Add vulncheck local target and GH action #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
env: | |
GO_VERSION: 1.21.3 | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
jobs: | |
lint-markdown: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Lint Markdown | |
run: make lint-markdown | |
lint-shell: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Lint Shell | |
run: make lint-shell | |
verify-go-modules: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '**/go.sum' | |
- name: Run go mod tidy | |
run: make modules | |
- name: Verify go modules have not changed | |
run: git diff --exit-code | |
- name: Run go mod download | |
run: make modules-download | |
verify-codegen: | |
needs: | |
- verify-go-modules | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '**/go.sum' | |
- name: Verify codegen | |
run: make verify-codegen | |
lint-go: | |
needs: | |
- verify-go-modules | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '**/go.sum' | |
- name: Setup the cache for golangci-lint | |
uses: actions/cache@v3 | |
with: | |
key: golangci-lint-${{ runner.os }}-go${{ env.GO_VERSION }}-${{ hashFiles('go.sum', 'hack/tools/go.sum') }} | |
path: | | |
~/.cache/golangci-lint | |
hack/tools/bin/golangci-lint | |
- name: Lint Go | |
run: make lint-go-full | |
vulncheck-go: | |
needs: | |
- verify-go-modules | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '**/go.sum' | |
- name: Setup the cache for govulncheck | |
uses: actions/cache@v3 | |
with: | |
key: govulncheck-${{ runner.os }}-go${{ env.GO_VERSION }}-${{ hashFiles('go.sum', 'hack/tools/go.sum') }} | |
path: | | |
hack/tools/bin/govulncheck | |
- name: Vulncheck Go | |
run: make vulncheck-go | |
build-manager: | |
needs: | |
- verify-go-modules | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '**/go.sum' | |
- name: Build Manager | |
run: make manager-only | |
build-web-console-validator: | |
needs: | |
- verify-go-modules | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '**/go.sum' | |
- name: Build Web Console Validator | |
run: make web-console-validator-only | |
unit-test: | |
needs: | |
- verify-go-modules | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '**/go.sum' | |
- name: Unit Test | |
run: make test | |
- name: Store test coverage | |
uses: actions/upload-artifact@v3 | |
with: | |
name: unit-test-coverage | |
path: cover.out | |
integration-test: | |
needs: | |
- verify-go-modules | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '**/go.sum' | |
- name: Integration Test | |
run: make test-integration | |
- name: Store test coverage | |
uses: actions/upload-artifact@v3 | |
with: | |
name: integration-test-coverage | |
path: integration-cover.out | |
code-coverage: | |
needs: | |
- unit-test | |
- integration-test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache: true | |
cache-dependency-path: '**/go.sum' | |
- name: Fetch unit test coverage | |
uses: actions/download-artifact@v3 | |
with: | |
name: unit-test-coverage | |
- name: Fetch integration test coverage | |
uses: actions/download-artifact@v3 | |
with: | |
name: integration-test-coverage | |
- name: Merge test coverage | |
run: make coverage-merge | |
- name: Produce code coverage report | |
uses: irongut/[email protected] | |
with: | |
filename: merged-cover.xml | |
badge: true | |
fail_below_min: true | |
format: markdown | |
hide_branch_rate: false | |
hide_complexity: true | |
indicators: true | |
output: both | |
thresholds: '60 80' | |
# | |
# Commenting this out for now to ensure it is possible to re-run this job | |
# without having to re-run the unit and integration test jobs. We should | |
# probably think about re-enabling this step if at some point the size of | |
# artifacts we store per-PR grows too large. | |
# | |
# - name: Delete the stored test coverage | |
# if: github.event_name != 'pull_request' | |
# uses: geekyeggo/delete-artifact@v2 | |
# with: | |
# name: | | |
# unit-test-coverage | |
# integration-test-coverage | |
- name: Save pull request ID | |
if: github.event_name == 'pull_request' | |
env: | |
PR_NUMBER: ${{ github.event.number }} | |
run: | | |
echo "${PR_NUMBER}" >pull_request_id | |
- name: Store code coverage results | |
if: github.event_name == 'pull_request' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: code-coverage-results | |
path: | | |
code-coverage-results.md | |
pull_request_id |