[pull] devel from submariner-io:devel #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Linting | |
on: | |
pull_request: | |
permissions: {} | |
jobs: | |
apply-suggestions-commits: | |
name: 'No "Apply suggestions from code review" Commits' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get PR commits | |
id: 'get-pr-commits' | |
uses: tim-actions/get-pr-commits@198af03565609bb4ed924d1260247b4881f09e7d | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: 'Verify no "Apply suggestions from code review" commits' | |
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791 | |
with: | |
commits: ${{ steps.get-pr-commits.outputs.commits }} | |
pattern: '^(?!.*(apply suggestions from code review))' | |
flags: 'i' | |
error: 'Commits addressing code review feedback should typically be squashed into the commits under review' | |
- name: 'Verify no "fixup!" commits' | |
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791 | |
with: | |
commits: ${{ steps.get-pr-commits.outputs.commits }} | |
pattern: '^(?!fixup!)' | |
flags: 'i' | |
error: 'Fixup commits should be squashed into the commits under review' | |
check-branch-dependencies: | |
name: Check branch dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Check that no dependencies include unmerged commits | |
run: make check-non-release-versions | |
code-gen: | |
name: Submariner K8s API Code Generation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run codegen | |
run: make codegen | |
- name: Ignore go.sum changes | |
run: git checkout go.sum | |
- name: Verify generated code matches committed code | |
run: git add -A && git diff --staged --exit-code | |
proto-gen: | |
name: Protobuf Code Generation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Recreate Protobuf files | |
run: find pkg -name '*.pb.go' -delete -exec make {} \; | |
- name: Ignore go.sum changes | |
run: git checkout go.sum | |
- name: Verify generated code matches committed code | |
run: git add -A && git diff -I'^//' --staged --exit-code | |
gitlint: | |
name: Commit Message(s) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
fetch-depth: 0 | |
- name: Run gitlint | |
run: make gitlint | |
golangci-lint: | |
name: Go | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run golangci-lint | |
run: make golangci-lint | |
licenses: | |
name: Dependency Licenses | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Check the licenses | |
run: make licensecheck | |
markdown-link-check: | |
name: Markdown Links (modified files) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run markdown-link-check | |
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec | |
with: | |
config-file: ".markdownlinkcheck.json" | |
check-modified-files-only: "yes" | |
base-branch: ${{ github.base_ref }} | |
markdownlint: | |
name: Markdown | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run markdownlint | |
run: make markdownlint | |
packagedoc-lint: | |
name: Package Documentation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run packagedoc-lint | |
run: make packagedoc-lint | |
shellcheck: | |
name: Shell | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run shellcheck | |
run: make shellcheck | |
variant-analysis: | |
name: Variant Analysis | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 | |
with: | |
languages: go | |
- name: Run CodeQL variant analysis | |
uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 | |
- name: Show CodeQL scan SARIF report | |
if: always() | |
run: cat ../results/go.sarif | |
vulnerability-scan: | |
name: Vulnerability Scanning | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run Anchore vulnerability scanner | |
uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 | |
id: scan | |
with: | |
path: "." | |
fail-build: true | |
severity-cutoff: high | |
- name: Show Anchore scan SARIF report | |
if: always() | |
run: cat ${{ steps.scan.outputs.sarif }} | |
- name: Upload Anchore scan SARIF report | |
if: always() | |
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 | |
with: | |
sarif_file: ${{ steps.scan.outputs.sarif }} | |
yaml-lint: | |
name: YAML | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run yamllint | |
run: make yamllint |