forked from gravitational/teleport
-
Notifications
You must be signed in to change notification settings - Fork 0
68 lines (55 loc) · 2.67 KB
/
lint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: Lint (Go)
run-name: make lint
on:
pull_request:
paths-ignore:
- "docs/**"
- "rfd/**"
- "**/*.md*"
merge_group:
paths-ignore:
- "docs/**"
- "rfd/**"
- "**/*.md*"
jobs:
lint:
if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
name: Lint (Go)
runs-on: ubuntu-22.04-16core
permissions:
contents: read
container:
image: ghcr.io/gravitational/teleport-buildbox:teleport14
env:
GO_LINT_FLAGS: --timeout=15m
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run `go mod tidy`
run: rm go.sum api/go.sum && go mod tidy && (cd api && go mod tidy)
- name: Check for changes
# We have to add the current directory as a safe directory or else git commands will not work as expected.
run: git config --global --add safe.directory $( realpath . ) && git diff --exit-code -- go.mod go.sum api/go.mod api/go.sum
- name: Run linter
run: make lint
- name: Check if protos are up to date
# We have to add the current directory as a safe directory or else git commands will not work as expected.
run: git config --global --add safe.directory $(realpath .) && make protos-up-to-date/host
- name: Check if Operator CRDs are up to date
# We have to add the current directory as a safe directory or else git commands will not work as expected.
run: git config --global --add safe.directory $(realpath .) && make crds-up-to-date
# The `buf breaking` check is twofold: we always check for compatibility
# breaks against the base of the PR, and in backports we check for
# compatibility breaks _from_ the tip of master. It's possible to add
# fields just to release branches and not master, but it requires
# reserving the appropriate field numbers and field names in master (as it
# should!).
# We run a separate fetch because even with a fetch-depth of 0 in
# actions/checkout I'm not sure that we're guaranteed to have all the refs
# we need (especially the tip of master in backports), but it's a shallow
# fetch for a specific tree by hash, so it should be pretty fast.
- name: Check protos for breakage against parent
run: buf breaking . --against "https://github.com/${{ github.repository }}.git#branch=${{ github.event.pull_request.base.sha || github.event.merge_group.base_sha }}"
- name: Check protos for breakage from master
if: ${{ github.base_ref != 'master' && github.event.merge_group.base_ref != 'refs/heads/master' }}
run: buf breaking "https://github.com/${{ github.repository }}.git#branch=master" --against .