mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-29 01:21:05 -05:00
Fix issues in the build workflow (#3357)
* Fix issues in the build workflow * Don't build the image when running trivy * Move the alpine glibc package key in the repo * Move the alpine glibc package key in the repo * Update labels * Pull and tag
This commit is contained in:
parent
e4f768397e
commit
23e8ced872
7 changed files with 62 additions and 306 deletions
138
.github/workflows/deploy-production.yml
vendored
138
.github/workflows/deploy-production.yml
vendored
|
@ -1,31 +1,13 @@
|
||||||
---
|
---
|
||||||
#############################################
|
name: Build, test, and eventually deploy super-linter container images
|
||||||
#############################################
|
|
||||||
## Deploy Docker Image test and Production ##
|
|
||||||
#############################################
|
|
||||||
#############################################
|
|
||||||
|
|
||||||
#
|
|
||||||
# Documentation:
|
|
||||||
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
|
|
||||||
#
|
|
||||||
|
|
||||||
name: Deploy Production
|
|
||||||
###########################################
|
|
||||||
# Start the job on all push or PR to main #
|
|
||||||
###########################################
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request:
|
||||||
push:
|
push:
|
||||||
|
|
||||||
###############
|
|
||||||
# Set the Job #
|
|
||||||
###############
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
# Name the Job
|
name: Build, test, and eventually push the container image
|
||||||
name: Deploy Docker Image - DEV
|
|
||||||
# Set the agent to run on
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
|
@ -41,13 +23,7 @@ jobs:
|
||||||
image-id: standard
|
image-id: standard
|
||||||
timeout-minutes: 60
|
timeout-minutes: 60
|
||||||
|
|
||||||
###############
|
|
||||||
# Steps below #
|
|
||||||
###############
|
|
||||||
steps:
|
steps:
|
||||||
############################
|
|
||||||
# Checkout the source code #
|
|
||||||
############################
|
|
||||||
- name: Checkout Code
|
- name: Checkout Code
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
|
@ -55,23 +31,14 @@ jobs:
|
||||||
# of changed files within `super-linter`
|
# of changed files within `super-linter`
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
###########################
|
- name: Get current date and make it available as an environment variable
|
||||||
# Set current date to ENV #
|
|
||||||
###########################
|
|
||||||
- name: Get current date
|
|
||||||
run: |
|
run: |
|
||||||
echo "Appending the build date contents to GITHUB_ENV..."
|
echo "Appending the build date contents to GITHUB_ENV..."
|
||||||
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}"
|
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}"
|
||||||
|
|
||||||
#######################
|
- name: Setup Docker BuildX
|
||||||
# Setup Docker BuildX #
|
|
||||||
#######################
|
|
||||||
- name: Setup BuildX
|
|
||||||
uses: docker/setup-buildx-action@v2.0.0
|
uses: docker/setup-buildx-action@v2.0.0
|
||||||
|
|
||||||
#######################################
|
|
||||||
# Build local docker images for tests #
|
|
||||||
#######################################
|
|
||||||
- name: Build Docker image - ${{ matrix.images.image-id }}
|
- name: Build Docker image - ${{ matrix.images.image-id }}
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
uses: docker/build-push-action@v3.1.1
|
uses: docker/build-push-action@v3.1.1
|
||||||
|
@ -89,25 +56,16 @@ jobs:
|
||||||
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}test
|
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}test
|
||||||
target: "${{ matrix.images.container-build-target }}"
|
target: "${{ matrix.images.container-build-target }}"
|
||||||
|
|
||||||
################################
|
- name: Run container image label test cases
|
||||||
# Run local docker labels test #
|
|
||||||
################################
|
|
||||||
- name: Run Docker label test cases
|
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
shell: bash
|
shell: bash
|
||||||
run: .automation/validate-docker-labels.sh "${{ matrix.images.image-id }}"
|
run: .automation/validate-docker-labels.sh "${{ matrix.images.image-id }}"
|
||||||
|
|
||||||
#######################################
|
|
||||||
# Edit the action.yml for local tests #
|
|
||||||
#######################################
|
|
||||||
- name: Edit an action.yml file for test local build
|
- name: Edit an action.yml file for test local build
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
run: |
|
run: |
|
||||||
sed -i "s/super-linter:.*/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}'/g" action.yml
|
sed -i "s/super-linter:.*/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}'/g" action.yml
|
||||||
|
|
||||||
######################
|
|
||||||
# Gather information #
|
|
||||||
######################
|
|
||||||
- name: Gather information about the runtime environment
|
- name: Gather information about the runtime environment
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
shell: bash
|
shell: bash
|
||||||
|
@ -129,29 +87,19 @@ jobs:
|
||||||
DEFAULT_BRANCH: main
|
DEFAULT_BRANCH: main
|
||||||
LOCAL_UPDATES: true
|
LOCAL_UPDATES: true
|
||||||
|
|
||||||
|
# Workaround for https://github.com/actions/runner/issues/434
|
||||||
###############################################################
|
|
||||||
# Fix file and dir ownership. #
|
|
||||||
# Workaround for https://github.com/actions/runner/issues/434 #
|
|
||||||
###############################################################
|
|
||||||
- name: Fix file and directory ownership
|
- name: Fix file and directory ownership
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
sudo chown -R "$(id -u)":"$(id -g)" "$(pwd)"
|
sudo chown -R "$(id -u)":"$(id -g)" "$(pwd)"
|
||||||
|
|
||||||
########################
|
|
||||||
# Run local make tests #
|
|
||||||
########################
|
|
||||||
- name: Run the test suite
|
- name: Run the test suite
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
make IMAGE=${{ matrix.images.image-id }} test
|
make IMAGE=${{ matrix.images.image-id }} test
|
||||||
|
|
||||||
##########################
|
|
||||||
# Codacy Coverage Report #
|
|
||||||
##########################
|
|
||||||
- name: Upload the code coverage report
|
- name: Upload the code coverage report
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
uses: codacy/codacy-coverage-reporter-action@v1.1
|
uses: codacy/codacy-coverage-reporter-action@v1.1
|
||||||
|
@ -161,10 +109,7 @@ jobs:
|
||||||
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
|
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
|
||||||
coverage-reports: test/reports/cobertura/runTests.sh/cobertura.xml
|
coverage-reports: test/reports/cobertura/runTests.sh/cobertura.xml
|
||||||
|
|
||||||
#####################################
|
- name: Run test cases - ${{ matrix.images.image-id }}
|
||||||
# Run Linter against Test code base #
|
|
||||||
#####################################
|
|
||||||
- name: Run Test Cases - ${{ matrix.images.image-id }}
|
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
|
@ -177,17 +122,11 @@ jobs:
|
||||||
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
|
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
|
||||||
"ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}"
|
"ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}"
|
||||||
|
|
||||||
#########################################
|
- name: Clean the working directory for additional testing
|
||||||
# Clean code base to run against it all #
|
|
||||||
#########################################
|
|
||||||
- name: Clean Test code base for additional testing
|
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
shell: bash
|
shell: bash
|
||||||
run: .automation/clean-code-base-for-tests.sh
|
run: .automation/clean-code-base-for-tests.sh
|
||||||
|
|
||||||
############################################
|
|
||||||
# Run Linter against ALL cleaned code base #
|
|
||||||
############################################
|
|
||||||
- name: Run against all code base - ${{ matrix.images.image-id }}
|
- name: Run against all code base - ${{ matrix.images.image-id }}
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
|
||||||
shell: bash
|
shell: bash
|
||||||
|
@ -200,26 +139,13 @@ jobs:
|
||||||
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
|
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
|
||||||
"ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}"
|
"ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}"
|
||||||
|
|
||||||
#############################################################
|
- name: Login to Docker Hub
|
||||||
#############################################################
|
|
||||||
## The following steps are only run if the PR is merges ##
|
|
||||||
## into the 'main' branch and push the image to registries ##
|
|
||||||
#############################################################
|
|
||||||
#############################################################
|
|
||||||
|
|
||||||
######################
|
|
||||||
# Login to DockerHub #
|
|
||||||
######################
|
|
||||||
- name: Login to DockerHub
|
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
||||||
uses: docker/login-action@v2.0.0
|
uses: docker/login-action@v2.0.0
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKER_USERNAME }}
|
username: ${{ secrets.DOCKER_USERNAME }}
|
||||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||||
|
|
||||||
####################
|
|
||||||
# Login to GHCR.io #
|
|
||||||
####################
|
|
||||||
- name: Login to GitHub Container Registry
|
- name: Login to GitHub Container Registry
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
||||||
uses: docker/login-action@v2.0.0
|
uses: docker/login-action@v2.0.0
|
||||||
|
@ -228,10 +154,7 @@ jobs:
|
||||||
username: ${{ secrets.GCR_USERNAME }}
|
username: ${{ secrets.GCR_USERNAME }}
|
||||||
password: ${{ secrets.GCR_TOKEN }}
|
password: ${{ secrets.GCR_TOKEN }}
|
||||||
|
|
||||||
#########################
|
- name: Start the deployment for the ${{ matrix.images.deployment-environment-identifier }} environment
|
||||||
# Update deployment API #
|
|
||||||
#########################
|
|
||||||
- name: Start deployment
|
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
||||||
uses: bobheadxi/deployments@v1.3.0
|
uses: bobheadxi/deployments@v1.3.0
|
||||||
id: deployment
|
id: deployment
|
||||||
|
@ -240,10 +163,7 @@ jobs:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
env: ${{ matrix.images.deployment-environment-identifier }}
|
env: ${{ matrix.images.deployment-environment-identifier }}
|
||||||
|
|
||||||
######################################
|
- name: Build the container image and push it - ${{ matrix.images.image-id }}
|
||||||
# Build the docker image and push it #
|
|
||||||
######################################
|
|
||||||
- name: Build Docker image - ${{ matrix.images.image-id }}
|
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
||||||
uses: docker/build-push-action@v3.1.1
|
uses: docker/build-push-action@v3.1.1
|
||||||
with:
|
with:
|
||||||
|
@ -260,10 +180,18 @@ jobs:
|
||||||
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}latest
|
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}latest
|
||||||
target: "${{ matrix.images.container-build-target }}"
|
target: "${{ matrix.images.container-build-target }}"
|
||||||
|
|
||||||
#######################################################
|
- name: Update the deployment status for the ${{ matrix.images.deployment-environment-identifier }} environment
|
||||||
# Create a GitHub Issue with the info from this build #
|
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
||||||
#######################################################
|
uses: bobheadxi/deployments@v1.3.0
|
||||||
- name: Create GitHub Issue for failure
|
with:
|
||||||
|
step: finish
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
status: ${{ job.status }}
|
||||||
|
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
|
||||||
|
env: ${{ steps.deployment.outputs.env }}
|
||||||
|
env_url: https://github.com/github/super-linter
|
||||||
|
|
||||||
|
- name: Create a GitHub issue on failure
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' && failure() }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' && failure() }}
|
||||||
uses: actions/github-script@v6
|
uses: actions/github-script@v6
|
||||||
id: create-issue
|
id: create-issue
|
||||||
|
@ -280,14 +208,10 @@ jobs:
|
||||||
console.log('create', create)
|
console.log('create', create)
|
||||||
return create.data.number
|
return create.data.number
|
||||||
|
|
||||||
####################################
|
- name: Assign admins to the issue created on failure
|
||||||
# Deploy was failure, alert admins #
|
|
||||||
####################################
|
|
||||||
- name: Assign Admins on failure
|
|
||||||
uses: actions/github-script@v6
|
uses: actions/github-script@v6
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' && failure() }}
|
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' && failure() }}
|
||||||
with:
|
with:
|
||||||
# https://octokit.github.io/rest.js/v18#issues-create
|
|
||||||
github-token: ${{secrets.GITHUB_TOKEN}}
|
github-token: ${{secrets.GITHUB_TOKEN}}
|
||||||
script: |
|
script: |
|
||||||
github.rest.issues.addAssignees({
|
github.rest.issues.addAssignees({
|
||||||
|
@ -304,17 +228,3 @@ jobs:
|
||||||
'ferrarimarco'
|
'ferrarimarco'
|
||||||
]
|
]
|
||||||
})
|
})
|
||||||
|
|
||||||
#########################
|
|
||||||
# Update Deployment API #
|
|
||||||
#########################
|
|
||||||
- name: Update deployment status
|
|
||||||
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
|
|
||||||
uses: bobheadxi/deployments@v1.3.0
|
|
||||||
with:
|
|
||||||
step: finish
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
status: ${{ job.status }}
|
|
||||||
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
|
|
||||||
env: ${{ steps.deployment.outputs.env }}
|
|
||||||
env_url: https://github.com/github/super-linter
|
|
||||||
|
|
108
.github/workflows/deploy-release.yml
vendored
108
.github/workflows/deploy-release.yml
vendored
|
@ -1,89 +1,40 @@
|
||||||
---
|
---
|
||||||
#################################
|
name: Deploy super-linter release container images
|
||||||
#################################
|
|
||||||
## Deploy Docker Image Release ##
|
|
||||||
#################################
|
|
||||||
#################################
|
|
||||||
|
|
||||||
#
|
|
||||||
# Documentation:
|
|
||||||
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
|
|
||||||
#
|
|
||||||
name: Deploy Release
|
|
||||||
###########################################
|
|
||||||
# Start the job upon publishing a release #
|
|
||||||
###########################################
|
|
||||||
on:
|
on:
|
||||||
# Start when a release is published
|
|
||||||
release:
|
release:
|
||||||
types: [published]
|
types: [published]
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
# Set the input variables you want to pull in
|
|
||||||
inputs:
|
inputs:
|
||||||
release_version:
|
release_version:
|
||||||
description: 'version to release. Ex: v4.3.2'
|
description: 'version to release. Ex: v4.3.2'
|
||||||
required: true
|
required: true
|
||||||
default: 'v'
|
default: 'v'
|
||||||
|
|
||||||
###############
|
|
||||||
# Set the Job #
|
|
||||||
###############
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
# Name the Job
|
name: Deploy container image - Release
|
||||||
name: Deploy Docker Image - Release
|
|
||||||
# Set the agent to run on
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
images:
|
images:
|
||||||
- container-build-target: final_slim
|
- container-image-id-prefix: slim-
|
||||||
container-image-id-prefix: slim-
|
|
||||||
deployment-environment-identifier: Release-SLIM
|
deployment-environment-identifier: Release-SLIM
|
||||||
image-id: slim
|
- container-image-id-prefix: ""
|
||||||
- container-build-target: final_standard
|
|
||||||
container-image-id-prefix: ""
|
|
||||||
deployment-environment-identifier: Release
|
deployment-environment-identifier: Release
|
||||||
image-id: standard
|
|
||||||
timeout-minutes: 60
|
timeout-minutes: 60
|
||||||
|
|
||||||
###############
|
|
||||||
# Steps below #
|
|
||||||
###############
|
|
||||||
steps:
|
steps:
|
||||||
############################
|
- name: Setup Docker BuildX
|
||||||
# Checkout the source code #
|
|
||||||
############################
|
|
||||||
- name: Checkout Code
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
###########################
|
|
||||||
# Set current date to ENV #
|
|
||||||
###########################
|
|
||||||
- name: Get current date
|
|
||||||
run: |
|
|
||||||
echo "Appending the build date contents to GITHUB_ENV..."
|
|
||||||
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}"
|
|
||||||
|
|
||||||
#######################
|
|
||||||
# Setup Docker BuildX #
|
|
||||||
#######################
|
|
||||||
- name: Setup BuildX
|
|
||||||
uses: docker/setup-buildx-action@v2.0.0
|
uses: docker/setup-buildx-action@v2.0.0
|
||||||
|
|
||||||
######################
|
|
||||||
# Login to DockerHub #
|
|
||||||
######################
|
|
||||||
- name: Login to DockerHub
|
- name: Login to DockerHub
|
||||||
uses: docker/login-action@v2.0.0
|
uses: docker/login-action@v2.0.0
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKER_USERNAME }}
|
username: ${{ secrets.DOCKER_USERNAME }}
|
||||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||||
|
|
||||||
####################
|
|
||||||
# Login to GHCR.io #
|
|
||||||
####################
|
|
||||||
- name: Login to GitHub Container Registry
|
- name: Login to GitHub Container Registry
|
||||||
uses: docker/login-action@v2.0.0
|
uses: docker/login-action@v2.0.0
|
||||||
with:
|
with:
|
||||||
|
@ -91,10 +42,7 @@ jobs:
|
||||||
username: ${{ secrets.GCR_USERNAME }}
|
username: ${{ secrets.GCR_USERNAME }}
|
||||||
password: ${{ secrets.GCR_TOKEN }}
|
password: ${{ secrets.GCR_TOKEN }}
|
||||||
|
|
||||||
###########################
|
- name: Get current release identifier
|
||||||
# Get the current release #
|
|
||||||
###########################
|
|
||||||
- name: Get current Release number
|
|
||||||
# shellcheck disable=SC2062
|
# shellcheck disable=SC2062
|
||||||
run: |
|
run: |
|
||||||
echo "RELEASE_VERSION=$(echo ${{ github.event.release.name }} \
|
echo "RELEASE_VERSION=$(echo ${{ github.event.release.name }} \
|
||||||
|
@ -106,10 +54,7 @@ jobs:
|
||||||
>> "${GITHUB_ENV}"
|
>> "${GITHUB_ENV}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#########################
|
- name: Start deployment for the ${{ matrix.images.deployment-environment-identifier }} environment
|
||||||
# Update deployment API #
|
|
||||||
#########################
|
|
||||||
- name: Start deployment
|
|
||||||
uses: bobheadxi/deployments@v1.3.0
|
uses: bobheadxi/deployments@v1.3.0
|
||||||
id: deployment
|
id: deployment
|
||||||
with:
|
with:
|
||||||
|
@ -117,33 +62,19 @@ jobs:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
env: ${{ matrix.images.deployment-environment-identifier }}
|
env: ${{ matrix.images.deployment-environment-identifier }}
|
||||||
|
|
||||||
######################################
|
# We don't rebuild the image to avoid that the latest tag and the release tags don't point to what the release tag is pointing to.
|
||||||
# Build the docker image and push it #
|
# Instead, we pull the latest image and tag it.
|
||||||
######################################
|
- name: Add release tags and push image
|
||||||
- name: Build Docker image - ${{ matrix.images.image-id }}
|
uses: akhilerm/tag-push-action@v2.0.0
|
||||||
uses: docker/build-push-action@v3.1.1
|
|
||||||
with:
|
with:
|
||||||
context: .
|
src: ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}latest
|
||||||
file: ./Dockerfile
|
dst: |
|
||||||
build-args: |
|
|
||||||
BUILD_DATE=${{ env.BUILD_DATE }}
|
|
||||||
BUILD_REVISION=${{ github.sha }}
|
|
||||||
BUILD_VERSION=${{ github.sha }}
|
|
||||||
load: false
|
|
||||||
push: true
|
|
||||||
tags: |
|
|
||||||
github/super-linter:${{ matrix.images.container-image-id-prefix }}latest
|
|
||||||
github/super-linter:${{ matrix.images.container-image-id-prefix }}v4
|
github/super-linter:${{ matrix.images.container-image-id-prefix }}v4
|
||||||
github/super-linter:${{ matrix.images.container-image-id-prefix }}${{ env.RELEASE_VERSION }}
|
github/super-linter:${{ matrix.images.container-image-id-prefix }}${{ env.RELEASE_VERSION }}
|
||||||
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}latest
|
|
||||||
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}v4
|
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}v4
|
||||||
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${{ env.RELEASE_VERSION }}
|
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${{ env.RELEASE_VERSION }}
|
||||||
target: "${{ matrix.images.container-build-target }}"
|
|
||||||
|
|
||||||
#########################
|
- name: Update the deployment status for the ${{ matrix.images.deployment-environment-identifier }} environment
|
||||||
# Update Deployment API #
|
|
||||||
#########################
|
|
||||||
- name: Update deployment status
|
|
||||||
uses: bobheadxi/deployments@v1.3.0
|
uses: bobheadxi/deployments@v1.3.0
|
||||||
if: always()
|
if: always()
|
||||||
with:
|
with:
|
||||||
|
@ -154,10 +85,7 @@ jobs:
|
||||||
env: ${{ steps.deployment.outputs.env }}
|
env: ${{ steps.deployment.outputs.env }}
|
||||||
env_url: https://github.com/github/super-linter/releases/tag/${{ env.RELEASE_VERSION }}
|
env_url: https://github.com/github/super-linter/releases/tag/${{ env.RELEASE_VERSION }}
|
||||||
|
|
||||||
#######################################################
|
- name: Create a GitHub issue on failure
|
||||||
# Create a GitHub Issue with the info from this build #
|
|
||||||
#######################################################
|
|
||||||
- name: Create GitHub Issue for failure
|
|
||||||
if: failure()
|
if: failure()
|
||||||
uses: actions/github-script@v6
|
uses: actions/github-script@v6
|
||||||
id: create-issue
|
id: create-issue
|
||||||
|
@ -174,14 +102,10 @@ jobs:
|
||||||
console.log('create', create)
|
console.log('create', create)
|
||||||
return create.data.number
|
return create.data.number
|
||||||
|
|
||||||
############################
|
- name: Assign admins to the issue created on failure
|
||||||
# Assign admins on failure #
|
|
||||||
############################
|
|
||||||
- name: Assign Admins on failure
|
|
||||||
uses: actions/github-script@v6
|
uses: actions/github-script@v6
|
||||||
if: failure()
|
if: failure()
|
||||||
with:
|
with:
|
||||||
# https://octokit.github.io/rest.js/v18#issues-create
|
|
||||||
github-token: ${{secrets.GITHUB_TOKEN}}
|
github-token: ${{secrets.GITHUB_TOKEN}}
|
||||||
script: |
|
script: |
|
||||||
github.rest.issues.addAssignees({
|
github.rest.issues.addAssignees({
|
||||||
|
|
71
.github/workflows/repo-visualization.yml
vendored
71
.github/workflows/repo-visualization.yml
vendored
|
@ -1,71 +0,0 @@
|
||||||
---
|
|
||||||
##############################
|
|
||||||
##############################
|
|
||||||
## Repository Visualization ##
|
|
||||||
##############################
|
|
||||||
##############################
|
|
||||||
|
|
||||||
#
|
|
||||||
# Documentation:
|
|
||||||
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
|
|
||||||
#
|
|
||||||
|
|
||||||
name: Repository Visualization
|
|
||||||
###########################################
|
|
||||||
# Start the job on all push or PR to main #
|
|
||||||
###########################################
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
# Sunday at 5:00pm
|
|
||||||
- cron: "0 17 * * 0"
|
|
||||||
|
|
||||||
###############
|
|
||||||
# Set the Job #
|
|
||||||
###############
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
# Name the Job
|
|
||||||
name: Repository Visualization
|
|
||||||
# Set the agent to run on
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
timeout-minutes: 60
|
|
||||||
|
|
||||||
###############
|
|
||||||
# Steps below #
|
|
||||||
###############
|
|
||||||
steps:
|
|
||||||
############################
|
|
||||||
# Checkout the source code #
|
|
||||||
############################
|
|
||||||
- name: Checkout Code
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
##############################
|
|
||||||
# Create Visualization Files #
|
|
||||||
##############################
|
|
||||||
- name: Create Visualization
|
|
||||||
uses: githubocto/repo-visualizer@0.8.2
|
|
||||||
with:
|
|
||||||
output_file: "./diagram.svg"
|
|
||||||
should_push: false
|
|
||||||
|
|
||||||
###########################
|
|
||||||
# Configure the AWS creds #
|
|
||||||
###########################
|
|
||||||
- name: Configure AWS Credentials
|
|
||||||
if: success()
|
|
||||||
uses: aws-actions/configure-aws-credentials@v1
|
|
||||||
with:
|
|
||||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
|
|
||||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
|
|
||||||
aws-region: ${{ secrets.AWS_REGION }}
|
|
||||||
|
|
||||||
############################
|
|
||||||
# Push the image to aws s3 #
|
|
||||||
############################
|
|
||||||
- name: Push diagram to s3
|
|
||||||
if: success()
|
|
||||||
run: aws s3 cp diagram.svg s3://super-linter/diagram.svg
|
|
8
.github/workflows/trivy.yml
vendored
8
.github/workflows/trivy.yml
vendored
|
@ -24,13 +24,6 @@ jobs:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
# ##########################
|
|
||||||
# # Build the docker image #
|
|
||||||
# ##########################
|
|
||||||
- name: Build an image from Dockerfile
|
|
||||||
run: |
|
|
||||||
docker build -t "docker.io/github/super-linter:${{ github.sha }}" .
|
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
# Run Trivy Scan of source code #
|
# Run Trivy Scan of source code #
|
||||||
#################################
|
#################################
|
||||||
|
@ -48,6 +41,5 @@ jobs:
|
||||||
#################################
|
#################################
|
||||||
- name: Upload Trivy scan results to GitHub Security tab
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v2
|
||||||
if: always()
|
|
||||||
with:
|
with:
|
||||||
sarif_file: 'report.sarif'
|
sarif_file: 'report.sarif'
|
||||||
|
|
18
Dockerfile
18
Dockerfile
|
@ -207,6 +207,10 @@ RUN mkdir -p /home/r-library \
|
||||||
&& Rscript -e "install.packages(c('lintr','purrr'), repos = 'https://cloud.r-project.org/')" \
|
&& Rscript -e "install.packages(c('lintr','purrr'), repos = 'https://cloud.r-project.org/')" \
|
||||||
&& R -e "install.packages(list.dirs('/home/r-library',recursive = FALSE), repos = NULL, type = 'source')"
|
&& R -e "install.packages(list.dirs('/home/r-library',recursive = FALSE), repos = NULL, type = 'source')"
|
||||||
|
|
||||||
|
# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
|
||||||
|
# Store the key here because the above host is sometimes down, and breaks our builds
|
||||||
|
COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
|
||||||
|
|
||||||
###################
|
###################
|
||||||
# Install Kubeval #
|
# Install Kubeval #
|
||||||
###################
|
###################
|
||||||
|
@ -214,9 +218,9 @@ RUN wget --tries=5 -q -O kubeval-linux-amd64.tar.gz https://github.com/instrumen
|
||||||
&& tar xf kubeval-linux-amd64.tar.gz \
|
&& tar xf kubeval-linux-amd64.tar.gz \
|
||||||
&& mv kubeval /usr/local/bin \
|
&& mv kubeval /usr/local/bin \
|
||||||
&& rm kubeval-linux-amd64.tar.gz \
|
&& rm kubeval-linux-amd64.tar.gz \
|
||||||
##################
|
##################
|
||||||
# Install ktlint #
|
# Install ktlint #
|
||||||
##################
|
##################
|
||||||
&& curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/releases/latest/download/ktlint \
|
&& curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/releases/latest/download/ktlint \
|
||||||
&& chmod a+x ktlint \
|
&& chmod a+x ktlint \
|
||||||
&& mv "ktlint" /usr/bin/ \
|
&& mv "ktlint" /usr/bin/ \
|
||||||
|
@ -225,7 +229,6 @@ RUN wget --tries=5 -q -O kubeval-linux-amd64.tar.gz https://github.com/instrumen
|
||||||
####################
|
####################
|
||||||
# Install dart-sdk #
|
# Install dart-sdk #
|
||||||
####################
|
####################
|
||||||
&& wget --tries=5 -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub \
|
|
||||||
&& wget --tries=5 -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
|
&& wget --tries=5 -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
|
||||||
&& apk add --no-cache glibc-${GLIBC_VERSION}.apk \
|
&& apk add --no-cache glibc-${GLIBC_VERSION}.apk \
|
||||||
&& rm glibc-${GLIBC_VERSION}.apk \
|
&& rm glibc-${GLIBC_VERSION}.apk \
|
||||||
|
@ -329,11 +332,14 @@ ENV BUILD_REVISION=$BUILD_REVISION
|
||||||
ENV BUILD_VERSION=$BUILD_VERSION
|
ENV BUILD_VERSION=$BUILD_VERSION
|
||||||
ENV IMAGE="slim"
|
ENV IMAGE="slim"
|
||||||
|
|
||||||
|
# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
|
||||||
|
# Store the key here because the above host is sometimes down, and breaks our builds
|
||||||
|
COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
|
||||||
|
|
||||||
######################################
|
######################################
|
||||||
# Install Phive dependencies and git #
|
# Install Phive dependencies and git #
|
||||||
######################################
|
######################################
|
||||||
RUN wget --tries=5 -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub \
|
RUN wget --tries=5 -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
|
||||||
&& wget --tries=5 -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
|
|
||||||
&& apk add --no-cache \
|
&& apk add --no-cache \
|
||||||
bash \
|
bash \
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
|
|
14
README.md
14
README.md
|
@ -48,10 +48,6 @@ The super-linter finds issues and reports them to the console output. Fixes are
|
||||||
|
|
||||||
The design of the **Super-Linter** is currently to allow linting to occur in **GitHub Actions** as a part of continuous integration occurring on pull requests as the commits get pushed. It works best when commits are being pushed early and often to a branch with an open or draft pull request. There is some desire to move this closer to local development for faster feedback on linting errors but this is not yet supported.
|
The design of the **Super-Linter** is currently to allow linting to occur in **GitHub Actions** as a part of continuous integration occurring on pull requests as the commits get pushed. It works best when commits are being pushed early and often to a branch with an open or draft pull request. There is some desire to move this closer to local development for faster feedback on linting errors but this is not yet supported.
|
||||||
|
|
||||||
### Repository Visualization
|
|
||||||
|
|
||||||
![Visualization of the codebase](https://super-linter.s3.us-west-2.amazonaws.com/diagram.svg)
|
|
||||||
|
|
||||||
## Supported Linters
|
## Supported Linters
|
||||||
|
|
||||||
Developers on **GitHub** can call the **GitHub Action** to lint their codebase with the following list of linters:
|
Developers on **GitHub** can call the **GitHub Action** to lint their codebase with the following list of linters:
|
||||||
|
@ -141,11 +137,6 @@ This file should have the following code:
|
||||||
#################################
|
#################################
|
||||||
name: Lint Code Base
|
name: Lint Code Base
|
||||||
|
|
||||||
#
|
|
||||||
# Documentation:
|
|
||||||
# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
|
|
||||||
#
|
|
||||||
|
|
||||||
#############################
|
#############################
|
||||||
# Start the job on all push #
|
# Start the job on all push #
|
||||||
#############################
|
#############################
|
||||||
|
@ -448,11 +439,6 @@ Example workflow:
|
||||||
#################################
|
#################################
|
||||||
name: Lint Code Base
|
name: Lint Code Base
|
||||||
|
|
||||||
#
|
|
||||||
# Documentation:
|
|
||||||
# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
|
|
||||||
#
|
|
||||||
|
|
||||||
#############################
|
#############################
|
||||||
# Start the job on all push #
|
# Start the job on all push #
|
||||||
#############################
|
#############################
|
||||||
|
|
9
dependencies/sgerrand.rsa.pub
vendored
Normal file
9
dependencies/sgerrand.rsa.pub
vendored
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ2u1KJKUu/fW4A25y9m
|
||||||
|
y70AGEa/J3Wi5ibNVGNn1gT1r0VfgeWd0pUybS4UmcHdiNzxJPgoWQhV2SSW1JYu
|
||||||
|
tOqKZF5QSN6X937PTUpNBjUvLtTQ1ve1fp39uf/lEXPpFpOPL88LKnDBgbh7wkCp
|
||||||
|
m2KzLVGChf83MS0ShL6G9EQIAUxLm99VpgRjwqTQ/KfzGtpke1wqws4au0Ab4qPY
|
||||||
|
KXvMLSPLUp7cfulWvhmZSegr5AdhNw5KNizPqCJT8ZrGvgHypXyiFvvAH5YRtSsc
|
||||||
|
Zvo9GI2e2MaZyo9/lvb+LbLEJZKEQckqRj4P26gmASrZEPStwc+yqy1ShHLA0j6m
|
||||||
|
1QIDAQAB
|
||||||
|
-----END PUBLIC KEY-----
|
Loading…
Reference in a new issue