-
Notifications
You must be signed in to change notification settings - Fork 16
130 lines (116 loc) · 4.25 KB
/
linting.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
name: Linting
on:
pull_request:
permissions: {}
jobs:
apply-suggestions-commits:
name: 'No "Apply suggestions from code review" Commits'
runs-on: ubuntu-latest
steps:
- name: Get PR commits
id: 'get-pr-commits'
uses: tim-actions/get-pr-commits@198af03565609bb4ed924d1260247b4881f09e7d
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Verify no "Apply suggestions from code review" commits'
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}
pattern: '^(?!.*(apply suggestions from code review))'
flags: 'i'
error: 'Commits addressing code review feedback should typically be squashed into the commits under review'
- name: 'Verify no "fixup!" commits'
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}
pattern: '^(?!fixup!)'
flags: 'i'
error: 'Fixup commits should be squashed into the commits under review'
code-gen:
name: Mock Code Generation
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Remove generated files
run: rm -f pkg/aws/client/fake/client.go pkg/gcp/client/fake/client.go pkg/ocp/fake/machineset.go
- name: Run code generation
run: make pkg/aws/client/fake/client.go pkg/gcp/client/fake/client.go pkg/ocp/fake/machineset.go
- name: Verify generated code matches committed code
run: git add -A && git diff --staged --exit-code
gitlint:
name: Commit Message(s)
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
with:
fetch-depth: 0
- name: Run gitlint
run: make gitlint
golangci-lint:
name: Go
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Run golangci-lint
run: make golangci-lint
markdown-link-check:
name: Markdown Links (modified files)
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Run markdown-link-check
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec
with:
config-file: ".markdownlinkcheck.json"
check-modified-files-only: "yes"
base-branch: ${{ github.base_ref }}
markdownlint:
name: Markdown
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Run markdownlint
run: make markdownlint
packagedoc-lint:
name: Package Documentation
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Run packagedoc-lint
run: make packagedoc-lint
vulnerability-scan:
name: Vulnerability Scanning
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Run Anchore vulnerability scanner
uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5
id: scan
with:
path: "."
fail-build: true
severity-cutoff: high
- name: Show Anchore scan SARIF report
if: always()
run: cat ${{ steps.scan.outputs.sarif }}
- name: Upload Anchore scan SARIF report
if: always()
uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
yaml-lint:
name: YAML
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Run yamllint
run: make yamllint