Skip to content

Disallow pushing gems with unresolved deps #7730

Disallow pushing gems with unresolved deps

Disallow pushing gems with unresolved deps #7730

Workflow file for this run

name: Lint
on:
pull_request:
push:
branches:
- master
permissions:
contents: read
jobs:
rubocop:
name: Rubocop
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
with:
bundler-cache: true
- name: Rubocop
run: bundle exec rubocop
brakeman:
name: Brakeman
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
with:
bundler-cache: true
- name: Brakeman
run: bundle exec brakeman
importmap:
name: Importmap Verify
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
with:
bundler-cache: true
- name: Importmap Verify
run: bundle exec rake importmap:verify
kubeconform:
name: Kubeconform
runs-on: ubuntu-24.04
strategy:
matrix:
kubernetes_version: ["1.29.1"]
environment:
- staging
- production
steps:
- name: login to Github Packages
run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
with:
bundler-cache: true
- name: krane render
run: |
gem exec --silent krane render -f config/deploy/$ENVIRONMENT --bindings=environment=$ENVIRONMENT --current-sha=$REVISION > config/deploy/$ENVIRONMENT.rendered.yaml
env:
ENVIRONMENT: "${{ matrix.environment }}"
REVISION: "${{ github.sha }}"
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: "${{ matrix.environment }}.rendered.yaml"
path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
- name: kubeconform
uses: docker://ghcr.io/yannh/kubeconform@sha256:03f6b236ef64f20b4bc950209d6254b109e23b4b05e7811649f59eae5659fa58 # v0.6.3
with:
entrypoint: "/kubeconform"
args: "-strict -summary -output json --kubernetes-version ${{ matrix.kubernetes_version }} config/deploy/${{ matrix.environment }}.rendered.yaml"
frizbee:
name: Frizbee
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: stacklok/frizbee-action@71e8bd2bfd0063f7175e66837157087c713cd785 # main
env:
GITHUB_TOKEN: ${{ github.token }}
with:
action_paths: '[".github/workflows", ".github/actions"]'
dockerfiles: '["./Dockerfile", ".devcontainer/Dockerfile"]'
docker_compose: '["./docker-compose.yml", ".devcontainer/docker-compose.yml"]'
fail_on_unpinned: true
open_pr: false
repo_root: "."