-
Notifications
You must be signed in to change notification settings - Fork 12
161 lines (151 loc) · 4.87 KB
/
check.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
# Reference from:
# https://github.com/c-bata/go-prompt/blob/master/.github/workflows/test.yml
name: Check
on:
pull_request:
branches:
- main
- release-*
push:
branches:
- main
- release-*
env:
GO_VERSION: '1.20'
jobs:
Test:
name: Unit Test
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Fetch History
run: git fetch --prune --unshallow
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Setup protoc
run: |
wget https://github.com/protocolbuffers/protobuf/releases/download/v3.19.5/protoc-3.19.5-linux-x86_64.zip
unzip protoc-3.19.5-linux-x86_64.zip -d protoc3
rm -rf protoc-3.19.5-linux-x86_64.zip
- name: Setup Buf
run: |
GO111MODULE=on GOBIN=/usr/local/bin go install github.com/bufbuild/buf/cmd/[email protected]
GO111MODULE=on GOBIN=/usr/local/bin go install ./tools/protoc-gen-golang-deepcopy
- name: Cache Go Dependencies
uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-
- name: Run Unit Tests
run: |
export PATH="$PATH:$(pwd)/protoc3/bin"
ls $(pwd)
echo $PATH
make test
rm -rf protoc3
git status
- name: Publish Unit Test Coverage
uses: codecov/codecov-action@v3
with:
flags: unittests
file: cover.out
- name: Check diff
run: '[[ -z $(git status -s) ]] || (printf "Existing modified/untracked files.\nPlease run \"make generate manifests fmt vet\" and push again.\n"; exit 1)'
GolangLint:
name: Golang Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v1.53
args: --timeout=30m
# Lints Pull Request commits with commitlint.
#
# Rules can be referenced:
# https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional
# CommitLint:
# name: Commit Lint
# runs-on: ubuntu-latest
# if: contains(fromJSON('["pull_request"]'), github.event_name)
# steps:
# - name: Checkout
# uses: actions/checkout@v3
# with:
# fetch-depth: 0
# - uses: wagoid/commitlint-github-action@v5
# Lints Pull Request title, because the title will be used as the
# commit message in branch main.
#
# Configuration detail can be referenced:
# https://github.com/marketplace/actions/pull-request-title-rules
# PullRequestTitleLint:
# name: Pull Request Title Lint
# runs-on: ubuntu-latest
# if: contains(fromJSON('["pull_request"]'), github.event_name)
# steps:
# - uses: deepakputhraya/action-pr-title@master
# with:
# allowed_prefixes: 'build,chore,ci,docs,feat,fix,perf,refactor,revert,style,test' # title should start with the given prefix
# disallowed_prefixes: 'WIP,[WIP]' # title should not start with the given prefix
# prefix_case_sensitive: false # title prefix are case insensitive
# min_length: 5 # Min length of the title
# max_length: 80 # Max length of the title
# github_token: ${{ github.token }} # Default: ${{ github.token }}
LicenseCheck:
name: License Check
runs-on: ubuntu-latest
env:
TERM: xterm
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: apache/skywalking-eyes@main
# The TruffleHog OSS Github Action can be used to scan a range of commits for leaked credentials. The action will fail if any results are found.
# More see: https://github.com/marketplace/actions/trufflehog-oss
SecretScan:
name: Secret Scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: TruffleHog OSS
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
extra_args: --debug --json
# TODO: Uncomment when the repository is publicly.
# DependencyReview:
# permissions:
# actions: read
# contents: read
# security-events: write
# name: Dependency Review
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# with:
# fetch-depth: 0
# - uses: actions/dependency-review-action@v3
# with:
# fail-on-severity: critical