK_CI_INTEGRATION_TESTING_WEBHOOK: ${{ secrets.SLACK_CI_INTEGRATION_TESTING_WEBHOOK }} | |
| TEST_FAILURES_NOTIFY_WEBHOOK: ${{ secrets.TEST_FAILURES_NOTIFY_WEBHOOK }} | |
| if: | | |
| failure() && ( | |
| github.event_name == 'push' || | |
| contains(github.event.pull_request.labels.*.name, 'ci-test-github-action-slack-messages') | |
| ) | |
| name: Post failure message to Slack | |
| runs-on: ubuntu-latest | |
| needs: | |
| - check-generated-files | |
| - misc-checks | |
| - style-check | |
| - golangci-lint | |
| permissions: | |
| actions: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Slack message | |
| env: | |
| GITHUB_CONTEXT: ${{ toJSON(github) }} | |
| run: | | |
| source scripts/ci/lib.sh | |
| slack_workflow_failure |