Maintenance bash-tools-framework 6.1.1 #329
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # kics-scan disable=CWE-829 | |
| # Lint the code base and launch unit test at each push or pull request | |
| name: Lint and test | |
| on: # yamllint disable-line rule:truthy | |
| push: | |
| # execute when pushing only branches, not tags | |
| branches: | |
| - "**" | |
| # avoid infinite loop for auto created PRs | |
| - "!update/pre-commit-*" | |
| tags: | |
| - "*" | |
| workflow_dispatch: | |
| # cancel previous build if several pushes | |
| concurrency: | |
| group: >- | |
| ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| # Apply linter fixes configuration | |
| # When active, APPLY_FIXES must also be defined as | |
| # environment variable (in github/workflows/mega-linter.yml | |
| # or other CI tool) | |
| APPLY_FIXES: all | |
| # Decide which event triggers application of fixes in a | |
| # commit or a PR (pull_request, push, all) | |
| APPLY_FIXES_EVENT: all | |
| # If APPLY_FIXES is used, defines if the fixes are | |
| # directly committed (commit) or posted in a PR (pull_request) | |
| APPLY_FIXES_MODE: pull_request | |
| # variables to compute complex conditions | |
| COND_UPDATED_SOURCES: false | |
| COND_APPLY_FIXES_NEEDED: false | |
| permissions: read-all | |
| jobs: | |
| # ------------------------------------------------------- | |
| # Pre-commit | |
| # ------------------------------------------------------- | |
| pre-commit: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| # needed by ouzi-dev/commit-status-updater@v2 | |
| statuses: write | |
| # needed by megalinter | |
| issues: write | |
| # needed by megalinter | |
| pull-requests: write | |
| steps: | |
| - uses: ouzi-dev/commit-status-updater@v2 | |
| with: | |
| name: build-bash-tools | |
| status: pending | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - uses: crazy-max/ghaction-import-gpg@v6 | |
| if: ${{ success() }} | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - uses: tibdex/github-app-token@v2 | |
| if: ${{ success() }} | |
| id: generate-token | |
| with: | |
| app_id: ${{ secrets.APP_ID }} | |
| private_key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - uses: ouzi-dev/commit-status-updater@v2 | |
| with: | |
| name: pre-commit-megalinter | |
| status: pending | |
| - name: Set env vars | |
| id: vars | |
| # shellcheck disable=SC2129 | |
| run: | | |
| ( | |
| echo "branch_name=${GITHUB_REF##*/}" | |
| ) >> "${GITHUB_ENV}" | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.9 | |
| - uses: fchastanet/[email protected] | |
| - name: Install requirements | |
| run: | | |
| set -exo pipefail | |
| bin/installRequirements | |
| vendor/bash-tools-framework/bin/installRequirements | |
| vendor/bash-tools-framework/bin/installRequirements | |
| docker pull scrasnups/build:bash-tools-ubuntu-5.3 | |
| - name: Run pre-commit | |
| uses: pre-commit/[email protected] | |
| id: preCommit | |
| with: | |
| extra_args: >- | |
| -c .pre-commit-config-github.yaml -a --hook-stage manual | |
| - name: MegaLinter | |
| id: ml | |
| if: ${{ always() }} | |
| # You can override MegaLinter flavor used to have faster performances | |
| # More info at https://megalinter.io/latest/flavors/ | |
| uses: oxsecurity/megalinter/flavors/terraform@v8 | |
| # All available variables are described in documentation | |
| # https://megalinter.io/latest/configuration/ | |
| env: | |
| # Validates all source when push on master, | |
| # else just the git diff with master. | |
| # Override with true if you always want to lint all sources | |
| VALIDATE_ALL_CODEBASE: true | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MEGALINTER_CONFIG: .mega-linter-githubAction.yml | |
| CI_MODE: 1 | |
| - name: Upload MegaLinter artifacts | |
| if: success() || failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: MegaLinter reports | |
| path: | | |
| megalinter-reports | |
| mega-linter.log | |
| - name: MegaLinter/Precommit has updated sources | |
| if: > | |
| steps.preCommit.outcome == 'failure' || ( | |
| steps.ml.outputs.has_updated_sources == 1 && ( | |
| env.APPLY_FIXES_EVENT == 'all' || | |
| env.APPLY_FIXES_EVENT == github.event_name | |
| ) | |
| ) | |
| run: | | |
| echo "COND_UPDATED_SOURCES=true" >> "${GITHUB_ENV}" | |
| - name: is apply fixes needed ? | |
| if: > | |
| env.APPLY_FIXES_MODE == 'pull_request' && ( | |
| github.event_name == 'push' || | |
| github.event.pull_request.head.repo.full_name == | |
| github.repository | |
| ) | |
| run: | | |
| echo "COND_APPLY_FIXES_NEEDED=true" >> "${GITHUB_ENV}" | |
| - name: Create Pull Request | |
| id: cpr | |
| # prettier-ignore | |
| if: > | |
| env.COND_UPDATED_SOURCES == 'true' && | |
| env.COND_APPLY_FIXES_NEEDED == 'true' && | |
| !contains(github.event.head_commit.message, 'skip fix') | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ steps.generate-token.outputs.token }} | |
| committer: fchastanet <[email protected]> | |
| branch: update/pre-commit-fixes-${{ env.branch_name }} | |
| delete-branch: true | |
| title: lint fixes | |
| commit-message: Auto-update lint fixes | |
| body: | | |
| some auto fixes have been generated during pre-commit run | |
| labels: pre-commit-fixes | |
| - name: Print Pull request created | |
| if: | | |
| steps.cpr.outputs.pull-request-number && | |
| steps.cpr.outcome == 'success' | |
| run: | | |
| echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" | |
| echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" | |
| - uses: ouzi-dev/commit-status-updater@v2 | |
| if: ${{ always() }} | |
| with: | |
| name: pre-commit-megalinter | |
| status: ${{ job.status }} | |
| # ------------------------------------------------------- | |
| # Unit tests | |
| # ------------------------------------------------------- | |
| unit-tests: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| # needed by ouzi-dev/commit-status-updater@v2 | |
| statuses: write | |
| # needed by mikepenz/action-junit-report@v4 | |
| checks: write | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| vendor: | |
| - ubuntu | |
| - alpine | |
| bashTarVersion: | |
| - "4.4" | |
| - "5.0" | |
| - "5.3" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - uses: crazy-max/ghaction-import-gpg@v6 | |
| if: ${{ success() }} | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - uses: tibdex/github-app-token@v2 | |
| if: ${{ success() }} | |
| id: generate-token | |
| with: | |
| app_id: ${{ secrets.APP_ID }} | |
| private_key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - uses: ouzi-dev/commit-status-updater@v2 | |
| with: | |
| name: unit-tests-${{matrix.vendor}}-${{matrix.bashTarVersion}} | |
| status: pending | |
| - name: Set env vars | |
| id: vars | |
| # shellcheck disable=SC2129 | |
| run: | | |
| ( | |
| echo "job_tag=${{github.run_id}}-${{matrix.vendor}}-${{matrix.bashTarVersion}}" | |
| echo "image_tag=bash-tools-${{matrix.vendor}}-${{matrix.bashTarVersion}}" | |
| echo "image_name=scrasnups/build" | |
| echo "branch_name=${GITHUB_REF##*/}" | |
| if [[ "${{ matrix.vendor }}" = "ubuntu" ]]; then | |
| echo "bashImage=ubuntu:20.04" | |
| echo "batsOptions=-j 30" | |
| else | |
| echo "bashImage=amd64/bash:${{ matrix.bashTarVersion }}-alpine3.19" | |
| echo "batsOptions=-j 30 --filter-tags '!ubuntu_only'" | |
| fi | |
| ) >> "${GITHUB_ENV}" | |
| - name: install requirements | |
| run: | | |
| set -exo pipefail | |
| chmod 777 logs | |
| bin/installRequirements | |
| vendor/bash-tools-framework/bin/installRequirements | |
| - name: run unit tests | |
| id: unitTests | |
| run: | | |
| set -exo pipefail | |
| status=0 | |
| CI_MODE=1 ./test.sh "scrasnups/build:${{env.image_tag}}" \ | |
| ${{env.batsOptions}} \ | |
| --formatter junit -o logs -r src 2>&1 | | |
| tee "logs/bats-${{ env.job_tag }}.log" || status=$? | |
| awk '/xml version="1.0"/{flag=1} flag; /<\/testsuites>/{flag=0}' \ | |
| "logs/bats-${{ env.job_tag }}.log" >"logs/junit-${{ env.job_tag }}.xml" | |
| exit "${status}" | |
| - name: Publish Test Report | |
| uses: mikepenz/action-junit-report@v5 | |
| if: ${{ always()}} | |
| with: | |
| token: ${{ github.token }} | |
| check_name: JUnit ${{ env.image_tag }} | |
| fail_on_failure: true | |
| require_tests: true | |
| require_passed_tests: true | |
| report_paths: "logs/**.xml" | |
| - name: Checkstyle aggregation | |
| uses: lcollins/[email protected] | |
| with: | |
| path: "logs/*.xml" | |
| - name: Upload Test Results | |
| if: ${{ always() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Test Results ${{ env.image_tag }} | |
| path: | | |
| logs/** | |
| - uses: ouzi-dev/commit-status-updater@v2 | |
| with: | |
| name: unit-tests-${{matrix.vendor}}-${{matrix.bashTarVersion}} | |
| status: ${{ job.status }} | |
| overallTestResults: | |
| name: "Overall Tests Results" | |
| if: ${{ always() }} | |
| needs: [unit-tests] | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| # needed by ouzi-dev/commit-status-updater@v2 | |
| statuses: write | |
| steps: | |
| # run this action to get the workflow conclusion | |
| # You can get the conclusion via env (env.WORKFLOW_CONCLUSION) | |
| - uses: AbsoLouie/[email protected] | |
| - uses: ouzi-dev/commit-status-updater@v2 | |
| with: | |
| name: build-bash-tools | |
| # neutral, success, skipped, cancelled, timed_out, action_required, failure | |
| status: ${{ env.WORKFLOW_CONCLUSION }} |