-
Notifications
You must be signed in to change notification settings - Fork 193
162 lines (144 loc) · 5.08 KB
/
linting.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
---
name: Linting
on:
pull_request:
permissions: {}
jobs:
apply-suggestions-commits:
name: 'No "Apply suggestions from code review" Commits'
runs-on: ubuntu-latest
steps:
- name: Get PR commits
id: 'get-pr-commits'
uses: tim-actions/get-pr-commits@3efc1387ead42029a0d488ab98f24b7452dc3cde
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Verify no "Apply suggestions from code review" commits'
uses: tim-actions/commit-message-checker-with-regex@e16b08b1a7f5cafeb1f8167de05bf1d40239eb5d
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}
pattern: '^(?!.*(apply suggestions from code review))'
flags: 'i'
error: 'Commits addressing code review feedback should typically be squashed into the commits under review'
- name: 'Verify no "fixup!" commits'
uses: tim-actions/commit-message-checker-with-regex@e16b08b1a7f5cafeb1f8167de05bf1d40239eb5d
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}
pattern: '^(?!fixup!)'
flags: 'i'
error: 'Fixup commits should be squashed into the commits under review'
code-gen:
name: Submariner K8s API Code Generation
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run codegen
run: make codegen
- name: Ignore go.sum changes
run: git checkout go.sum
- name: Verify generated code matches committed code
run: git add -A && git diff --staged --exit-code
proto-gen:
name: Protobuf Code Generation
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Recreate Protobuf files
run: find pkg -name '*.pb.go' -delete -exec make {} \;
- name: Ignore go.sum changes
run: git checkout go.sum
- name: Verify generated code matches committed code
run: git add -A && git diff -I'^//' --staged --exit-code
gitlint:
name: Commit Message(s)
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
with:
fetch-depth: 0
- name: Run gitlint
run: make gitlint
golangci-lint:
name: Go
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run golangci-lint
run: make golangci-lint
licenses:
name: Dependency Licenses
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Check the licenses
run: make licensecheck
markdown-link-check:
name: Markdown Links (modified files)
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run markdown-link-check
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec
with:
config-file: ".markdownlinkcheck.json"
check-modified-files-only: "yes"
base-branch: ${{ github.base_ref }}
markdownlint:
name: Markdown
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run markdownlint
run: make markdownlint
packagedoc-lint:
name: Package Documentation
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run packagedoc-lint
run: make packagedoc-lint
shellcheck:
name: Shell
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run shellcheck
run: make shellcheck
vulnerability-scan:
name: Vulnerability Scanning
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run Anchore vulnerability scanner
uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4
id: scan
with:
path: "."
fail-build: true
severity-cutoff: negligible
- name: Show Anchore scan SARIF report
if: always()
run: cat ${{ steps.scan.outputs.sarif }}
- name: Upload Anchore scan SARIF report
if: always()
uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
yaml-lint:
name: YAML
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run yamllint
run: make yamllint