Skip to content
Development Actions

Create dependabot.yml #519

Sign in to view logs

Create dependabot.yml

Create dependabot.yml #519

Workflow file for this run

.github/workflows/development.yaml at e5ae7ef
name: Development Actions
on:
push:
branches: [main]
pull_request:
branches: ["**"]
workflow_call:
secrets:
GH_DELL_ACCESS:
description: 'A token passed from the caller workflow'
required: true
permissions:
contents: read
env:
GOPRIVATE: github.com/dell/*
TOKEN: ${{ secrets.GH_DELL_ACCESS }}
jobs:
golangci-lint:
name: golangci-lint
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v5
with:
go-version: "1.23"
cache: false
- name: Checkout the code
uses: actions/checkout@v4
- name: Vendor packages
run: |
go mod vendor
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: latest
skip-cache: true
malware-security-scan:
name: Malware Scanner
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Malware Scanner
uses: dell/common-github-actions/malware-scanner@main
with:
directories: .
options: '--recursive --infected'
code-sanitizer:
name: Check for forbidden words
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run the forbidden words scan
uses: dell/common-github-actions/code-sanitizer@main
with:
args: /github/workspace/pkg
dockerfile-linter:
name: Run Hadolint Dockerfile lint
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.1.0
shell-linter:
name: Run Shellcheck, Checkmake and Perl Critic
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
- name: Perl Critic
uses: Difegue/action-perlcritic@master
with:
args: ./scripts/*
- uses: actions/setup-go@v5
with:
go-version: "1.23"
cache: false
- name: Install and run Checkmake
run: |
go install github.com/mrtazz/checkmake/cmd/checkmake@latest
checkmake Makefile
tests:
name: Run unit tests and check package coverage
runs-on: ubuntu-latest
steps:
- name: Configure git for private modules
run: |
git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com"
echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc
- name: Checkout the code
uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.23"
cache: false
- name: Vendor packages
run: |
go mod vendor
- name: Run unit tests and check package coverage
uses: dell/common-github-actions/go-code-tester@main
with:
threshold: 90
test-folder: "."
skip-list: "github.com/dell/cosi/core,github.com/dell/cosi/tests/integration/main_test"
- name: Run fuzzy tests
run: |
make fuzz
build-and-secure:
name: Build and Scan Docker image
runs-on: ubuntu-latest
env:
IMAGETAG: "${{ github.sha }}"
IMAGENAME: "cosi"
steps:
- name: Configure git for private modules
run: |
git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com"
echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc
- uses: actions/setup-go@v5
with:
go-version: "1.23"
cache: false
- name: Checkout the code
uses: actions/checkout@v4
- name: "Vendor packages"
run: |
go mod vendor
- run: |
chmod +x ./scripts/build-ubi-micro.sh
make build-base-image
podman build -t docker.io/${{ env.IMAGENAME }}:${{ env.IMAGETAG }} -f ./Dockerfile --build-arg GOIMAGE=golang:latest --build-arg BASEIMAGE="localhost/cosi-ubimicro"
podman save docker.io/${{ env.IMAGENAME }}:${{ env.IMAGETAG }} -o /tmp/cosi.tar
docker load -i /tmp/cosi.tar
- name: Run trivy action
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGENAME }}:${{ env.IMAGETAG }}
- name: Run dockle action
uses: erzz/dockle-action@v1.4.0
env:
DOCKER_CONTENT_TRUST: 1
with:
image: ${{ env.IMAGENAME }}:${{ env.IMAGETAG }}