Reduce duplication in CI and CD workflows (#4982)

* Reduce duplication in CI and CD workflows

* Fix indentation in README

* Load token from file

* Fix instructions

* Ignore test leftovers
This commit is contained in:
Marco Ferrari 2023-12-12 19:53:48 +01:00 committed by GitHub
parent 2c548620af
commit ac4b767bd7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 91 additions and 86 deletions

View file

@ -93,32 +93,6 @@ jobs:
- name: Run Test Suite - name: Run Test Suite
run: make test run: make test
- name: Run Super-Linter Tests
run: |
docker run \
-e RUN_LOCAL=true \
-e TEST_CASE_RUN=true \
-e ANSIBLE_DIRECTORY=.automation/test/ansible \
-e ACTIONS_RUNNER_DEBUG=true \
-e DEFAULT_BRANCH=main \
-e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-e TYPESCRIPT_STANDARD_TSCONFIG_FILE=".github/linters/tsconfig.json" \
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
"${CONTAINER_IMAGE_ID}"
- name: Lint Entire Codebase
run: |
docker run \
-e RUN_LOCAL=true \
-e OUTPUT_DETAILS=detailed \
-e ACTIONS_RUNNER_DEBUG=true \
-e DEFAULT_BRANCH=main \
-e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
"${CONTAINER_IMAGE_ID}"
- name: Login to GHCR - name: Login to GHCR
uses: docker/login-action@v3.0.0 uses: docker/login-action@v3.0.0
with: with:

View file

@ -113,28 +113,3 @@ jobs:
- name: Run Test Suite - name: Run Test Suite
run: make test run: make test
- name: Run Super-Linter Tests
run: |
docker run \
-e RUN_LOCAL=true \
-e TEST_CASE_RUN=true \
-e ANSIBLE_DIRECTORY=.automation/test/ansible \
-e ACTIONS_RUNNER_DEBUG=true \
-e DEFAULT_BRANCH=main \
-e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-e TYPESCRIPT_STANDARD_TSCONFIG_FILE=".github/linters/tsconfig.json" \
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
"${CONTAINER_IMAGE_ID}"
- name: Lint Entire Codebase
run: |
docker run \
-e RUN_LOCAL=true \
-e ACTIONS_RUNNER_DEBUG=true \
-e DEFAULT_BRANCH=main \
-e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
"${CONTAINER_IMAGE_ID}"

8
.gitignore vendored
View file

@ -79,3 +79,11 @@ super-linter.report
# Test reports # Test reports
test/reports test/reports
# Developer credentials
.github-personal-access-token
# Test leftovers
.lintr
.automation/test/rust_clippy/**/Cargo.lock
.automation/test/rust_clippy/**/target/**

View file

@ -4,7 +4,7 @@
all: info docker test ## Run all targets. all: info docker test ## Run all targets.
.PHONY: test .PHONY: test
test: info validate-container-image-labels inspec test-find ## Run tests test: info validate-container-image-labels inspec lint-codebase test-find test-linters ## Run the test suite
# if this session isn't interactive, then we don't want to allocate a # if this session isn't interactive, then we don't want to allocate a
# TTY, which would fail, but if it is interactive, we do want to attach # TTY, which would fail, but if it is interactive, we do want to attach
@ -63,6 +63,8 @@ ifeq ($(BUILD_VERSION),)
BUILD_VERSION := $(shell git rev-parse HEAD) BUILD_VERSION := $(shell git rev-parse HEAD)
endif endif
GITHUB_TOKEN_PATH := "$(CURDIR)/.github-personal-access-token"
.PHONY: inspec .PHONY: inspec
inspec: inspec-check ## Run InSpec tests inspec: inspec-check ## Run InSpec tests
DOCKER_CONTAINER_STATE="$$(docker inspect --format "{{.State.Running}}" $(SUPER_LINTER_TEST_CONTAINER_NAME) 2>/dev/null || echo "")"; \ DOCKER_CONTAINER_STATE="$$(docker inspect --format "{{.State.Running}}" $(SUPER_LINTER_TEST_CONTAINER_NAME) 2>/dev/null || echo "")"; \
@ -85,12 +87,12 @@ inspec: inspec-check ## Run InSpec tests
.phony: docker .phony: docker
docker: ## Build the container image docker: ## Build the container image
@if [ -z "${GITHUB_TOKEN}" ]; then echo "GITHUB_TOKEN environment variable not set. Please set your GitHub Personal Access Token."; exit 1; fi @if [ ! -f "${GITHUB_TOKEN_PATH}" ]; then echo "Cannot find the file to load the GitHub access token: $(GITHUB_TOKEN_PATH). Create a readable file there, and populate it with a GitHub personal access token."; exit 1; fi
DOCKER_BUILDKIT=1 docker buildx build --load \ DOCKER_BUILDKIT=1 docker buildx build --load \
--build-arg BUILD_DATE=$(BUILD_DATE) \ --build-arg BUILD_DATE=$(BUILD_DATE) \
--build-arg BUILD_REVISION=$(BUILD_REVISION) \ --build-arg BUILD_REVISION=$(BUILD_REVISION) \
--build-arg BUILD_VERSION=$(BUILD_VERSION) \ --build-arg BUILD_VERSION=$(BUILD_VERSION) \
--secret id=GITHUB_TOKEN,env=GITHUB_TOKEN \ --secret id=GITHUB_TOKEN,src=$(GITHUB_TOKEN_PATH) \
-t $(SUPER_LINTER_TEST_CONTAINER_URL) . -t $(SUPER_LINTER_TEST_CONTAINER_URL) .
.phony: docker-pull .phony: docker-pull
@ -110,8 +112,33 @@ test-find: ## Run super-linter on a subdirectory with USE_FIND_ALGORITHM=true
docker run \ docker run \
-e RUN_LOCAL=true \ -e RUN_LOCAL=true \
-e ACTIONS_RUNNER_DEBUG=true \ -e ACTIONS_RUNNER_DEBUG=true \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-e DEFAULT_BRANCH=main \ -e DEFAULT_BRANCH=main \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-e USE_FIND_ALGORITHM=true \ -e USE_FIND_ALGORITHM=true \
-v "$(CURDIR)/.github":/tmp/lint \ -v "$(CURDIR)/.github":/tmp/lint \
$(SUPER_LINTER_TEST_CONTAINER_URL) $(SUPER_LINTER_TEST_CONTAINER_URL)
.phony: lint-codebase
lint-codebase: ## Lint the entire codebase
docker run \
-e RUN_LOCAL=true \
-e ACTIONS_RUNNER_DEBUG=true \
-e DEFAULT_BRANCH=main \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \
-v "$(CURDIR):/tmp/lint" \
$(SUPER_LINTER_TEST_CONTAINER_URL)
.phony: test-linters
test-linters: ## Run the linters test suite
docker run \
-e ACTIONS_RUNNER_DEBUG=true \
-e ANSIBLE_DIRECTORY=.automation/test/ansible \
-e DEFAULT_BRANCH=main \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \
-e RUN_LOCAL=true \
-e TEST_CASE_RUN=true \
-e TYPESCRIPT_STANDARD_TSCONFIG_FILE=".github/linters/tsconfig.json" \
-v "$(CURDIR):/tmp/lint" \
$(SUPER_LINTER_TEST_CONTAINER_URL)

View file

@ -82,37 +82,37 @@ To run super-linter as a GitHub Action, you do the following:
1. Create a new [GitHub Actions workflow](https://docs.github.com/en/actions/using-workflows/about-workflows#about-workflows) in your repository with the following content: 1. Create a new [GitHub Actions workflow](https://docs.github.com/en/actions/using-workflows/about-workflows#about-workflows) in your repository with the following content:
```yaml ```yaml
--- ---
name: Lint name: Lint
on: # yamllint disable-line rule:truthy on: # yamllint disable-line rule:truthy
push: null push: null
pull_request: null pull_request: null
jobs: jobs:
build: build:
name: Lint name: Lint
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: read packages: read
# To report GitHub Actions status checks # To report GitHub Actions status checks
statuses: write statuses: write
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Super-linter - name: Super-linter
uses: super-linter/super-linter@v5 uses: super-linter/super-linter@v5
env: env:
DEFAULT_BRANCH: main DEFAULT_BRANCH: main
# To report GitHub Actions status checks # To report GitHub Actions status checks
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
... ...
``` ```
1. Commit that file to a new branch. 1. Commit that file to a new branch.
1. Push the new commit to the remote repository. 1. Push the new commit to the remote repository.
@ -407,4 +407,4 @@ path to the files that contains a CA that can be used to valide the certificate:
## How to contribute ## How to contribute
If you would like to help contribute to super-linter, see If you would like to help contribute to super-linter, see
[CONTRIBUTING](https://github.com/super-linter/super-linter/blob/main/.github/CONTRIBUTING.md) [CONTRIBUTING](https://github.com/super-linter/super-linter/blob/main/.github/CONTRIBUTING.md).

View file

@ -73,9 +73,30 @@ them accordingly:
## Build the container image and run the test suite locally ## Build the container image and run the test suite locally
You can run the build and test process locally with the following command: To run the build and test process locally, do the following:
```shell 1. [Create a fine-grained GitHub personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token).
1. Create a file to store the personal access token on your machine:
```bash
touch .github-personal-access-token
```
The file to store the personal access token is ignored by Git.
1. Run the build process:
```bash
make
```
To avoid invalidating the build cache, and reuse it, you can set build metadata
to arbitrary values before running `make`:
```bash
BUILD_DATE=2023-12-12T09:32:05Z \
BUILD_REVISION=83c16f63caa9d432df4519efb4c58a56e2190bd6 \
BUILD_VERSION=83c16f63caa9d432df4519efb4c58a56e2190bd6 \
make make
``` ```
@ -88,7 +109,7 @@ image version.
```shell ```shell
CONTAINER_IMAGE_ID="ghcr.io/super-linter/super-linter:v5.4.3" \ CONTAINER_IMAGE_ID="ghcr.io/super-linter/super-linter:v5.4.3" \
BUILD_DATE="2023-10-17T16:19:11Z" \ BUILD_DATE="2023-10-17T17:00:53Z" \
BUILD_REVISION=b0d1acee1f8050d1684a28ddbf8315f81d084fe9 \ BUILD_REVISION=b0d1acee1f8050d1684a28ddbf8315f81d084fe9 \
BUILD_VERSION=b0d1acee1f8050d1684a28ddbf8315f81d084fe9 \ BUILD_VERSION=b0d1acee1f8050d1684a28ddbf8315f81d084fe9 \
make docker-pull test make docker-pull test

View file

@ -473,7 +473,7 @@ GetGitHubVars() {
fi fi
if [ ! -d "${GITHUB_WORKSPACE}" ]; then if [ ! -d "${GITHUB_WORKSPACE}" ]; then
fatal "Provided volume is not a directory!" fatal "The workspace (${GITHUB_WORKSPACE}) is not a directory!"
fi fi
pushd "${GITHUB_WORKSPACE}" >/dev/null || exit 1 pushd "${GITHUB_WORKSPACE}" >/dev/null || exit 1