Bump the github-actions group with 2 updates #5890
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Linting | |
on: | |
pull_request: | |
permissions: {} | |
jobs: | |
apply-suggestions-commits: | |
name: 'No "Apply suggestions from code review" Commits' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get PR commits | |
id: 'get-pr-commits' | |
uses: tim-actions/get-pr-commits@198af03565609bb4ed924d1260247b4881f09e7d | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: 'Verify no "Apply suggestions from code review" commits' | |
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791 | |
with: | |
commits: ${{ steps.get-pr-commits.outputs.commits }} | |
pattern: '^(?!.*(apply suggestions from code review))' | |
flags: 'i' | |
error: 'Commits addressing code review feedback should typically be squashed into the commits under review' | |
- name: 'Verify no "fixup!" commits' | |
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791 | |
with: | |
commits: ${{ steps.get-pr-commits.outputs.commits }} | |
pattern: '^(?!fixup!)' | |
flags: 'i' | |
error: 'Fixup commits should be squashed into the commits under review' | |
bundle: | |
name: Bundle validation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Create the bundle and validate it | |
run: make bundle | |
crds: | |
name: CRDs up-to-date | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run make manifests to update CRDs | |
run: make manifests | |
- name: Validate that nothing has changed | |
run: git add -A && git diff --staged --exit-code -- deploy | |
gitlint: | |
name: Commit Message(s) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
fetch-depth: 0 | |
- name: Run gitlint | |
run: make gitlint | |
golangci-lint: | |
name: Go | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run golangci-lint | |
run: make golangci-lint | |
licenses: | |
name: Dependency Licenses | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Check the licenses | |
run: make licensecheck | |
markdown-link-check: | |
name: Markdown Links (modified files) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run markdown-link-check | |
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec | |
with: | |
config-file: ".markdownlinkcheck.json" | |
check-modified-files-only: "yes" | |
base-branch: ${{ github.base_ref }} | |
markdownlint: | |
name: Markdown | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run markdownlint | |
run: make markdownlint | |
packagedoc-lint: | |
name: Package Documentation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run packagedoc-lint | |
run: make packagedoc-lint | |
shellcheck: | |
name: Shell | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run shellcheck | |
run: make shellcheck | |
variant-analysis: | |
name: Variant Analysis | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 | |
with: | |
languages: go | |
- name: Run CodeQL variant analysis | |
uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 | |
- name: Show CodeQL scan SARIF report | |
if: always() | |
run: cat ../results/go.sarif | |
vulnerability-scan: | |
name: Vulnerability Scanning | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run Anchore vulnerability scanner | |
uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 | |
id: scan | |
with: | |
path: "." | |
fail-build: true | |
severity-cutoff: high | |
- name: Show Anchore scan SARIF report | |
if: always() | |
run: cat ${{ steps.scan.outputs.sarif }} | |
- name: Upload Anchore scan SARIF report | |
if: always() | |
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 | |
with: | |
sarif_file: ${{ steps.scan.outputs.sarif }} | |
yaml-lint: | |
name: YAML | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run yamllint | |
run: make yamllint | |
yamls: | |
name: Embedded YAMLs up-to-date | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run make pkg/embeddedyamls/yamls.go to update embedded YAMLs | |
run: make pkg/embeddedyamls/yamls.go | |
- name: Validate that nothing has changed | |
run: git add -A && git diff --staged --exit-code -- pkg/embeddedyamls |