Skip to content

PR Code Checks

PR Code Checks #477

name: PR Code Checks
on:
pull_request:
branches:
- "main"
- "release-*"
workflow_dispatch:
env:
GITLEAKS_VERSION: 8.18.2
jobs:
# This is a workaround to bypass the limitations of the workflow path filter:
# https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/troubleshooting-required-status-checks#handling-skipped-but-required-checks
check-changed-files:
name: Check whether any source code files have been changed
outputs:
check: ${{ steps.changed-files.outputs.any_modified }}
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.draft == false }}
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Get changed files
uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf
id: changed-files
with:
files_ignore: |
docs/**
**/*.md
OWNERS
CODEOWNERS
- name: List changed files
run: echo '${{ steps.changed-files.outputs.all_changed_files }}' >> $GITHUB_STEP_SUMMARY
setup-environment:
timeout-minutes: 30
runs-on: ubuntu-latest
needs:
- check-changed-files
if: ${{ needs.check-changed-files.outputs.check == 'true' }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Cache Go
id: go-cache
uses: actions/cache@v4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.go-cache.outputs.cache-hit != 'true'
run: make -j2 gomoddownload
- name: Install Tools
if: steps.go-cache.outputs.cache-hit != 'true'
run: make install-tools
lint:
runs-on: ubuntu-latest
needs:
- setup-environment
if: ${{ needs.check-changed-files.outputs.check == 'true' }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Cache Go
id: go-cache
uses: actions/cache@v4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.go-cache.outputs.cache-hit != 'true'
run: make -j2 gomoddownload
- name: Install Tools
if: steps.go-cache.outputs.cache-hit != 'true'
run: make install-tools
- name: Cache Lint Build
uses: actions/cache@v4
with:
path: ~/.cache/go-build
key: go-lint-build-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Lint
run: make -j2 golint
checks:
runs-on: ubuntu-latest
needs:
- setup-environment
if: ${{ needs.check-changed-files.outputs.check == 'true' }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Cache Go
id: go-cache
uses: actions/cache@v4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.go-cache.outputs.cache-hit != 'true'
run: make -j2 gomoddownload
- name: Install Tools
if: steps.go-cache.outputs.cache-hit != 'true'
run: make install-tools
- name: crosslink
run: |
make crosslink
git diff --exit-code || (echo 'Replace statements are out of date, please run "make crosslink" and commit the changes in this PR.' && exit 1)
- name: Check for go mod dependency changes
run: |
make gotidy
git diff --exit-code || (echo 'go.mod/go.sum deps changes detected, please run "make gotidy" and commit the changes in this PR.' && exit 1)
- name: CodeGen
run: |
make -j2 generate
git diff --exit-code ':!*go.sum' || (echo 'Generated code is out of date, please run "make generate" and commit the changes in this PR.' && exit 1)
unit-tests:
runs-on: ubuntu-latest
needs:
- setup-environment
if: ${{ needs.check-changed-files.outputs.check == 'true' }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Cache Go
id: go-cache
uses: actions/cache@v4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.go-cache.outputs.cache-hit != 'true'
run: make -j2 gomoddownload
- name: Install Tools
if: steps.go-cache.outputs.cache-hit != 'true'
run: make install-tools
- name: Cache Test Build
uses: actions/cache@v4
with:
path: ~/.cache/go-build
key: go-test-build-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Run Unit Tests
run: make gotest
coverage:
runs-on: ubuntu-latest
needs:
- setup-environment
if: ${{ needs.check-changed-files.outputs.check == 'true' }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Cache Go
id: go-cache
uses: actions/cache@v4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.go-cache.outputs.cache-hit != 'true'
run: make -j2 gomoddownload
- name: Install Tools
if: steps.go-cache.outputs.cache-hit != 'true'
run: make install-tools
- name: Cache Coverage Build
uses: actions/cache@v4
with:
path: ~/.cache/go-build
key: go-test-coverage-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Run coverage check
run: make check-coverage
build:
runs-on: ubuntu-latest
needs:
- unit-tests
- lint
if: ${{ needs.check-changed-files.outputs.check == 'true' }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Cache Go
id: go-cache
uses: actions/cache@v4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.go-cache.outputs.cache-hit != 'true'
run: make -j2 gomoddownload
- name: Install Tools
if: steps.go-cache.outputs.cache-hit != 'true'
run: make install-tools
- name: Build Collector
run: make otelkymacol
gitleaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Fetch gitleaks ${{ env.GITLEAKS_VERSION }}
run: curl -Lso gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v${{ env.GITLEAKS_VERSION }}/gitleaks_${{ env.GITLEAKS_VERSION }}_linux_x64.tar.gz && tar -xvzf ./gitleaks.tar.gz
- name: Run gitleaks
# Scan commits between base and head of the pull request
run: ./gitleaks detect --log-opts=${PULL_BASE_SHA}...${PULL_HEAD_SHA} --verbose --redact
env:
PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
PULL_HEAD_SHA: ${{ github.event.pull_request.head.sha }}