-
Notifications
You must be signed in to change notification settings - Fork 11
149 lines (139 loc) · 4.36 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# Reference from:
# https://github.com/c-bata/go-prompt/blob/master/.github/workflows/test.yml
name: Check
on:
pull_request:
branches:
- main
- release-*
push:
branches:
- main
- release-*
env:
GO_VERSION: '1.19'
jobs:
Test:
name: Unit Test
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Fetch History
run: git fetch --prune --unshallow
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go Dependencies
uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-
- name: Run Unit Tests
run: |
make test
git status
# TODO: enable after public
# - name: Publish Unit Test Coverage
# uses: codecov/codecov-action@v3
# with:
# flags: unittests
# file: cover.out
- name: Check diff
run: '[[ -z $(git status -s) ]] || (printf "Existing modified/untracked files.\nPlease run \"make generate manifests fmt vet\" and push again.\n"; exit 1)'
GolangLint:
name: Golang Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v1.53
args: --timeout=30m
# Lints Pull Request commits with commitlint.
#
# Rules can be referenced:
# https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional
# CommitLint:
# name: Commit Lint
# runs-on: ubuntu-latest
# if: contains(fromJSON('["pull_request"]'), github.event_name)
# steps:
# - name: Checkout
# uses: actions/checkout@v3
# with:
# fetch-depth: 0
# - uses: wagoid/commitlint-github-action@v5
# Lints Pull Request title, because the title will be used as the
# commit message in branch main.
#
# Configuration detail can be referenced:
# https://github.com/marketplace/actions/pull-request-title-rules
# PullRequestTitleLint:
# name: Pull Request Title Lint
# runs-on: ubuntu-latest
# if: contains(fromJSON('["pull_request"]'), github.event_name)
# steps:
# - uses: deepakputhraya/action-pr-title@master
# with:
# allowed_prefixes: 'build,chore,ci,docs,feat,fix,perf,refactor,revert,style,test' # title should start with the given prefix
# disallowed_prefixes: 'WIP,[WIP]' # title should not start with the given prefix
# prefix_case_sensitive: false # title prefix are case insensitive
# min_length: 5 # Min length of the title
# max_length: 80 # Max length of the title
# github_token: ${{ github.token }} # Default: ${{ github.token }}
LicenseCheck:
name: License Check
runs-on: ubuntu-latest
env:
TERM: xterm
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: apache/skywalking-eyes@main
# The TruffleHog OSS Github Action can be used to scan a range of commits for leaked credentials. The action will fail if any results are found.
# More see: https://github.com/marketplace/actions/trufflehog-oss
SecretScan:
name: Secret Scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: TruffleHog OSS
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
extra_args: --debug --json
# TODO: Uncomment when the repository is publicly.
# DependencyReview:
# permissions:
# actions: read
# contents: read
# security-events: write
# name: Dependency Review
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# with:
# fetch-depth: 0
# - uses: actions/dependency-review-action@v3
# with:
# fail-on-severity: critical