Skip to content

bump (#886)

bump (#886) #1722

Workflow file for this run

name: Test kube-linter
on:
pull_request:
# Workflows triggered by Dependabot on the "push" event run with read-only access.
# Uploading Code Scanning results requires write access. Ignore dependabot branches for auto-merge.
push:
branches-ignore: "dependabot/**"
tags:
- "*"
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Checkout all repo history to make tags available for figuring out kube-linter version during build.
fetch-depth: 0
- name: Setup Go environment
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Go Build Cache
uses: actions/cache@v4
with:
path: ~/.cache
key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }}
- name: Go Mod Cache
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
- name: Build binaries
run: make build
- name: Upload binary
uses: actions/upload-artifact@v4
with:
name: bin
path: bin
- name: Run lint checks
run: make lint
- name: Ensure generated files are up-to-date
run: make generated-srcs && git diff --exit-code HEAD
- name: Run unit tests
run: make test
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v5.1.2
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: stackrox/kube-linter
flags: unit
- name: Run E2E tests
run: make e2e-test
- name: Setup BATS
uses: mig4/setup-bats@v1
with:
bats-version: 1.5.0
- name: Run bats tests
run: make e2e-bats
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v5.1.2
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: stackrox/kube-linter
flags: bats
- name: Upload Linux binary
uses: actions/upload-artifact@v4
with:
name: kube-linter
path: dist/kube-linter_linux_amd64_v1/kube-linter
- name: Upload Windows binary
uses: actions/upload-artifact@v4
with:
name: kube-linter.exe
path: dist/kube-linter_windows_amd64_v1/kube-linter.exe
test-sarif:
needs: build-and-test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download executable
uses: actions/download-artifact@v4
with:
name: kube-linter
- name: Set permissions to file
run: chmod +x kube-linter
- name: Print kube-linter version
run: ./kube-linter version
- name: Run kube-linter on a sample file with SARIF output
run: ./kube-linter lint --format=sarif tests/testdata/splunk.yaml > results.sarif
continue-on-error: true
- name: Dump output file and check it is not empty
# The if part will generate no-zero exit code if the file is empty. See https://github.com/stedolan/jq/issues/1142#issuecomment-432003984
run: jq -es 'if . == [] then null else .[] | . end' results.sarif
- name: Upload output file as GitHub artifact for manual investigation
uses: actions/upload-artifact@v4
with:
name: results.sarif
path: results.sarif
- name: Install yajsv
run: curl https://github.com/neilpa/yajsv/releases/download/v1.4.0/yajsv.linux.amd64 -LsSfo yajsv && chmod +x yajsv
- name: Check if output file is valid according to SARIF schema
run: |
set -ex
schema=$(jq -r '.["$schema"]' results.sarif)
[ "$schema" = https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json ]
./yajsv -s ./scripts/sarif/sarif-schema-2.1.0.json results.sarif
- name: Upload SARIF output file to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
windows-sanity-test:
name: Windows sanity test
needs: build-and-test
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
with:
# Checkout all repo history to make tags available for figuring out kube-linter version during build.
fetch-depth: 0
- name: Download windows executable
uses: actions/download-artifact@v4
with:
name: kube-linter.exe
path: tmp/
- shell: bash
run: |
tmp/kube-linter.exe version
# Make sure the lint command can run without errors.
# TODO: run the full suite of E2E tests on Windows.
tmp/kube-linter.exe lint "tests/checks/access-to-create-pods.yml"