-
Notifications
You must be signed in to change notification settings - Fork 9
61 lines (53 loc) · 2.01 KB
/
lint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
name: lint
on:
workflow_call: {}
workflow_dispatch: {}
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: load env vars for workflow run
run: |
source .github/vars.env
echo "GO_VERSION=$GO_VERSION" >> "$GITHUB_ENV"
echo "DEVSPACE_VERSION=$DEVSPACE_VERSION" >> "$GITHUB_ENV"
echo "GCI_VERSION=$GCI_VERSION" >> "$GITHUB_ENV"
echo "GOFUMPT_VERSION=$GOFUMPT_VERSION" >> "$GITHUB_ENV"
echo "GOLANGCI_LINT_VERSION=$GOLANGCI_LINT_VERSION" >> "$GITHUB_ENV"
echo "GOLINES_VERSION=$GOLINES_VERSION" >> "$GITHUB_ENV"
echo "GOTESTSUM_VERSION=$GOTESTSUM_VERSION" >> "$GITHUB_ENV"
echo "HELM_VERSION=$HELM_VERSION" >> "$GITHUB_ENV"
- name: set up go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: ensure go mod is tidy
run: |
git diff --exit-code --name-only go.mod go.sum 2>&1
- name: install go lint tools
run: |
go install mvdan.cc/gofumpt@${{ env.GOFUMPT_VERSION }}
go install github.com/daixiang0/gci@${{ env.GCI_VERSION }}
go install github.com/segmentio/golines@${{ env.GOLINES_VERSION }}
curl -sSfL \
https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh |
sh -s -- -b $(go env GOPATH)/bin ${{ env.GOLANGCI_LINT_VERSION }}
- name: run the linters
run: make lint
- name: run trivy - fs
uses: aquasecurity/[email protected]
with:
scan-type: fs
exit-code: 1
ignore-unfixed: true
vuln-type: os,library
severity: CRITICAL,HIGH
scanners: config
skip-dirs: ui/.next,charts,e2e
# we know launcher/dev/clabverter are using root user, its fine for now!
skip-files: build/clabverter.Dockerfile,build/launcher.Dockerfile,.develop/dev.Dockerfile