-
Notifications
You must be signed in to change notification settings - Fork 41
167 lines (165 loc) · 5.56 KB
/
pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: Go Test on Pull Requests
on:
pull_request:
types:
- opened
- synchronize
- reopened
jobs:
Dockerfile-linter:
name: Check Dockerfiles
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
go-linters:
name: Go linters
runs-on: ubuntu-20.04
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v5
with:
go-version: "1.21"
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: -exclude-generated ./...
env:
GOROOT: ""
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
args: --timeout=10m
only-new-issues: true
- uses: dominikh/staticcheck-action@v1.3.1
with:
version: "2023.1.3"
install-go: false
skip-cache: true
go:
name: Check sources
runs-on: ubuntu-20.04
env:
OPERATOR_SDK_VERSION: v1.18.0
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v5
with:
go-version: "1.21"
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Cache Operator SDK ${{ env.OPERATOR_SDK_VERSION }}
uses: actions/cache@v4
id: cache-operator-sdk
with:
path: ~/cache
key: operator-sdk-${{ env.OPERATOR_SDK_VERSION }}
- name: Download Operator SDK ${{ env.OPERATOR_SDK_VERSION }}
if: steps.cache-operator-sdk.outputs.cache-hit != 'true'
run: |
mkdir -p ~/cache
wget https://github.com/operator-framework/operator-sdk/releases/download/${OPERATOR_SDK_VERSION}/operator-sdk_linux_amd64 -O ~/cache/operator-sdk-${OPERATOR_SDK_VERSION} > /dev/null -O ~/cache/operator-sdk-${OPERATOR_SDK_VERSION} > /dev/null
chmod +x ~/cache/operator-sdk-${OPERATOR_SDK_VERSION}
- name: Install Operator SDK ${{ env.OPERATOR_SDK_VERSION }}
run: |
mkdir -p ~/bin
cp ~/cache/operator-sdk-${OPERATOR_SDK_VERSION} ~/bin/operator-sdk
echo "$HOME/bin" >> $GITHUB_PATH
- name: Regenerate executables with current environment packages
run: |
rm -f bin/kustomize bin/controller-gen
make kustomize controller-gen
- name: Cache go modules
id: cache-mod
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Download dependencies
run: go mod download
if: steps.cache-mod.outputs.cache-hit != 'true'
- name: Check go mod status
run: |
time_before=$(date "+%F %T")
go mod tidy
if [[ $(find . -type f -newermt "$time_before") ]]
then
echo "Go mod state is not clean:"
find . -type f -newermt "$time_before"
exit 1
fi
- name: Check format
run: |
time_before=$(date "+%F %T")
make fmt
if [[ $(find . -type f -newermt "$time_before") ]]
then
echo "Some files are not properly formatted."
echo "Please run `go fmt` and amend your commit."
find . -type f -newermt "$time_before"
exit 1
fi
- name: Check kubernetes manifests
run: |
set -euo pipefail
make generate manifests
if [[ ! -z $(git status -s) ]]
then
echo "generated sources are not up to date:"
git --no-pager diff
exit 1
fi
- name: Check RBAC wildcards
run: |
if grep -rni "*" /tmp/integration-service/config/rbac/* ; then
echo "generated RBAC roles contains wildcards"
exit 1
fi
- name: Run Go Tests
run: |
make test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
gitlint:
name: Run gitlint checks
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Install gitlint into container
run: python -m pip install gitlint
- name: Run gitlint check
run: gitlint --commits origin/${{ github.event.pull_request.base.ref }}..HEAD
kube-linter:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# This prepares directory where github/codeql-action/upload-sarif@v1 looks up report files by default.
- name: Create ./.kube-linter/ for deployment files
shell: bash
run: mkdir -p ./.kube-linter/
- name: Generate default configuration
shell: bash
run: kustomize build config/default/ > ./.kube-linter/deploy-default.yaml
- name: Scan yaml files with kube-linter
uses: stackrox/kube-linter-action@v1
id: kube-linter-action-scan
with:
# Adjust this directory to the location where your kubernetes resources and helm charts are located.
directory: ./.kube-linter/
# Adjust this to the location of kube-linter config you're using, or remove the setting if you'd like to use
# the default config.
config: ./.github/.kube-linter-config.yaml