Skip to content

Add vulncheck local target and GH action #16

Add vulncheck local target and GH action

Add vulncheck local target and GH action #16

Workflow file for this run

name: ci
env:
GO_VERSION: 1.21.3
on:
pull_request:
branches:
- main
push:
branches:
- main
jobs:
lint-markdown:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Lint Markdown
run: make lint-markdown
lint-shell:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Lint Shell
run: make lint-shell
verify-go-modules:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '**/go.sum'
- name: Run go mod tidy
run: make modules
- name: Verify go modules have not changed
run: git diff --exit-code
- name: Run go mod download
run: make modules-download
verify-codegen:
needs:
- verify-go-modules
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '**/go.sum'
- name: Verify codegen
run: make verify-codegen
lint-go:
needs:
- verify-go-modules
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '**/go.sum'
- name: Setup the cache for golangci-lint
uses: actions/cache@v3
with:
key: golangci-lint-${{ runner.os }}-go${{ env.GO_VERSION }}-${{ hashFiles('go.sum', 'hack/tools/go.sum') }}
path: |
~/.cache/golangci-lint
hack/tools/bin/golangci-lint
- name: Lint Go
run: make lint-go-full
vulncheck-go:
needs:
- verify-go-modules
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '**/go.sum'
- name: Setup the cache for govulncheck
uses: actions/cache@v3
with:
key: govulncheck-${{ runner.os }}-go${{ env.GO_VERSION }}-${{ hashFiles('go.sum', 'hack/tools/go.sum') }}
path: |
hack/tools/bin/govulncheck
- name: Vulncheck Go
run: make vulncheck-go
build-manager:
needs:
- verify-go-modules
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '**/go.sum'
- name: Build Manager
run: make manager-only
build-web-console-validator:
needs:
- verify-go-modules
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '**/go.sum'
- name: Build Web Console Validator
run: make web-console-validator-only
unit-test:
needs:
- verify-go-modules
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '**/go.sum'
- name: Unit Test
run: make test
- name: Store test coverage
uses: actions/upload-artifact@v3
with:
name: unit-test-coverage
path: cover.out
integration-test:
needs:
- verify-go-modules
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '**/go.sum'
- name: Integration Test
run: make test-integration
- name: Store test coverage
uses: actions/upload-artifact@v3
with:
name: integration-test-coverage
path: integration-cover.out
code-coverage:
needs:
- unit-test
- integration-test
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: '**/go.sum'
- name: Fetch unit test coverage
uses: actions/download-artifact@v3
with:
name: unit-test-coverage
- name: Fetch integration test coverage
uses: actions/download-artifact@v3
with:
name: integration-test-coverage
- name: Merge test coverage
run: make coverage-merge
- name: Produce code coverage report
uses: irongut/[email protected]
with:
filename: merged-cover.xml
badge: true
fail_below_min: true
format: markdown
hide_branch_rate: false
hide_complexity: true
indicators: true
output: both
thresholds: '60 80'
#
# Commenting this out for now to ensure it is possible to re-run this job
# without having to re-run the unit and integration test jobs. We should
# probably think about re-enabling this step if at some point the size of
# artifacts we store per-PR grows too large.
#
# - name: Delete the stored test coverage
# if: github.event_name != 'pull_request'
# uses: geekyeggo/delete-artifact@v2
# with:
# name: |
# unit-test-coverage
# integration-test-coverage
- name: Save pull request ID
if: github.event_name == 'pull_request'
env:
PR_NUMBER: ${{ github.event.number }}
run: |
echo "${PR_NUMBER}" >pull_request_id
- name: Store code coverage results
if: github.event_name == 'pull_request'
uses: actions/upload-artifact@v3
with:
name: code-coverage-results
path: |
code-coverage-results.md
pull_request_id