PR Code Checks #478
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Code Checks | |
on: | |
pull_request: | |
branches: | |
- "main" | |
- "release-*" | |
workflow_dispatch: | |
env: | |
GITLEAKS_VERSION: 8.18.2 | |
jobs: | |
# This is a workaround to bypass the limitations of the workflow path filter: | |
# https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/troubleshooting-required-status-checks#handling-skipped-but-required-checks | |
check-changed-files: | |
name: Check whether any source code files have been changed | |
outputs: | |
check: ${{ steps.changed-files.outputs.any_modified }} | |
runs-on: ubuntu-latest | |
if: ${{ github.event.pull_request.draft == false }} | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Get changed files | |
uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf | |
id: changed-files | |
with: | |
files_ignore: | | |
docs/** | |
**/*.md | |
OWNERS | |
CODEOWNERS | |
- name: List changed files | |
run: echo '${{ steps.changed-files.outputs.all_changed_files }}' >> $GITHUB_STEP_SUMMARY | |
setup-environment: | |
timeout-minutes: 30 | |
runs-on: ubuntu-latest | |
needs: | |
- check-changed-files | |
if: ${{ needs.check-changed-files.outputs.check == 'true' }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Cache Go | |
id: go-cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/go/bin | |
~/go/pkg/mod | |
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Install dependencies | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make -j2 gomoddownload | |
- name: Install Tools | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make install-tools | |
lint: | |
runs-on: ubuntu-latest | |
needs: | |
- setup-environment | |
if: ${{ needs.check-changed-files.outputs.check == 'true' }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Cache Go | |
id: go-cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/go/bin | |
~/go/pkg/mod | |
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Install dependencies | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make -j2 gomoddownload | |
- name: Install Tools | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make install-tools | |
- name: Cache Lint Build | |
uses: actions/cache@v4 | |
with: | |
path: ~/.cache/go-build | |
key: go-lint-build-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Lint | |
run: make -j2 golint | |
checks: | |
runs-on: ubuntu-latest | |
needs: | |
- setup-environment | |
if: ${{ needs.check-changed-files.outputs.check == 'true' }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Cache Go | |
id: go-cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/go/bin | |
~/go/pkg/mod | |
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Install dependencies | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make -j2 gomoddownload | |
- name: Install Tools | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make install-tools | |
- name: crosslink | |
run: | | |
make crosslink | |
git diff --exit-code || (echo 'Replace statements are out of date, please run "make crosslink" and commit the changes in this PR.' && exit 1) | |
- name: Check for go mod dependency changes | |
run: | | |
make gotidy | |
git diff --exit-code || (echo 'go.mod/go.sum deps changes detected, please run "make gotidy" and commit the changes in this PR.' && exit 1) | |
- name: CodeGen | |
run: | | |
make -j2 generate | |
git diff --exit-code ':!*go.sum' || (echo 'Generated code is out of date, please run "make generate" and commit the changes in this PR.' && exit 1) | |
unit-tests: | |
runs-on: ubuntu-latest | |
needs: | |
- setup-environment | |
if: ${{ needs.check-changed-files.outputs.check == 'true' }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Cache Go | |
id: go-cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/go/bin | |
~/go/pkg/mod | |
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Install dependencies | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make -j2 gomoddownload | |
- name: Install Tools | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make install-tools | |
- name: Cache Test Build | |
uses: actions/cache@v4 | |
with: | |
path: ~/.cache/go-build | |
key: go-test-build-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Run Unit Tests | |
run: make gotest | |
coverage: | |
runs-on: ubuntu-latest | |
needs: | |
- setup-environment | |
if: ${{ needs.check-changed-files.outputs.check == 'true' }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Cache Go | |
id: go-cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/go/bin | |
~/go/pkg/mod | |
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Install dependencies | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make -j2 gomoddownload | |
- name: Install Tools | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make install-tools | |
- name: Cache Coverage Build | |
uses: actions/cache@v4 | |
with: | |
path: ~/.cache/go-build | |
key: go-test-coverage-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Run coverage check | |
run: make check-coverage | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- unit-tests | |
- lint | |
if: ${{ needs.check-changed-files.outputs.check == 'true' }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Cache Go | |
id: go-cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/go/bin | |
~/go/pkg/mod | |
key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
- name: Install dependencies | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make -j2 gomoddownload | |
- name: Install Tools | |
if: steps.go-cache.outputs.cache-hit != 'true' | |
run: make install-tools | |
- name: Build Collector | |
run: make otelkymacol | |
gitleaks: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Fetch gitleaks ${{ env.GITLEAKS_VERSION }} | |
run: curl -Lso gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v${{ env.GITLEAKS_VERSION }}/gitleaks_${{ env.GITLEAKS_VERSION }}_linux_x64.tar.gz && tar -xvzf ./gitleaks.tar.gz | |
- name: Run gitleaks | |
# Scan commits between base and head of the pull request | |
run: ./gitleaks detect --log-opts=${PULL_BASE_SHA}...${PULL_HEAD_SHA} --verbose --redact | |
env: | |
PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }} | |
PULL_HEAD_SHA: ${{ github.event.pull_request.head.sha }} |