-
Notifications
You must be signed in to change notification settings - Fork 26
145 lines (129 loc) · 4.51 KB
/
linting.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
---
name: Linting
on:
pull_request:
jobs:
apply-suggestions-commits:
name: 'No "Apply suggestions from code review" Commits'
runs-on: ubuntu-latest
steps:
- name: Get PR commits
id: 'get-pr-commits'
uses: tim-actions/get-pr-commits@3efc1387ead42029a0d488ab98f24b7452dc3cde
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Verify no "Apply suggestions from code review" commits'
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}
pattern: '^(?!.*(apply suggestions from code review))'
flags: 'i'
error: 'Commits addressing code review feedback should typically be squashed into the commits under review'
- name: 'Verify no "fixup!" commits'
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}
pattern: '^(?!fixup!)'
flags: 'i'
error: 'Fixup commits should be squashed into the commits under review'
commit-size:
name: Commit Size
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Make sure each commit in the PR is within reviewable size
uses: ./gh-actions/commit-size
with:
size: 200
gitlint:
name: Commit Message(s)
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
fetch-depth: 0
- name: Run gitlint
run: make gitlint
golangci-lint:
name: Go
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Run golangci-lint
run: make golangci-lint
headers:
name: License Headers
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Check License Headers
uses: kt3k/license_checker@d12a6d90c58e30fefed09f2c4d03ba57f4c673a8
markdown-link-check:
name: Markdown Links (modified files)
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Run markdown-link-check
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec
with:
config-file: ".markdownlinkcheck.json"
check-modified-files-only: "yes"
base-branch: ${{ github.base_ref }}
markdownlint:
name: Markdown
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Run markdownlint
run: make markdownlint
packagedoc-lint:
name: Package Documentation
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Run packagedoc-lint
run: make packagedoc-lint
shellcheck:
name: Shell
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Run shellcheck
run: make shellcheck
vulnerability-scan:
name: Vulnerability Scanning
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Run Anchore vulnerability scanner
uses: anchore/scan-action@896d5f410043987c8fe18f60d91bf199e436840c
id: scan
with:
path: "."
fail-build: true
severity-cutoff: negligible
- name: Show Anchore scan SARIF report
if: always()
run: cat ${{ steps.scan.outputs.sarif }}
- name: Upload Anchore scan SARIF report
if: always()
uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
yaml-lint:
name: YAML
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Run yamllint
run: make yamllint