mirror of
https://github.com/super-linter/super-linter.git
synced 2024-12-22 20:52:12 -05:00
27170b8e92
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
296 lines
10 KiB
YAML
296 lines
10 KiB
YAML
name: Build and Test
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
merge_group:
|
|
workflow_dispatch:
|
|
|
|
# Don't grant any access by default
|
|
permissions: {}
|
|
|
|
jobs:
|
|
build-container-image:
|
|
name: Build and Test
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
concurrency:
|
|
# Ref: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
|
|
# github.head_ref: head_ref or source branch of the pull request
|
|
# github.ref: ref of the branch that triggered the workflow
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event_name }}-${{ matrix.images.target }}
|
|
cancel-in-progress: true
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
images:
|
|
- prefix: slim-
|
|
target: slim
|
|
- prefix: ""
|
|
target: standard
|
|
timeout-minutes: 60
|
|
env:
|
|
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
|
|
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
|
|
CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set build metadata
|
|
run: |
|
|
if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then
|
|
BUILD_REVISION=${{ github.sha }}
|
|
BUILD_VERSION=${{ github.sha }}
|
|
elif [[ ${{ github.event_name }} == 'pull_request' ]]; then
|
|
BUILD_REVISION=${{ github.event.pull_request.head.sha }}
|
|
BUILD_VERSION=${{ github.event.pull_request.head.sha }}
|
|
else
|
|
echo "[ERROR] Event not supported when setting build revision and build version"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${BUILD_REVISION}" ]; then
|
|
echo "[ERROR] BUILD_REVISION is empty"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${BUILD_VERSION}" ]; then
|
|
echo "[ERROR] BUILD_VERSION is empty"
|
|
exit 1
|
|
fi
|
|
|
|
{
|
|
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
|
|
echo "BUILD_REVISION=${BUILD_REVISION}"
|
|
echo "BUILD_VERSION=${BUILD_VERSION}"
|
|
} >> "${GITHUB_ENV}"
|
|
|
|
- name: Free Disk space
|
|
shell: bash
|
|
run: |
|
|
sudo rm -rf /usr/local/lib/android || true
|
|
sudo rm -rf /usr/share/dotnet || true
|
|
sudo rm -rf /opt/ghc || true
|
|
sudo rm -rf /usr/local/.ghcup || true
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build Image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile
|
|
build-args: |
|
|
BUILD_DATE=${{ env.BUILD_DATE }}
|
|
BUILD_REVISION=${{ env.BUILD_REVISION }}
|
|
BUILD_VERSION=${{ env.BUILD_VERSION }}
|
|
cache-from: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache
|
|
outputs: type=docker,dest=/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
|
|
push: false
|
|
secrets: |
|
|
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
|
|
tags: |
|
|
${{ env.CONTAINER_IMAGE_ID }}
|
|
target: "${{ matrix.images.target }}"
|
|
|
|
# Load the image here because the docker/build-push-action doesn't support multiple exporters yet
|
|
# Ref: https://github.com/docker/build-push-action/issues/413
|
|
# Ref: https://github.com/moby/buildkit/issues/1555
|
|
- name: Load image
|
|
run: |
|
|
docker load <"/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar"
|
|
|
|
- name: Print environment info
|
|
run: |
|
|
make info
|
|
|
|
# Validate the container image labels here so we don't have to pass the expected
|
|
# label values to other build jobs
|
|
- name: Validate container image labels
|
|
run: make validate-container-image-labels
|
|
|
|
- name: Upload ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
uses: actions/upload-artifact@v4.3.4
|
|
with:
|
|
name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
|
|
path: /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
|
|
|
|
test-local-action:
|
|
name: Test the Super-linter GitHub Action
|
|
runs-on: ubuntu-latest
|
|
needs: build-container-image
|
|
permissions:
|
|
contents: read
|
|
strategy:
|
|
matrix:
|
|
images:
|
|
- container-image-id: super-linter-latest
|
|
prefix: ""
|
|
target: standard
|
|
- container-image-id: super-linter-slim-latest
|
|
prefix: slim-
|
|
target: slim
|
|
env:
|
|
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
|
|
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
|
|
CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Download ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
uses: actions/download-artifact@v4.1.8
|
|
with:
|
|
name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
|
|
path: /tmp
|
|
|
|
- name: Load ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
run: |
|
|
docker load --input /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
|
|
docker image ls -a
|
|
|
|
- name: Update action.yml
|
|
run: |
|
|
echo "yq version: $(yq --version)"
|
|
yq '.runs.image = "docker://" + env(CONTAINER_IMAGE_ID)' -i action.yml
|
|
echo "Action file contents:"
|
|
cat action.yml
|
|
|
|
- name: Test Local Action (debug log)
|
|
uses: ./
|
|
env:
|
|
LOG_LEVEL: DEBUG
|
|
CREATE_LOG_FILE: true
|
|
VALIDATE_ALL_CODEBASE: false
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml
|
|
FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*"
|
|
RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES: "default.json,hoge.json"
|
|
TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json"
|
|
|
|
- name: Get the contents of the log file
|
|
run: |
|
|
sudo cat super-linter.log
|
|
sudo rm -v super-linter.log
|
|
|
|
- name: Test Local Action (default log)
|
|
uses: ./
|
|
env:
|
|
VALIDATE_ALL_CODEBASE: false
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml
|
|
FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*"
|
|
TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json"
|
|
|
|
build-test-suite-matrix:
|
|
name: Build test suite matrix
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
outputs:
|
|
matrix: ${{ steps.generate-matrix.outputs.test-cases }}
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Generate test cases matrix
|
|
id: generate-matrix
|
|
run: |
|
|
TEST_TARGETS=$(make -pRrq 2>&1 | grep 'test:' | tr -d '\n' | sed -e "s/^test: //" | jq --raw-input --slurp --compact-output 'split(" ")')
|
|
echo "TEST_TARGETS: ${TEST_TARGETS}"
|
|
echo "test-cases=${TEST_TARGETS}" >> "${GITHUB_OUTPUT}"
|
|
|
|
run-test-suite:
|
|
name: Run test cases
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
needs:
|
|
- build-container-image
|
|
- build-test-suite-matrix
|
|
strategy:
|
|
matrix:
|
|
test-case: ${{ fromJson(needs.build-test-suite-matrix.outputs.matrix) }}
|
|
images:
|
|
- container-image-id: super-linter-latest
|
|
prefix: ""
|
|
target: standard
|
|
- container-image-id: super-linter-slim-latest
|
|
prefix: slim-
|
|
target: slim
|
|
exclude:
|
|
# Don't validate container image labels because we do that when building the image
|
|
- test-case: validate-container-image-labels
|
|
env:
|
|
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
|
|
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
|
|
CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Download ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
uses: actions/download-artifact@v4.1.8
|
|
with:
|
|
name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
|
|
path: /tmp
|
|
|
|
- name: Load ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
run: |
|
|
docker load --input /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
|
|
docker image ls -a
|
|
|
|
- name: "Test case: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}"
|
|
run: |
|
|
echo "Running: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}"
|
|
make ${{ matrix.test-case }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# The purpose of this job is to run only when the run-test-suite job runs to completion.
|
|
# We can use this job as a required status check in a branch protection rule without
|
|
# having to select each individual job that dynamically add to the test matrix.
|
|
test-success-placeholder:
|
|
name: Check if all the tests passed
|
|
if: ${{ always() }}
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
needs:
|
|
- run-test-suite
|
|
- test-local-action
|
|
steps:
|
|
- name: Test suite success
|
|
if: ${{ !(contains(needs.*.result, 'failure')) && !contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'skipped') }}
|
|
run: exit 0
|
|
- name: Test suite failures
|
|
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }}
|
|
run: exit 1
|
|
|
|
preview-release-notes:
|
|
if: github.event_name == 'pull_request' && github.repository == github.event.pull_request.head.repo.full_name && github.repository == 'super-linter/super-linter'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup authentication token
|
|
run: |
|
|
echo "${{ secrets.GITHUB_TOKEN }}" > .github-personal-access-token
|
|
|
|
- name: Generate a preview of the release notes
|
|
run: |
|
|
make release-please-dry-run
|