superlint/.github/workflows/ci.yml

344 lines
13 KiB
YAML
Raw Normal View History

name: Build and Test
on:
pull_request:
push:
merge_group:
workflow_dispatch:
# Don't grant any access by default
permissions: {}
jobs:
# Set build metadata before running any other job so we can reuse them for
# both the standandard and the slim images, and for verification as well.
# We can't run this as part of the build-container-image job because it
# runs multiple times due to its matrix configuration, leading to race
# conditions when verifying container image labels.
set-build-metadata:
name: Set build metadata
2023-10-14 22:04:51 -04:00
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
CONTAINER_IMAGE_BUILD_DATE: ${{ steps.set-container-image-build-metadata.outputs.CONTAINER_IMAGE_BUILD_DATE }}
CONTAINER_IMAGE_BUILD_REVISION: ${{ steps.set-container-image-build-metadata.outputs.CONTAINER_IMAGE_BUILD_REVISION }}
CONTAINER_IMAGE_BUILD_VERSION: ${{ steps.set-container-image-build-metadata.outputs.CONTAINER_IMAGE_BUILD_VERSION }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set build metadata
id: set-container-image-build-metadata
run: |
if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then
BUILD_REVISION=${{ github.sha }}
elif [[ ${{ github.event_name }} == 'pull_request' ]]; then
BUILD_REVISION=${{ github.event.pull_request.head.sha }}
else
echo "[ERROR] Event not supported when setting build revision and build version"
exit 1
fi
. scripts/build-metadata.sh
if [ -z "${BUILD_DATE}" ]; then
echo "[ERROR] BUILD_DATE is empty"
exit 1
fi
if [ -z "${BUILD_REVISION}" ]; then
echo "[ERROR] BUILD_REVISION is empty"
exit 1
fi
if [ -z "${BUILD_VERSION}" ]; then
echo "[ERROR] BUILD_VERSION is empty"
exit 1
fi
echo "Build date (GH Actions workflow): ${BUILD_DATE}"
echo "Build revision (GH Actions workflow): ${BUILD_REVISION}"
echo "Build version (GH Actions workflow): ${BUILD_VERSION}"
{
echo "BUILD_DATE=${BUILD_DATE}"
echo "BUILD_REVISION=${BUILD_REVISION}"
echo "BUILD_VERSION=${BUILD_VERSION}"
} >> "${GITHUB_ENV}"
{
echo "CONTAINER_IMAGE_BUILD_DATE=${BUILD_DATE}"
echo "CONTAINER_IMAGE_BUILD_REVISION=${BUILD_REVISION}"
echo "CONTAINER_IMAGE_BUILD_VERSION=${BUILD_VERSION}"
} >> "${GITHUB_OUTPUT}"
build-container-image:
name: Build and Test
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- set-build-metadata
concurrency:
# Ref: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
# github.head_ref: head_ref or source branch of the pull request
# github.ref: ref of the branch that triggered the workflow
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event_name }}-${{ matrix.images.target }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
images:
- prefix: slim-
target: slim
- prefix: ""
target: standard
timeout-minutes: 60
env:
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android || true
sudo rm -rf /usr/share/dotnet || true
sudo rm -rf /opt/ghc || true
sudo rm -rf /usr/local/.ghcup || true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Image
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
build-args: |
BUILD_DATE=${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_DATE }}
BUILD_REVISION=${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_REVISION }}
BUILD_VERSION=${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_VERSION }}
cache-from: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache
outputs: type=docker,dest=/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
push: false
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: |
${{ env.CONTAINER_IMAGE_ID }}
target: "${{ matrix.images.target }}"
# Load the image here because the docker/build-push-action doesn't support multiple exporters yet
# Ref: https://github.com/docker/build-push-action/issues/413
# Ref: https://github.com/moby/buildkit/issues/1555
- name: Load image
run: |
docker load <"/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar"
- name: Print environment info
run: |
make info
- name: Upload ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
uses: actions/upload-artifact@v4.4.3
with:
name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
path: /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
test-local-action:
name: Test the Super-linter GitHub Action
runs-on: ubuntu-latest
needs: build-container-image
permissions:
contents: read
strategy:
matrix:
images:
- container-image-id: super-linter-latest
prefix: ""
target: standard
- container-image-id: super-linter-slim-latest
prefix: slim-
target: slim
env:
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
uses: actions/download-artifact@v4.1.8
with:
name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
path: /tmp
- name: Load ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
run: |
docker load --input /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
docker image ls -a
- name: Update action.yml
run: |
echo "yq version: $(yq --version)"
yq '.runs.image = "docker://" + env(CONTAINER_IMAGE_ID)' -i action.yml
echo "Action file contents:"
cat action.yml
- name: Test Local Action (debug log)
uses: ./
env:
LOG_LEVEL: DEBUG
CREATE_LOG_FILE: true
VALIDATE_ALL_CODEBASE: false
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2024-01-30 14:24:55 -05:00
GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml
FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*"
RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES: "default.json,hoge.json"
TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json"
VALIDATE_JAVASCRIPT_STANDARD: false
- name: Get the contents of the log file
run: |
sudo cat super-linter.log
sudo rm -v super-linter.log
- name: Test Local Action (default log)
uses: ./
env:
VALIDATE_ALL_CODEBASE: false
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml
FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*"
TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json"
VALIDATE_JAVASCRIPT_STANDARD: false
build-test-suite-matrix:
name: Build test suite matrix
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
matrix: ${{ steps.generate-matrix.outputs.test-cases }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Generate test cases matrix
id: generate-matrix
run: |
TEST_TARGETS=$(make -pRrq 2>&1 | grep 'test:' | tr -d '\n' | sed -e "s/^test: //" | jq --raw-input --slurp --compact-output 'split(" ")')
echo "TEST_TARGETS: ${TEST_TARGETS}"
echo "test-cases=${TEST_TARGETS}" >> "${GITHUB_OUTPUT}"
run-test-suite:
name: Run test cases
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- set-build-metadata
- build-container-image
- build-test-suite-matrix
# Don't fail the entire test suite when:
# - Running npm audit, so we can see test results even if there are
# vulnerable dependencies that might be unrelated to the PR
# - Running the 'test' target because it runs all the tests, including the
# ones that are allowed to fail
continue-on-error: ${{ matrix.test-case == 'npm-audit' || matrix.test-case == 'test' }}
strategy:
fail-fast: true
matrix:
test-case: ${{ fromJson(needs.build-test-suite-matrix.outputs.matrix) }}
images:
- container-image-id: super-linter-latest
prefix: ""
target: standard
- container-image-id: super-linter-slim-latest
prefix: slim-
target: slim
include:
# Also run the test target to check if running the whole test suite
# in the same execution environment prevents it from succeeding
- test-case: test
env:
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
BUILD_DATE: ${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_DATE }}
BUILD_REVISION: ${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_REVISION }}
BUILD_VERSION: ${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_VERSION }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
uses: actions/download-artifact@v4.1.8
with:
name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
path: /tmp
- name: Load ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
run: |
docker load --input /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
docker image ls -a
- name: "Test case: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}"
run: |
echo "Running: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}"
make ${{ matrix.test-case }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# The purpose of this job is to run only when the run-test-suite job runs to completion.
# We can use this job as a required status check in a branch protection rule without
# having to select each individual job that dynamically add to the test matrix.
test-success-placeholder:
name: Check if all the tests passed
if: ${{ always() }}
runs-on: ubuntu-latest
permissions:
contents: read
needs:
- run-test-suite
- test-local-action
steps:
- name: Test suite success
if: ${{ !(contains(needs.*.result, 'failure')) && !contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'skipped') }}
run: exit 0
- name: Test suite failures
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }}
run: exit 1
preview-release-notes:
if: github.event_name == 'pull_request' && github.repository == github.event.pull_request.head.repo.full_name && github.repository == 'super-linter/super-linter'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup authentication token
run: |
echo "${{ secrets.GITHUB_TOKEN }}" > .github-personal-access-token
- name: Generate a preview of the release notes
run: |
make release-please-dry-run