Skip to content

Use common base image #443

Use common base image

Use common base image #443

Workflow file for this run

name: Development Actions
on:
push:
branches: [main]
pull_request:
branches: ["**"]
workflow_call:
secrets:
GH_DELL_ACCESS:
description: 'A token passed from the caller workflow'
required: true
permissions:
contents: read
env:
GOPRIVATE: github.com/dell/*
TOKEN: ${{ secrets.GH_DELL_ACCESS }}
jobs:
golangci-lint:
name: golangci-lint
runs-on: ubuntu-latest
steps:
- name: Configure git for private modules
run: |
git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com"
echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc
- uses: actions/setup-go@v4
with:
go-version: "1.21"
cache: false
- name: Checkout the code
uses: actions/checkout@v4.1.0
- name: Vendor packages
run: |
go mod vendor
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v1.53
skip-cache: true
malware-security-scan:
name: Malware Scanner
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4.1.0
- name: Malware Scanner
uses: dell/common-github-actions/malware-scanner@main
with:
directories: .
options: '--recursive --infected'
code-sanitizer:
name: Check for forbidden words
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4.1.0
- name: Run the forbidden words scan
uses: dell/common-github-actions/code-sanitizer@main
with:
args: /github/workspace/pkg
dockerfile-linter:
name: Run Hadolint Dockerfile lint
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4.1.0
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.1.0
shell-linter:
name: Run Shellcheck, Checkmake and Perl Critic
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
- name: Perl Critic
uses: Difegue/action-perlcritic@master
with:
args: ./scripts/*
- uses: actions/setup-go@v4
with:
go-version: "1.21"
cache: false
- name: Install and run Checkmake
run: |
go install github.com/mrtazz/checkmake/cmd/checkmake@latest
checkmake Makefile
tests:
name: Run unit tests and check package coverage
runs-on: ubuntu-latest
steps:
- name: Configure git for private modules
run: |
git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com"
echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc
- name: Checkout the code
uses: actions/checkout@v4.1.0
- name: Vendor packages
run: |
go mod vendor
- name: Run unit tests and check package coverage
uses: dell/common-github-actions/go-code-tester@main
with:
threshold: 90
test-folder: "."
skip-list: "github.com/dell/cosi/core,github.com/dell/cosi/tests/integration/main_test"
- name: Run fuzzy tests
run: |
make fuzz
build-and-secure:
name: Build and Scan Docker image
runs-on: ubuntu-latest
env:
IMAGETAG: "${{ github.sha }}"
IMAGENAME: "dell/cosi"
REGISTRY: "sample_registry"
steps:
- name: Configure git for private modules
run: |
git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com"
echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc
- uses: actions/setup-go@v4
with:
go-version: "1.21"
cache: false
- name: Checkout the code
uses: actions/checkout@v4.1.0
- name: "Vendor packages"
run: |
go mod vendor
- run: make docker
- name: Run trivy action
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGENAME }}:${{ env.IMAGETAG }}
- name: Run dockle action
uses: erzz/dockle-action@v1.4.0
env:
DOCKER_CONTENT_TRUST: 1
with:
image: ${{ env.IMAGENAME }}:${{ env.IMAGETAG }}