Skip to content

Commit

Permalink
refactor(ci): linting of workflows (#834)
Browse files Browse the repository at this point in the history 
* refactor(ci): linting of workflows

* chore(deps): update super-linter/super-linter action to v7

* fix(ci): disable CHECKOV linter

* fix(ci): set correct workflow permissions

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
@GoetzGoerisch @renovate
GoetzGoerisch and renovate[bot] authored Oct 11, 2024
1 parent 3f36fc5 commit d15bd83
Show file tree
Hide file tree
Showing 4 changed files with 62 additions and 34 deletions.
19 changes: 16 additions & 3 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
---
name: Build

on:
push:
pull_request:
branches: [main, development]
merge_group:


permissions: read-all

jobs:
build-linux:
strategy:
Expand Down Expand Up @@ -51,16 +53,19 @@ jobs:
cd build/Dashboard-Client-build || exit
ctest -V -C "${{matrix.build_type}}"
- name: Run integration test cacert_test
# yamllint disable rule:line-length
run: |
#! /bin/bash
cd UmatiDashboardOpcUaClient/Tests/integration/cacert_test || exit
./genCerts.sh
cp "${{ github.workspace }}/build/Dashboard-Client-build/Tests/unit/TestCaCertificate" .
docker compose up -d
./evaluateTest.sh
# yamllint enable rule:line-length
- name: Upload Artefacts
uses: actions/upload-artifact@v4
with:
# yamllint disable rule:line-length
name: UmatiDashboardOpcUaClient-${{matrix.build_type}}-${{matrix.os}}-${{matrix.arch}}
path: |
${{ env.CMAKE_INSTALL_PREFIX }}/bin
Expand All @@ -71,6 +76,7 @@ jobs:
name: dashboardopcuaclient-${{matrix.build_type}}-${{matrix.os}}-${{matrix.arch}}.deb
path: |
${{ env.CMAKE_INSTALL_PREFIX }}/*.deb
# yamllint enable rule:line-length
build-windows:
strategy:
matrix:
Expand Down Expand Up @@ -114,15 +120,20 @@ jobs:
- name: Upload Artefacts
uses: actions/upload-artifact@v4
with:
# yamllint disable rule:line-length
name: UmatiDashboardOpcUaClient-${{matrix.build_type}}-${{matrix.os}}-${{matrix.arch}}
path: |
${{ env.CMAKE_INSTALL_PREFIX }}/bin
${{ env.CMAKE_INSTALL_PREFIX }}/share/DashboardOpcUaClient
# yamllint enable rule:line-length
docker:
permissions:
packages: write
runs-on: ubuntu-22.04
env:
# Check if this is not a pull request and GITHUB_TOKEN is set
# As all env variables are strings, you need to compaire against "== 'true'" (not "== true")
# As all env variables are strings, you need to compare
# against "== 'true'" (not "== true")
IS_NOT_PR: ${{ !github.head_ref && true }}
steps:
- name: Checkout Code
Expand Down Expand Up @@ -172,6 +183,8 @@ jobs:
python -m unittest discover test_mqtt_sampleserver
release:
permissions:
contents: write
runs-on: ubuntu-22.04
needs: [build-linux, build-windows]
if: startsWith(github.ref, 'refs/tags/')
Expand Down
10 changes: 8 additions & 2 deletions .github/workflows/clean-images.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,11 @@ on:
workflow_dispatch:
schedule:
# * is a special character in YAML so you have to quote this string
- cron: '0 0 1 * *'
- cron: "0 0 1 * *"

permissions:
contents: read
packages: write

jobs:
build:
Expand All @@ -17,6 +21,7 @@ jobs:
PER_PAGE: 100

with:
# yamllint disable rule:line-length
github-token: ${{ secrets.DELETE_PACKAGES_TOKEN }}
script: |
const response = await github.request("GET /orgs/${{ github.repository_owner }}/packages/container/${{ env.PACKAGE_NAME }}/versions",
Expand All @@ -28,4 +33,5 @@ jobs:
const deleteResponse = await github.request("DELETE /orgs/${{ github.repository_owner }}/packages/container/${{ env.PACKAGE_NAME }}/versions/" + version.id, { });
console.log("status " + deleteResponse.status)
}
}
}
# yamllint enable rule:line-length
53 changes: 29 additions & 24 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,14 @@ name: "CodeQL"

on:
push:
branches: [ "development", main ]
branches: [development, main]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "development" ]
branches: [development]
schedule:
- cron: '0 3 * * 1'
- cron: "0 3 * * 1"

permissions: read-all

jobs:
analyze:
Expand All @@ -35,34 +37,37 @@ jobs:
strategy:
fail-fast: false
matrix:
language: [ 'cpp', 'python' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
language: ["cpp", "python"]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript',
# 'python', 'ruby' ] Learn more about CodeQL language support
# at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout ${{ github.repository }}
uses: actions/checkout@v4
with:
- name: Checkout ${{ github.repository }}
uses: actions/checkout@v4
with:
submodules: recursive

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here
# or in a config file. By default, queries listed here will
# override any specified in a config file. Prefix the list
# here with "+" to use these queries and those in the config file.
# Details on CodeQL's query packs refer to :
# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
queries: security-and-quality

- name: Build ${{ github.repository }} with dependencies
run: |
- name: Build ${{ github.repository }} with dependencies
run: |
mkdir -p build
cd build
cmake ../.github/ \
-DCMAKE_INSTALL_PREFIX:PATH="${{ env.CMAKE_INSTALL_PREFIX }}"
cmake --build .
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
14 changes: 9 additions & 5 deletions .github/workflows/linter.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ on:
pull_request:
branches: [main, develop]

permissions: read-all

###############
# Set the Job #
###############
Expand Down Expand Up @@ -47,14 +49,16 @@ jobs:
# Run Linter against code base #
################################
- name: Lint Code Base
uses: super-linter/super-linter@v5.7.2
uses: super-linter/super-linter@v7.1.0
env:
VALIDATE_CPP: false # Use clang-formt instead
VALIDATE_CPP: false # Use clang-format instead
VALIDATE_CHECKOV: false # Disable CHECKOV checks for now
# TODO: Add HEALTHCHECK and USER to Dockerfiles
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
DEFAULT_BRANCH: development
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

# CMake Format
# CMake Format
cmake-format-linter:
name: Lint Code Base (cmake-format-lint)
runs-on: ubuntu-22.04
Expand All @@ -64,4 +68,4 @@ jobs:
id: cmake-format
uses: PuneetMatharu/cmake-format-lint-action@v1.0.4
with:
args: --config-files cmake-format.yaml
args: --config-files cmake-format.yaml

0 comments on commit d15bd83

Please sign in to comment.