Skip to content

Skip Comment Feature (#530) #344

Skip Comment Feature (#530)

Skip Comment Feature (#530) #344

Workflow file for this run

name: build
on:
push:
branches:
- main
paths-ignore:
- 'docs/**'
- 'INTHEWILD.md'
- 'README.md'
- '.github/**'
- '.pre-commit-config.yaml'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
contents: read
concurrency:
group: 'build'
cancel-in-progress: true
jobs:
security:
uses: ./.github/workflows/security-shared.yml
secrets: inherit
test:
runs-on: [self-hosted, public, linux, x64]
permissions:
contents: write
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
with:
token: ${{ secrets.PAT }}
- uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
with:
# needed for terraform-setup https://github.com/hashicorp/setup-terraform/issues/84
node-version: '16'
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
with:
go-version: 1.19
- name: Setup Terraform
uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2
with:
terraform_version: 0.14.5
- name: Terraform Init
working-directory: ./tests/terraform/resources
run: terraform init
- name: Prepare external plugin tests
run: |
go build -buildmode=plugin -o tests/yor_plugins/example/extra_tags.so tests/yor_plugins/example/*.go
go build -buildmode=plugin -o tests/yor_plugins/tag_group_example/extra_tag_groups.so tests/yor_plugins/tag_group_example/*.go
- name: Test
run: |
go build -v && go test ./src/... -covermode=count -coverprofile=coverage.out
go tool cover -func=coverage.out -o=coverage.out
- name: Go Coverage Badge # Pass the `coverage.out` output to this action
uses: tj-actions/coverage-badge-go@7f447a2281e6c95d57526e53b2e800dfb3c07425 # v2
with:
filename: coverage.out
- name: Verify Changed files
uses: tj-actions/verify-changed-files@7f1b21ceb7ef533b97b46e89e2f882ee5cb17ae0 # v16
id: verify-changed-files
with:
files: README.md
- name: Commit + Push changes
if: steps.verify-changed-files.outputs.files_changed == 'true'
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add README.md
git commit -m "chore: Updated coverage badge."
git push origin
linter:
name: golangci-lint
runs-on: [self-hosted, public, linux, x64]
permissions:
checks: write
contents: read
pull-requests: write
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
- name: golangci-lint
uses: reviewdog/action-golangci-lint@94d61e3205b61acf4ddabfeb13c5f8a13eb4167b # v2
with:
tool_name: golangci-lint
fail_on_error: true
golangci_lint_flags: "--skip-dirs tests/yor_plugins"
integration-tests:
runs-on: [self-hosted, public, linux, x64]
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
with:
go-version: 1.19
- name: build
run: go build
- name: Clone Terragoat - vulnerable terraform
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
with:
repository: bridgecrewio/terragoat # clone https://github.com/bridgecrewio/terragoat/
fetch-depth: 0
clean: false
path: 'terragoat'
ref: 063dc2db3bb036160ed39d3705508ee8293a27c8
- name: Run yor
run: |
git config --local user.email "action@github.com"
./yor list-tags -g code2cloud,git > list-tags-result.txt
./yor tag -d terragoat -o json --output-json-file result.json
go test -race ./tests/integration/...
create-release:
runs-on: [self-hosted, public, linux, x64]
needs:
- integration-tests
- test
- linter
permissions:
contents: write
outputs:
version: ${{ steps.version.outputs.new_tag }}
steps:
- name: Wait for coverage to update
run: sleep 10s
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
with:
ref: main
- name: version
uses: anothrNick/github-tag-action@a2c70ae13a881faf2b4953baaa9e49731997ab36 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WITH_V: false
RELEASE_BRANCHES: main
DEFAULT_BUMP: patch
id: version
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
with:
go-version: 1.19
- name: Git Fetch Repo
run: |
git fetch
- uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4
name: goreleaser
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
# - name: Update go reportcard
# uses: creekorful/goreportcard-action@v1.0
publish-dockerhub:
runs-on: [self-hosted, public, linux, x64]
needs:
- create-release
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
- name: Publish to Registry
uses: elgohr/Publish-Docker-Github-Action@d0321869e187cfd3124343ea2b39b1db31f89685 # v5
with:
name: bridgecrew/yor
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
buildoptions: "--no-cache"
tags: "latest,${{ needs.create-release.outputs.version }}"
- name: Update Docker Hub README
uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: bridgecrew/yor
short-description: ${{ github.event.repository.description }}
update-bridgecrew-projects:
needs: publish-dockerhub
runs-on: [self-hosted, public, linux, x64]
steps:
- name: update on yor release
run: |
curl -XPOST -H "Authorization: token ${{ secrets.PAT }}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/bridgecrewio/yor-action/dispatches --data '{"event_type": "build"}'
curl -XPOST -H "Authorization: token ${{ secrets.PAT }}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/bridgecrewio/yor-choco/dispatches --data '{"event_type": "build"}'
curl -X POST "https://jenkins-webhook.bridgecrew.cloud/buildByToken/build?job=Open-Source/upgrade-yor&token=${{ secrets.BC_JENKINS_TOKEN }}"