mirror of
https://github.com/super-linter/super-linter.git
synced 2024-12-01 13:10:57 -05:00
b2d0953bfc
Move 'npm audit' execution to a dedicated target (and corresponding step) so that we can modularize it, and avoid that it blocks that whole test suite.
343 lines
13 KiB
YAML
343 lines
13 KiB
YAML
name: Build and Test
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
merge_group:
|
|
workflow_dispatch:
|
|
|
|
# Don't grant any access by default
|
|
permissions: {}
|
|
|
|
jobs:
|
|
# Set build metadata before running any other job so we can reuse them for
|
|
# both the standandard and the slim images, and for verification as well.
|
|
# We can't run this as part of the build-container-image job because it
|
|
# runs multiple times due to its matrix configuration, leading to race
|
|
# conditions when verifying container image labels.
|
|
set-build-metadata:
|
|
name: Set build metadata
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
outputs:
|
|
CONTAINER_IMAGE_BUILD_DATE: ${{ steps.set-container-image-build-metadata.outputs.CONTAINER_IMAGE_BUILD_DATE }}
|
|
CONTAINER_IMAGE_BUILD_REVISION: ${{ steps.set-container-image-build-metadata.outputs.CONTAINER_IMAGE_BUILD_REVISION }}
|
|
CONTAINER_IMAGE_BUILD_VERSION: ${{ steps.set-container-image-build-metadata.outputs.CONTAINER_IMAGE_BUILD_VERSION }}
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set build metadata
|
|
id: set-container-image-build-metadata
|
|
run: |
|
|
if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then
|
|
BUILD_REVISION=${{ github.sha }}
|
|
elif [[ ${{ github.event_name }} == 'pull_request' ]]; then
|
|
BUILD_REVISION=${{ github.event.pull_request.head.sha }}
|
|
else
|
|
echo "[ERROR] Event not supported when setting build revision and build version"
|
|
exit 1
|
|
fi
|
|
|
|
. scripts/build-metadata.sh
|
|
|
|
if [ -z "${BUILD_DATE}" ]; then
|
|
echo "[ERROR] BUILD_DATE is empty"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${BUILD_REVISION}" ]; then
|
|
echo "[ERROR] BUILD_REVISION is empty"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${BUILD_VERSION}" ]; then
|
|
echo "[ERROR] BUILD_VERSION is empty"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Build date (GH Actions workflow): ${BUILD_DATE}"
|
|
echo "Build revision (GH Actions workflow): ${BUILD_REVISION}"
|
|
echo "Build version (GH Actions workflow): ${BUILD_VERSION}"
|
|
|
|
{
|
|
echo "BUILD_DATE=${BUILD_DATE}"
|
|
echo "BUILD_REVISION=${BUILD_REVISION}"
|
|
echo "BUILD_VERSION=${BUILD_VERSION}"
|
|
} >> "${GITHUB_ENV}"
|
|
|
|
{
|
|
echo "CONTAINER_IMAGE_BUILD_DATE=${BUILD_DATE}"
|
|
echo "CONTAINER_IMAGE_BUILD_REVISION=${BUILD_REVISION}"
|
|
echo "CONTAINER_IMAGE_BUILD_VERSION=${BUILD_VERSION}"
|
|
} >> "${GITHUB_OUTPUT}"
|
|
|
|
build-container-image:
|
|
name: Build and Test
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
needs:
|
|
- set-build-metadata
|
|
concurrency:
|
|
# Ref: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
|
|
# github.head_ref: head_ref or source branch of the pull request
|
|
# github.ref: ref of the branch that triggered the workflow
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event_name }}-${{ matrix.images.target }}
|
|
cancel-in-progress: true
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
images:
|
|
- prefix: slim-
|
|
target: slim
|
|
- prefix: ""
|
|
target: standard
|
|
timeout-minutes: 60
|
|
env:
|
|
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
|
|
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
|
|
CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Free Disk space
|
|
shell: bash
|
|
run: |
|
|
sudo rm -rf /usr/local/lib/android || true
|
|
sudo rm -rf /usr/share/dotnet || true
|
|
sudo rm -rf /opt/ghc || true
|
|
sudo rm -rf /usr/local/.ghcup || true
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build Image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile
|
|
build-args: |
|
|
BUILD_DATE=${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_DATE }}
|
|
BUILD_REVISION=${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_REVISION }}
|
|
BUILD_VERSION=${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_VERSION }}
|
|
cache-from: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache
|
|
outputs: type=docker,dest=/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
|
|
push: false
|
|
secrets: |
|
|
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
|
|
tags: |
|
|
${{ env.CONTAINER_IMAGE_ID }}
|
|
target: "${{ matrix.images.target }}"
|
|
|
|
# Load the image here because the docker/build-push-action doesn't support multiple exporters yet
|
|
# Ref: https://github.com/docker/build-push-action/issues/413
|
|
# Ref: https://github.com/moby/buildkit/issues/1555
|
|
- name: Load image
|
|
run: |
|
|
docker load <"/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar"
|
|
|
|
- name: Print environment info
|
|
run: |
|
|
make info
|
|
|
|
- name: Upload ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
uses: actions/upload-artifact@v4.4.3
|
|
with:
|
|
name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
|
|
path: /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
|
|
|
|
test-local-action:
|
|
name: Test the Super-linter GitHub Action
|
|
runs-on: ubuntu-latest
|
|
needs: build-container-image
|
|
permissions:
|
|
contents: read
|
|
strategy:
|
|
matrix:
|
|
images:
|
|
- container-image-id: super-linter-latest
|
|
prefix: ""
|
|
target: standard
|
|
- container-image-id: super-linter-slim-latest
|
|
prefix: slim-
|
|
target: slim
|
|
env:
|
|
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
|
|
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
|
|
CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Download ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
uses: actions/download-artifact@v4.1.8
|
|
with:
|
|
name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
|
|
path: /tmp
|
|
|
|
- name: Load ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
run: |
|
|
docker load --input /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
|
|
docker image ls -a
|
|
|
|
- name: Update action.yml
|
|
run: |
|
|
echo "yq version: $(yq --version)"
|
|
yq '.runs.image = "docker://" + env(CONTAINER_IMAGE_ID)' -i action.yml
|
|
echo "Action file contents:"
|
|
cat action.yml
|
|
|
|
- name: Test Local Action (debug log)
|
|
uses: ./
|
|
env:
|
|
LOG_LEVEL: DEBUG
|
|
CREATE_LOG_FILE: true
|
|
VALIDATE_ALL_CODEBASE: false
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml
|
|
FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*"
|
|
RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES: "default.json,hoge.json"
|
|
TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json"
|
|
VALIDATE_JAVASCRIPT_STANDARD: false
|
|
|
|
- name: Get the contents of the log file
|
|
run: |
|
|
sudo cat super-linter.log
|
|
sudo rm -v super-linter.log
|
|
|
|
- name: Test Local Action (default log)
|
|
uses: ./
|
|
env:
|
|
VALIDATE_ALL_CODEBASE: false
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml
|
|
FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*"
|
|
TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json"
|
|
VALIDATE_JAVASCRIPT_STANDARD: false
|
|
|
|
build-test-suite-matrix:
|
|
name: Build test suite matrix
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
outputs:
|
|
matrix: ${{ steps.generate-matrix.outputs.test-cases }}
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Generate test cases matrix
|
|
id: generate-matrix
|
|
run: |
|
|
TEST_TARGETS=$(make -pRrq 2>&1 | grep 'test:' | tr -d '\n' | sed -e "s/^test: //" | jq --raw-input --slurp --compact-output 'split(" ")')
|
|
echo "TEST_TARGETS: ${TEST_TARGETS}"
|
|
echo "test-cases=${TEST_TARGETS}" >> "${GITHUB_OUTPUT}"
|
|
|
|
run-test-suite:
|
|
name: Run test cases
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
needs:
|
|
- set-build-metadata
|
|
- build-container-image
|
|
- build-test-suite-matrix
|
|
# Don't fail the entire test suite when:
|
|
# - Running npm audit, so we can see test results even if there are
|
|
# vulnerable dependencies that might be unrelated to the PR
|
|
# - Running the 'test' target because it runs all the tests, including the
|
|
# ones that are allowed to fail
|
|
continue-on-error: ${{ matrix.test-case == 'npm-audit' || matrix.test-case == 'test' }}
|
|
strategy:
|
|
fail-fast: true
|
|
matrix:
|
|
test-case: ${{ fromJson(needs.build-test-suite-matrix.outputs.matrix) }}
|
|
images:
|
|
- container-image-id: super-linter-latest
|
|
prefix: ""
|
|
target: standard
|
|
- container-image-id: super-linter-slim-latest
|
|
prefix: slim-
|
|
target: slim
|
|
include:
|
|
# Also run the test target to check if running the whole test suite
|
|
# in the same execution environment prevents it from succeeding
|
|
- test-case: test
|
|
env:
|
|
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
|
|
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
|
|
CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
|
|
BUILD_DATE: ${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_DATE }}
|
|
BUILD_REVISION: ${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_REVISION }}
|
|
BUILD_VERSION: ${{ needs.set-build-metadata.outputs.CONTAINER_IMAGE_BUILD_VERSION }}
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Download ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
uses: actions/download-artifact@v4.1.8
|
|
with:
|
|
name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
|
|
path: /tmp
|
|
|
|
- name: Load ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
|
|
run: |
|
|
docker load --input /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
|
|
docker image ls -a
|
|
|
|
- name: "Test case: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}"
|
|
run: |
|
|
echo "Running: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}"
|
|
make ${{ matrix.test-case }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# The purpose of this job is to run only when the run-test-suite job runs to completion.
|
|
# We can use this job as a required status check in a branch protection rule without
|
|
# having to select each individual job that dynamically add to the test matrix.
|
|
test-success-placeholder:
|
|
name: Check if all the tests passed
|
|
if: ${{ always() }}
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
needs:
|
|
- run-test-suite
|
|
- test-local-action
|
|
steps:
|
|
- name: Test suite success
|
|
if: ${{ !(contains(needs.*.result, 'failure')) && !contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'skipped') }}
|
|
run: exit 0
|
|
- name: Test suite failures
|
|
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }}
|
|
run: exit 1
|
|
|
|
preview-release-notes:
|
|
if: github.event_name == 'pull_request' && github.repository == github.event.pull_request.head.repo.full_name && github.repository == 'super-linter/super-linter'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup authentication token
|
|
run: |
|
|
echo "${{ secrets.GITHUB_TOKEN }}" > .github-personal-access-token
|
|
|
|
- name: Generate a preview of the release notes
|
|
run: |
|
|
make release-please-dry-run
|