Use common base image #443
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Development Actions | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: ["**"] | |
workflow_call: | |
secrets: | |
GH_DELL_ACCESS: | |
description: 'A token passed from the caller workflow' | |
required: true | |
permissions: | |
contents: read | |
env: | |
GOPRIVATE: github.com/dell/* | |
TOKEN: ${{ secrets.GH_DELL_ACCESS }} | |
jobs: | |
golangci-lint: | |
name: golangci-lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Configure git for private modules | |
run: | | |
git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com" | |
echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: "1.21" | |
cache: false | |
- name: Checkout the code | |
uses: actions/checkout@v4.1.0 | |
- name: Vendor packages | |
run: | | |
go mod vendor | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version | |
version: v1.53 | |
skip-cache: true | |
malware-security-scan: | |
name: Malware Scanner | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.1.0 | |
- name: Malware Scanner | |
uses: dell/common-github-actions/malware-scanner@main | |
with: | |
directories: . | |
options: '--recursive --infected' | |
code-sanitizer: | |
name: Check for forbidden words | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.1.0 | |
- name: Run the forbidden words scan | |
uses: dell/common-github-actions/code-sanitizer@main | |
with: | |
args: /github/workspace/pkg | |
dockerfile-linter: | |
name: Run Hadolint Dockerfile lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.1.0 | |
- name: Run Hadolint | |
uses: hadolint/hadolint-action@v3.1.0 | |
shell-linter: | |
name: Run Shellcheck, Checkmake and Perl Critic | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4 | |
- name: Run ShellCheck | |
uses: ludeeus/action-shellcheck@master | |
- name: Perl Critic | |
uses: Difegue/action-perlcritic@master | |
with: | |
args: ./scripts/* | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: "1.21" | |
cache: false | |
- name: Install and run Checkmake | |
run: | | |
go install github.com/mrtazz/checkmake/cmd/checkmake@latest | |
checkmake Makefile | |
tests: | |
name: Run unit tests and check package coverage | |
runs-on: ubuntu-latest | |
steps: | |
- name: Configure git for private modules | |
run: | | |
git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com" | |
echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc | |
- name: Checkout the code | |
uses: actions/checkout@v4.1.0 | |
- name: Vendor packages | |
run: | | |
go mod vendor | |
- name: Run unit tests and check package coverage | |
uses: dell/common-github-actions/go-code-tester@main | |
with: | |
threshold: 90 | |
test-folder: "." | |
skip-list: "github.com/dell/cosi/core,github.com/dell/cosi/tests/integration/main_test" | |
- name: Run fuzzy tests | |
run: | | |
make fuzz | |
build-and-secure: | |
name: Build and Scan Docker image | |
runs-on: ubuntu-latest | |
env: | |
IMAGETAG: "${{ github.sha }}" | |
IMAGENAME: "dell/cosi" | |
REGISTRY: "sample_registry" | |
steps: | |
- name: Configure git for private modules | |
run: | | |
git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com" | |
echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: "1.21" | |
cache: false | |
- name: Checkout the code | |
uses: actions/checkout@v4.1.0 | |
- name: "Vendor packages" | |
run: | | |
go mod vendor | |
- run: make docker | |
- name: Run trivy action | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: ${{ env.IMAGENAME }}:${{ env.IMAGETAG }} | |
- name: Run dockle action | |
uses: erzz/dockle-action@v1.4.0 | |
env: | |
DOCKER_CONTENT_TRUST: 1 | |
with: | |
image: ${{ env.IMAGENAME }}:${{ env.IMAGETAG }} |