-
Notifications
You must be signed in to change notification settings - Fork 9
130 lines (130 loc) · 3.98 KB
/
actions.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Workflow
on:
push:
branches: [main]
pull_request:
branches: ["**"]
jobs:
code-check:
name: Check Go formatting, linting, vetting
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run the formatter, linter, and vetter
uses: dell/common-github-actions/go-code-formatter-linter-vetter@main
with:
directories: ./...
# Removing forbidden checks for now. Todo - maintain consistency across platforms
#sanitize:
# name: Check for forbidden words
# runs-on: ubuntu-latest
# steps:
# - name: Checkout the code
# uses: actions/checkout@v4
# - name: Run the forbidden words scan
# uses: dell/common-github-actions/code-sanitizer@main
# with:
# args: /github/workspace
test_controller:
name: Run Go unit tests on controller and check package coverage
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.22"
cache: false
- name: Checkout csm-operator
uses: actions/checkout@v4
with:
repository: "dell/csm-operator"
path: "csm-operator"
- name: Run unit tests and check package coverage
uses: dell/common-github-actions/go-code-tester@csm-operator-controllers
with:
threshold: 90
test_driver:
name: Run Go unit tests on driver and check package coverage
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run unit tests and check package coverage
uses: dell/common-github-actions/go-code-tester@main
with:
threshold: 95
test-folder: "pkg/drivers/"
test_module:
name: Run Go unit tests on module and check package coverage
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run unit tests and check package coverage
uses: dell/common-github-actions/go-code-tester@main
with:
threshold: 90
test-folder: "pkg/modules/"
go_security_scan:
name: Go security
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run Go Security
uses: securego/gosec@master
with:
args: -exclude-dir=tests -exclude=G101 ./...
malware_security_scan:
name: Malware Scanner
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run malware scan
uses: dell/common-github-actions/malware-scanner@main
with:
directories: .
options: -ri
yaml_lint_scan:
name: Run Yaml Lint
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: setup python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- run: pip install yamllint
- run: yamllint .
image_security_scan:
name: Image Scanner
runs-on: ubuntu-latest
env:
BASE_IMG: ubuntu:latest
steps:
- name: Set up Go 1.22+
uses: actions/setup-go@v5
with:
go-version: ^1.22
id: go
- name: Checkout the code
uses: actions/checkout@v4
- name: Build Docker Images
run: |
chmod +x ./scripts/build-ubi-micro.sh
make build-base-image
make -o gen-semver
podman build -t docker.io/csm-operator -f ./Dockerfile --build-arg GOIMAGE=golang:latest --build-arg BASEIMAGE="localhost/csm-operator-ubimicro"
podman save docker.io/library/csm-operator -o /tmp/csm-operator.tar
docker load -i /tmp/csm-operator.tar
- name: Scan controller Image
uses: Azure/container-scan@v0
env:
DOCKLE_HOST: "unix:///var/run/docker.sock"
with:
image-name: csm-operator
severity-threshold: HIGH