Skip to content
Validate PRs

chore(Dockerfile): bump snyk/snyk from 1ccb8c5 to d3e30c8 #585

Sign in to view logs

chore(Dockerfile): bump snyk/snyk from 1ccb8c5 to d3e30c8

chore(Dockerfile): bump snyk/snyk from 1ccb8c5 to d3e30c8 #585

Workflow file for this run

.github/workflows/pr-checks.yaml at 54b5a49
# Copyright (c) 2022 Red Hat, Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: Validate PRs
on:
pull_request:
branches: [ main ]
push:
branches: [ main ]
jobs:
YAML-Linter:
runs-on: ubuntu-latest
steps:
- name: yaml-lint
uses: ibiqlik/action-yamllint@v3
with:
file_or_dir: .
Dockerfile-linter:
name: Check Dockerfile
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
ignore: DL3003,DL3013,DL3041,DL4006 # DL4006 seems broken
container_image_main:
name: Check main image build
runs-on: ubuntu-latest
container:
image: registry.fedoraproject.org/fedora:37
options: --privileged
steps:
- name: Check out Docker file code in the root directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install packages
run: |
dnf install -y podman
- name: Build image
run: |
podman build -t hacbs-test:${{ github.sha }} .
- name: Selfcheck - Integration test inside the image
run: |
podman run --rm -t hacbs-test:${{ github.sha }} /selftest.sh
opa_policies_unittest:
name: opa_policies_unittest
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependency packages
run: |
sudo apt-get install jq
sudo curl -L -o /usr/bin/opa https://openpolicyagent.org/downloads/v0.56.0/opa_linux_amd64_static
sudo chmod 755 /usr/bin/opa
- name: Run unittests for policies
run: |
set -o pipefail
TEST_FILES="./policies ./unittests ./unittests/test_data"
/usr/bin/opa test --coverage --format json $TEST_FILES \
| { T=`mktemp`; \
tee $T; \
/usr/bin/opa eval \
--format pretty \
--input $T \
--data hack/simplecov.rego \
data.simplecov.from_opa > coverage.json; \
rm -f $T || true; } \
| jq -j -r 'if .coverage < 100 then "ERROR: Code coverage threshold not met: got \(.coverage) instead of 100.00\n" | halt_error(1) else "" end'
- name: Upload test coverage report
uses: codecov/codecov-action@v3
if: always()
bash_unittests:
name: bash_unittests
runs-on: ubuntu-latest
steps:
- name: Setup BATS
uses: mig4/setup-bats@v1
with:
bats-version: 1.8.2
- name: Install required packages
run: sudo apt-get install -y jq
- name: Check out code
uses: actions/checkout@v4
- name: Test
run: bats unittests_bash
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
env:
SHELLCHECK_OPTS: -s bash
with:
scandir: './test'
ignore_paths: './test/conftest.sh ./test/selftest.sh' # for now
gitlint:
name: Run gitlint checks
if: ${{ github.event_name == 'pull_request' }} # we can test only PRs
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Install gitlint into container
run: python -m pip install gitlint
- name: Run gitlint check
run: gitlint --commits origin/${{ github.event.pull_request.base.ref }}..HEAD