Bump actions/dependency-review-action from 3.0.6 to 3.1.0 #407
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Go-static-analysis | |
| on: [push, pull_request] | |
| jobs: | |
| golangci: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: remove deployer container from dockerfile | |
| run: sed -ie '/End of builder/,+5d' ./docker/userspacecni/Dockerfile | |
| - name: Build the Docker image | |
| run: docker build . -f ./docker/userspacecni/Dockerfile -t userspacecni:latest | |
| - name: run container | |
| run: docker run --name userspacecni -itd userspacecni:latest bash | |
| - name: docker copy generated bin api files | |
| run: docker cp userspacecni:/root/userspace-cni-network-plugin/cnivpp ./ | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 | |
| with: | |
| # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. | |
| version: v1.52.2 | |
| args: --timeout=20m | |
| shellcheck: | |
| name: Shellcheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Run ShellCheck | |
| uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # master | |
| hadolint: | |
| runs-on: ubuntu-latest | |
| name: Hadolint | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
| - uses: hadolint/[email protected] | |
| name: Run Hadolint | |
| with: | |
| dockerfile: ./docker/userspacecni/Dockerfile | |
| ignore: DL3008,DL3059 | |
| go-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 | |
| - name: remove deployer container from dockerfile | |
| run: sed -ie '/End of builder/,+5d' ./docker/userspacecni/Dockerfile | |
| - name: Build the Docker image | |
| run: docker build . -f ./docker/userspacecni/Dockerfile -t userspacecni:latest | |
| - name: run container | |
| run: docker run --name userspacecni -itd userspacecni:latest bash | |
| - name: docker copy generated bin api files | |
| run: docker cp userspacecni:/root/userspace-cni-network-plugin/cnivpp ./ | |
| - name: Set up Go | |
| uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
| with: | |
| go-version: 1.20.1 | |
| - name: checkout dockerfile to avoid false diff | |
| run: git checkout ./docker/userspacecni/Dockerfile | |
| # if this fails, run go mod tidy | |
| - name: Check if module files are consistent with code | |
| run: go mod tidy && go get go.fd.io/govpp/binapigen/[email protected] && git diff --exit-code #need package for bin api but not working with tidy | |
| # if this fails, run go mod vendor | |
| - name: Check if vendor directory is consistent with go modules | |
| run: go mod vendor && git diff --exit-code |