bump (#886) #1722
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test kube-linter | |
on: | |
pull_request: | |
# Workflows triggered by Dependabot on the "push" event run with read-only access. | |
# Uploading Code Scanning results requires write access. Ignore dependabot branches for auto-merge. | |
push: | |
branches-ignore: "dependabot/**" | |
tags: | |
- "*" | |
env: | |
# Use docker.io for Docker Hub if empty | |
REGISTRY: ghcr.io | |
# github.repository as <account>/<repo> | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
build-and-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Checkout all repo history to make tags available for figuring out kube-linter version during build. | |
fetch-depth: 0 | |
- name: Setup Go environment | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- name: Go Build Cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/.cache | |
key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} | |
- name: Go Mod Cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} | |
- name: Build binaries | |
run: make build | |
- name: Upload binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: bin | |
path: bin | |
- name: Run lint checks | |
run: make lint | |
- name: Ensure generated files are up-to-date | |
run: make generated-srcs && git diff --exit-code HEAD | |
- name: Run unit tests | |
run: make test | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@v5.1.2 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
slug: stackrox/kube-linter | |
flags: unit | |
- name: Run E2E tests | |
run: make e2e-test | |
- name: Setup BATS | |
uses: mig4/setup-bats@v1 | |
with: | |
bats-version: 1.5.0 | |
- name: Run bats tests | |
run: make e2e-bats | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@v5.1.2 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
slug: stackrox/kube-linter | |
flags: bats | |
- name: Upload Linux binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: kube-linter | |
path: dist/kube-linter_linux_amd64_v1/kube-linter | |
- name: Upload Windows binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: kube-linter.exe | |
path: dist/kube-linter_windows_amd64_v1/kube-linter.exe | |
test-sarif: | |
needs: build-and-test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download executable | |
uses: actions/download-artifact@v4 | |
with: | |
name: kube-linter | |
- name: Set permissions to file | |
run: chmod +x kube-linter | |
- name: Print kube-linter version | |
run: ./kube-linter version | |
- name: Run kube-linter on a sample file with SARIF output | |
run: ./kube-linter lint --format=sarif tests/testdata/splunk.yaml > results.sarif | |
continue-on-error: true | |
- name: Dump output file and check it is not empty | |
# The if part will generate no-zero exit code if the file is empty. See https://github.com/stedolan/jq/issues/1142#issuecomment-432003984 | |
run: jq -es 'if . == [] then null else .[] | . end' results.sarif | |
- name: Upload output file as GitHub artifact for manual investigation | |
uses: actions/upload-artifact@v4 | |
with: | |
name: results.sarif | |
path: results.sarif | |
- name: Install yajsv | |
run: curl https://github.com/neilpa/yajsv/releases/download/v1.4.0/yajsv.linux.amd64 -LsSfo yajsv && chmod +x yajsv | |
- name: Check if output file is valid according to SARIF schema | |
run: | | |
set -ex | |
schema=$(jq -r '.["$schema"]' results.sarif) | |
[ "$schema" = https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json ] | |
./yajsv -s ./scripts/sarif/sarif-schema-2.1.0.json results.sarif | |
- name: Upload SARIF output file to GitHub | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: results.sarif | |
windows-sanity-test: | |
name: Windows sanity test | |
needs: build-and-test | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Checkout all repo history to make tags available for figuring out kube-linter version during build. | |
fetch-depth: 0 | |
- name: Download windows executable | |
uses: actions/download-artifact@v4 | |
with: | |
name: kube-linter.exe | |
path: tmp/ | |
- shell: bash | |
run: | | |
tmp/kube-linter.exe version | |
# Make sure the lint command can run without errors. | |
# TODO: run the full suite of E2E tests on Windows. | |
tmp/kube-linter.exe lint "tests/checks/access-to-create-pods.yml" |