-
Notifications
You must be signed in to change notification settings - Fork 25
142 lines (124 loc) · 4.07 KB
/
pr-checks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Copyright (c) 2022 Red Hat, Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: Validate PRs
on:
pull_request:
branches: [ main ]
push:
branches: [ main ]
jobs:
YAML-Linter:
runs-on: ubuntu-latest
steps:
- name: yaml-lint
uses: ibiqlik/action-yamllint@v3
with:
file_or_dir: .
Dockerfile-linter:
name: Check Dockerfile
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
ignore: DL3003,DL3013,DL3041,DL4006 # DL4006 seems broken
container_image_main:
name: Check main image build
runs-on: ubuntu-latest
container:
image: registry.fedoraproject.org/fedora:37
options: --privileged
steps:
- name: Check out Docker file code in the root directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install packages
run: |
dnf install -y podman
- name: Build image
run: |
podman build -t hacbs-test:${{ github.sha }} .
- name: Selfcheck - Integration test inside the image
run: |
podman run --rm -t hacbs-test:${{ github.sha }} /selftest.sh
opa_policies_unittest:
name: opa_policies_unittest
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependency packages
run: |
sudo apt-get install jq
sudo curl -L -o /usr/bin/opa https://openpolicyagent.org/downloads/v0.56.0/opa_linux_amd64_static
sudo chmod 755 /usr/bin/opa
- name: Run unittests for policies
run: |
set -o pipefail
TEST_FILES="./policies ./unittests ./unittests/test_data"
/usr/bin/opa test --coverage --format json $TEST_FILES \
| { T=`mktemp`; \
tee $T; \
/usr/bin/opa eval \
--format pretty \
--input $T \
--data hack/simplecov.rego \
data.simplecov.from_opa > coverage.json; \
rm -f $T || true; } \
| jq -j -r 'if .coverage < 100 then "ERROR: Code coverage threshold not met: got \(.coverage) instead of 100.00\n" | halt_error(1) else "" end'
- name: Upload test coverage report
uses: codecov/codecov-action@v3
if: always()
bash_unittests:
name: bash_unittests
runs-on: ubuntu-latest
steps:
- name: Setup BATS
uses: mig4/setup-bats@v1
with:
bats-version: 1.8.2
- name: Install required packages
run: sudo apt-get install -y jq
- name: Check out code
uses: actions/checkout@v4
- name: Test
run: bats unittests_bash
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
env:
SHELLCHECK_OPTS: -s bash
with:
scandir: './test'
ignore_paths: './test/conftest.sh ./test/selftest.sh' # for now
gitlint:
name: Run gitlint checks
if: ${{ github.event_name == 'pull_request' }} # we can test only PRs
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Install gitlint into container
run: python -m pip install gitlint
- name: Run gitlint check
run: gitlint --commits origin/${{ github.event.pull_request.base.ref }}..HEAD