From 8c363b1690cf23b104137a720d122af73bd566d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Mon, 5 Feb 2024 17:30:03 +0100 Subject: [PATCH] chore: improve ci (#54) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: improve ci Signed-off-by: Charles-Edouard Brétéché * tests target Signed-off-by: Charles-Edouard Brétéché --------- Signed-off-by: Charles-Edouard Brétéché --- .github/workflows/ah-lint.yaml | 2 +- .github/workflows/check-actions.yaml | 2 +- .github/workflows/codegen.yaml | 2 +- .github/workflows/codeql._yaml | 44 ------------------------- .github/workflows/codeql.yaml | 44 +++++++++++++++++++++++++ .github/workflows/ct-lint.yaml | 2 +- .github/workflows/helm-install.yaml | 2 +- .github/workflows/lint.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/tests._yaml | 49 ---------------------------- .github/workflows/tests.yaml | 49 ++++++++++++++++++++++++++++ Makefile | 9 +++++ 12 files changed, 109 insertions(+), 100 deletions(-) delete mode 100644 .github/workflows/codeql._yaml create mode 100644 .github/workflows/codeql.yaml delete mode 100644 .github/workflows/tests._yaml create mode 100644 .github/workflows/tests.yaml diff --git a/.github/workflows/ah-lint.yaml b/.github/workflows/ah-lint.yaml index 7ca39b7..b4401b2 100644 --- a/.github/workflows/ah-lint.yaml +++ b/.github/workflows/ah-lint.yaml @@ -2,7 +2,7 @@ name: ArtifactHub Lint -# permissions: {} +permissions: {} on: pull_request: diff --git a/.github/workflows/check-actions.yaml b/.github/workflows/check-actions.yaml index 7468441..cd4a19c 100644 --- a/.github/workflows/check-actions.yaml +++ b/.github/workflows/check-actions.yaml @@ -2,7 +2,7 @@ name: Check actions -# permissions: {} +permissions: {} on: pull_request: diff --git a/.github/workflows/codegen.yaml b/.github/workflows/codegen.yaml index 0af4aaf..162f19a 100644 --- a/.github/workflows/codegen.yaml +++ b/.github/workflows/codegen.yaml @@ -2,7 +2,7 @@ name: Verify codegen -# permissions: {} +permissions: {} on: pull_request: diff --git a/.github/workflows/codeql._yaml b/.github/workflows/codeql._yaml deleted file mode 100644 index 0df65c1..0000000 --- a/.github/workflows/codeql._yaml +++ /dev/null @@ -1,44 +0,0 @@ -# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json - -# name: CodeQL - -# permissions: {} - -# on: -# pull_request: -# branches: -# - main -# push: -# branches: -# - main - -# concurrency: -# group: ${{ github.workflow }}-${{ github.ref }} -# cancel-in-progress: true - -# jobs: -# required: -# runs-on: ubuntu-latest -# permissions: -# security-events: write -# steps: -# - name: Checkout -# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 -# with: -# fetch-depth: 0 -# - name: Run Trivy vulnerability scanner in repo mode -# uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1 -# with: -# scan-type: fs -# ignore-unfixed: false -# format: sarif -# output: trivy-results.sarif -# severity: CRITICAL,HIGH,MEDIUM -# scanners: vuln,secret -# exit-code: '0' -# vuln-type: os,library -# - name: Upload Trivy scan results to GitHub Security tab -# uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 -# with: -# sarif_file: trivy-results.sarif -# category: code \ No newline at end of file diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml new file mode 100644 index 0000000..cf1931f --- /dev/null +++ b/.github/workflows/codeql.yaml @@ -0,0 +1,44 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json + +name: CodeQL + +permissions: {} + +on: + pull_request: + branches: + - main + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + required: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1 + with: + scan-type: fs + ignore-unfixed: false + format: sarif + output: trivy-results.sarif + severity: CRITICAL,HIGH,MEDIUM + scanners: vuln,secret + exit-code: '0' + vuln-type: os,library + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + with: + sarif_file: trivy-results.sarif + category: code \ No newline at end of file diff --git a/.github/workflows/ct-lint.yaml b/.github/workflows/ct-lint.yaml index a24d5a9..750cb0e 100644 --- a/.github/workflows/ct-lint.yaml +++ b/.github/workflows/ct-lint.yaml @@ -2,7 +2,7 @@ name: CT Lint -# permissions: {} +permissions: {} on: pull_request: diff --git a/.github/workflows/helm-install.yaml b/.github/workflows/helm-install.yaml index 65a3bc0..43dbddd 100644 --- a/.github/workflows/helm-install.yaml +++ b/.github/workflows/helm-install.yaml @@ -2,7 +2,7 @@ name: Helm install -# permissions: {} +permissions: {} on: pull_request: diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 9f01331..05e6b36 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -2,7 +2,7 @@ name: Lint -# permissions: {} +permissions: {} on: pull_request: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 08ea989..c641f3d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -2,7 +2,7 @@ name: Release -# permissions: {} +permissions: {} on: push: diff --git a/.github/workflows/tests._yaml b/.github/workflows/tests._yaml deleted file mode 100644 index 430972c..0000000 --- a/.github/workflows/tests._yaml +++ /dev/null @@ -1,49 +0,0 @@ -# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json - -# name: Tests - -# permissions: {} - -# on: -# pull_request: -# branches: -# - main -# push: -# branches: -# - main - -# concurrency: -# group: ${{ github.workflow }}-${{ github.ref }} -# cancel-in-progress: true - -# jobs: -# unit-tests: -# runs-on: ubuntu-latest -# steps: -# - name: Checkout -# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 -# - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 -# with: -# go-version-file: go.mod -# cache-dependency-path: go.sum -# # - name: Create test cluster -# # run: | -# # set -e -# # make kind-cluster -# - name: Run tests -# run: | -# set -e -# make tests -# - name: Upload Report to Codecov -# uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 -# with: -# file: ./coverage.out -# fail_ci_if_error: true -# verbose: true - -# required: -# needs: -# - unit-tests -# runs-on: ubuntu-latest -# steps: -# - run: echo "Required jobs success!" \ No newline at end of file diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml new file mode 100644 index 0000000..62e10b3 --- /dev/null +++ b/.github/workflows/tests.yaml @@ -0,0 +1,49 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json + +name: Tests + +permissions: {} + +on: + pull_request: + branches: + - main + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + unit-tests: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version-file: go.mod + cache-dependency-path: go.sum + # - name: Create test cluster + # run: | + # set -e + # make kind-cluster + - name: Run tests + run: | + set -e + make tests + - name: Upload Report to Codecov + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 + with: + file: ./coverage.out + fail_ci_if_error: true + verbose: true + + required: + needs: + - unit-tests + runs-on: ubuntu-latest + steps: + - run: echo "Required jobs success!" \ No newline at end of file diff --git a/Makefile b/Makefile index 0fcdcdb..1e2d16f 100644 --- a/Makefile +++ b/Makefile @@ -96,6 +96,15 @@ ko-build: $(KO) ## Build image (with ko) @LDFLAGS=$(LD_FLAGS) KOCACHE=$(KO_CACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \ $(KO) build . --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM) +######## +# TEST # +######## + +.PHONY: tests +tests: build ## Run tests + @echo Running tests... >&2 + @go test ./... -race -coverprofile=coverage.out -covermode=atomic + ########### # CODEGEN # ###########