name: Build and Test on: pull_request: push: merge_group: workflow_dispatch: # Don't grant any access by default permissions: {} jobs: # Set build metadata before running any other job so we can reuse them for # both the standandard and the slim images, and for verification as well. # We can't run this as part of the build-container-image job because it # runs multiple times due to its matrix configuration, leading to race # conditions when verifying container image labels. set-build-metadata: name: Set build metadata runs-on: ubuntu-latest permissions: contents: read outputs: CONTAINER_IMAGE_BUILD_DATE: ${{ steps.set-container-image-build-metadata.outputs.CONTAINER_IMAGE_BUILD_DATE }} CONTAINER_IMAGE_BUILD_REVISION: ${{ steps.set-container-image-build-metadata.outputs.CONTAINER_IMAGE_BUILD_REVISION }} CONTAINER_IMAGE_BUILD_VERSION: ${{ steps.set-container-image-build-metadata.outputs.CONTAINER_IMAGE_BUILD_VERSION }} steps: - name: Checkout Code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set build metadata id: set-container-image-build-metadata run: | if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then BUILD_REVISION=${{ github.sha }} elif [[ ${{ github.event_name }} == 'pull_request' ]]; then BUILD_REVISION=${{ github.event.pull_request.head.sha }} else echo "[ERROR] Event not supported when setting build revision and build version" exit 1 fi . scripts/build-metadata.sh if [ -z "${BUILD_DATE}" ]; then echo "[ERROR] BUILD_DATE is empty" exit 1 fi if [ -z "${BUILD_REVISION}" ]; then echo "[ERROR] BUILD_REVISION is empty" exit 1 fi if [ -z "${BUILD_VERSION}" ]; then echo "[ERROR] BUILD_VERSION is empty" exit 1 fi echo "Build date (GH Actions workflow): ${BUILD_DATE}" echo "Build revision (GH Actions workflow): ${BUILD_REVISION}" echo "Build version (GH Actions workflow): ${BUILD_VERSION}" { echo "BUILD_DATE=${BUILD_DATE}" echo "BUILD_REVISION=${BUILD_REVISION}" echo "BUILD_VERSION=${BUILD_VERSION}" } >> "${GITHUB_ENV}" { echo "CONTAINER_IMAGE_BUILD_DATE=${BUILD_DATE}" echo "CONTAINER_IMAGE_BUILD_REVISION=${BUILD_REVISION}" echo "CONTAINER_IMAGE_BUILD_VERSION=${BUILD_VERSION}" } >> "${GITHUB_OUTPUT}" build-container-image: name: Build and Test runs-on: ubuntu-latest permissions: contents: read needs: - set-build-metadata concurrency: # Ref: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context # github.head_ref: head_ref or source branch of the pull request # github.ref: ref of the branch that triggered the workflow group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event_name }}-${{ matrix.images.target }} cancel-in-progress: true strategy: fail-fast: false matrix: images: - prefix: slim- target: slim - prefix: "" target: standard timeout-minutes: 60 env: CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest" CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}" CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest" steps: - name: Checkout Code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Free Disk space shell: bash run: | sudo rm -rf /usr/local/lib/android || true sudo rm -rf /usr/share/dotnet || true sudo rm -rf /opt/ghc || true sudo rm -rf /usr/local/.ghcup || true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Image uses: docker/build-push-action@v6 with: context: . file: ./Dockerfile build-args: | BUILD_DATE=${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_DATE }} BUILD_REVISION=${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_REVISION }} BUILD_VERSION=${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_VERSION }} cache-from: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache outputs: type=docker,dest=/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar push: false secrets: | GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} tags: | ${{ env.CONTAINER_IMAGE_ID }} target: "${{ matrix.images.target }}" # Load the image here because the docker/build-push-action doesn't support multiple exporters yet # Ref: https://github.com/docker/build-push-action/issues/413 # Ref: https://github.com/moby/buildkit/issues/1555 - name: Load image run: | docker load <"/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar" - name: Print environment info run: | make info - name: Upload ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image uses: actions/upload-artifact@v4.4.3 with: name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} path: /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar test-local-action: name: Test the Super-linter GitHub Action runs-on: ubuntu-latest needs: build-container-image permissions: contents: read strategy: matrix: images: - container-image-id: super-linter-latest prefix: "" target: standard - container-image-id: super-linter-slim-latest prefix: slim- target: slim env: CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest" CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}" CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest" steps: - name: Checkout Code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Download ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image uses: actions/download-artifact@v4.1.8 with: name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} path: /tmp - name: Load ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image run: | docker load --input /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar docker image ls -a - name: Update action.yml run: | echo "yq version: $(yq --version)" yq '.runs.image = "docker://" + env(CONTAINER_IMAGE_ID)' -i action.yml echo "Action file contents:" cat action.yml - name: Test Local Action (debug log) uses: ./ env: LOG_LEVEL: DEBUG CREATE_LOG_FILE: true VALIDATE_ALL_CODEBASE: false GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*" RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES: "default.json,hoge.json" TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json" VALIDATE_JAVASCRIPT_STANDARD: false - name: Get the contents of the log file run: | sudo cat super-linter.log sudo rm -v super-linter.log - name: Test Local Action (default log) uses: ./ env: VALIDATE_ALL_CODEBASE: false GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*" TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json" VALIDATE_JAVASCRIPT_STANDARD: false build-test-suite-matrix: name: Build test suite matrix runs-on: ubuntu-latest permissions: contents: read outputs: matrix: ${{ steps.generate-matrix.outputs.test-cases }} steps: - name: Checkout Code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Generate test cases matrix id: generate-matrix run: | TEST_TARGETS=$(make -pRrq 2>&1 | grep 'test:' | tr -d '\n' | sed -e "s/^test: //" | jq --raw-input --slurp --compact-output 'split(" ")') echo "TEST_TARGETS: ${TEST_TARGETS}" echo "test-cases=${TEST_TARGETS}" >> "${GITHUB_OUTPUT}" run-test-suite: name: Run test cases runs-on: ubuntu-latest permissions: contents: read needs: - set-build-metadata - build-container-image - build-test-suite-matrix strategy: # Continue running the rest of the test suite so we get feedback even if # there are failures in certain tests, such as when running npm-audit fail-fast: false matrix: test-case: ${{ fromJson(needs.build-test-suite-matrix.outputs.matrix) }} images: - container-image-id: super-linter-latest prefix: "" target: standard - container-image-id: super-linter-slim-latest prefix: slim- target: slim include: # Also run the test target to check if running the whole test suite # in the same execution environment prevents it from succeeding - test-case: test env: CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest" CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}" CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest" BUILD_DATE: ${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_DATE }} BUILD_REVISION: ${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_REVISION }} BUILD_VERSION: ${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_VERSION }} steps: - name: Checkout Code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Download ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image uses: actions/download-artifact@v4.1.8 with: name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} path: /tmp - name: Load ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image run: | docker load --input /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar docker image ls -a - name: "Test case: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}" run: | echo "Running: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}" make ${{ matrix.test-case }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # The purpose of this job is to run only when the run-test-suite job runs to completion. # We can use this job as a required status check in a branch protection rule without # having to select each individual job that dynamically add to the test matrix. test-success-placeholder: name: Check if all the tests passed if: ${{ always() }} runs-on: ubuntu-latest permissions: contents: read needs: - run-test-suite - test-local-action steps: - name: Test suite success if: ${{ !(contains(needs.*.result, 'failure')) && !contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'skipped') }} run: exit 0 - name: Test suite failures if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }} run: exit 1 preview-release-notes: if: github.event_name == 'pull_request' && github.repository == github.event.pull_request.head.repo.full_name && github.repository == 'super-linter/super-linter' runs-on: ubuntu-latest permissions: contents: read steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup authentication token run: | echo "${{ secrets.GITHUB_TOKEN }}" > .github-personal-access-token - name: Generate a preview of the release notes run: | make release-please-dry-run