Skip to content

Maintenance bash-tools-framework 6.1.1 #332

Maintenance bash-tools-framework 6.1.1

Maintenance bash-tools-framework 6.1.1 #332

Workflow file for this run

# kics-scan disable=555ab8f9-2001-455e-a077-f2d0f41e2fb9
---
# Lint the code base and launch unit test at each push or pull request
name: Lint and test
on: # yamllint disable-line rule:truthy
push:
# execute when pushing only branches, not tags
branches:
- "**"
# avoid infinite loop for auto created PRs
- "!update/pre-commit-*"
tags:
- "*"
workflow_dispatch:
# cancel previous build if several pushes
concurrency:
group: >-
${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
# Apply linter fixes configuration
# When active, APPLY_FIXES must also be defined as
# environment variable (in github/workflows/mega-linter.yml
# or other CI tool)
APPLY_FIXES: all
# Decide which event triggers application of fixes in a
# commit or a PR (pull_request, push, all)
APPLY_FIXES_EVENT: all
# If APPLY_FIXES is used, defines if the fixes are
# directly committed (commit) or posted in a PR (pull_request)
APPLY_FIXES_MODE: pull_request
# variables to compute complex conditions
COND_UPDATED_SOURCES: false
COND_APPLY_FIXES_NEEDED: false
permissions: read-all
jobs:
# -------------------------------------------------------
# Pre-commit
# -------------------------------------------------------
pre-commit:
runs-on: ubuntu-22.04
permissions:
# needed by ouzi-dev/commit-status-updater@v2
statuses: write
# needed by megalinter
issues: write
# needed by megalinter
pull-requests: write
steps:
- uses: ouzi-dev/commit-status-updater@v2
with:
name: build-bash-tools
status: pending
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: crazy-max/ghaction-import-gpg@v6
if: ${{ success() }}
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- uses: tibdex/github-app-token@v2
if: ${{ success() }}
id: generate-token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- uses: ouzi-dev/commit-status-updater@v2
with:
name: pre-commit-megalinter
status: pending
- name: Set env vars
id: vars
# shellcheck disable=SC2129
run: |
(
echo "branch_name=${GITHUB_REF##*/}"
) >> "${GITHUB_ENV}"
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- uses: fchastanet/[email protected]
- name: Install requirements
run: |
set -exo pipefail
bin/installRequirements
vendor/bash-tools-framework/bin/installRequirements
vendor/bash-tools-framework/bin/installRequirements
docker pull scrasnups/build:bash-tools-ubuntu-5.3
- name: Run pre-commit
uses: pre-commit/[email protected]
id: preCommit
with:
extra_args: >-
-c .pre-commit-config-github.yaml -a --hook-stage manual
- name: MegaLinter
id: ml
if: ${{ always() }}
# You can override MegaLinter flavor used to have faster performances
# More info at https://megalinter.io/latest/flavors/
uses: oxsecurity/megalinter/flavors/terraform@v8
# All available variables are described in documentation
# https://megalinter.io/latest/configuration/
env:
# Validates all source when push on master,
# else just the git diff with master.
# Override with true if you always want to lint all sources
VALIDATE_ALL_CODEBASE: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MEGALINTER_CONFIG: .mega-linter-githubAction.yml
CI_MODE: 1
- name: Upload MegaLinter artifacts
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log
- name: MegaLinter/Precommit has updated sources
if: >
steps.preCommit.outcome == 'failure' || (
steps.ml.outputs.has_updated_sources == 1 && (
env.APPLY_FIXES_EVENT == 'all' ||
env.APPLY_FIXES_EVENT == github.event_name
)
)
run: |
echo "COND_UPDATED_SOURCES=true" >> "${GITHUB_ENV}"
- name: is apply fixes needed ?
if: >
env.APPLY_FIXES_MODE == 'pull_request' && (
github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name ==
github.repository
)
run: |
echo "COND_APPLY_FIXES_NEEDED=true" >> "${GITHUB_ENV}"
- name: Create Pull Request
id: cpr
# prettier-ignore
if: >
env.COND_UPDATED_SOURCES == 'true' &&
env.COND_APPLY_FIXES_NEEDED == 'true' &&
!contains(github.event.head_commit.message, 'skip fix')
uses: peter-evans/create-pull-request@v7
with:
token: ${{ steps.generate-token.outputs.token }}
committer: fchastanet <[email protected]>
branch: update/pre-commit-fixes-${{ env.branch_name }}
delete-branch: true
title: lint fixes
commit-message: Auto-update lint fixes
body: |
some auto fixes have been generated during pre-commit run
labels: pre-commit-fixes
- name: Print Pull request created
if: |
steps.cpr.outputs.pull-request-number &&
steps.cpr.outcome == 'success'
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
- uses: ouzi-dev/commit-status-updater@v2
if: ${{ always() }}
with:
name: pre-commit-megalinter
status: ${{ job.status }}
# -------------------------------------------------------
# Unit tests
# -------------------------------------------------------
unit-tests:
runs-on: ubuntu-22.04
permissions:
# needed by ouzi-dev/commit-status-updater@v2
statuses: write
# needed by mikepenz/action-junit-report@v4
checks: write
strategy:
fail-fast: true
matrix:
vendor:
- ubuntu
- alpine
bashTarVersion:
- "4.4"
- "5.0"
- "5.3"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: crazy-max/ghaction-import-gpg@v6
if: ${{ success() }}
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- uses: tibdex/github-app-token@v2
if: ${{ success() }}
id: generate-token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- uses: ouzi-dev/commit-status-updater@v2
with:
name: unit-tests-${{matrix.vendor}}-${{matrix.bashTarVersion}}
status: pending
- name: Set env vars
id: vars
# shellcheck disable=SC2129
run: |
(
echo "job_tag=${{github.run_id}}-${{matrix.vendor}}-${{matrix.bashTarVersion}}"
echo "image_tag=bash-tools-${{matrix.vendor}}-${{matrix.bashTarVersion}}"
echo "image_name=scrasnups/build"
echo "branch_name=${GITHUB_REF##*/}"
if [[ "${{ matrix.vendor }}" = "ubuntu" ]]; then
echo "bashImage=ubuntu:20.04"
echo "batsOptions=-j 30"
else
echo "bashImage=amd64/bash:${{ matrix.bashTarVersion }}-alpine3.19"
echo "batsOptions=-j 30 --filter-tags '!ubuntu_only'"
fi
) >> "${GITHUB_ENV}"
- name: install requirements
run: |
set -exo pipefail
chmod 777 logs
bin/installRequirements
vendor/bash-tools-framework/bin/installRequirements
- name: run unit tests
id: unitTests
run: |
set -exo pipefail
status=0
CI_MODE=1 ./test.sh "scrasnups/build:${{env.image_tag}}" \
${{env.batsOptions}} \
--formatter junit -o logs -r src 2>&1 |
tee "logs/bats-${{ env.job_tag }}.log" || status=$?
awk '/xml version="1.0"/{flag=1} flag; /<\/testsuites>/{flag=0}' \
"logs/bats-${{ env.job_tag }}.log" >"logs/junit-${{ env.job_tag }}.xml"
exit "${status}"
- name: Publish Test Report
uses: mikepenz/action-junit-report@v5
if: ${{ always()}}
with:
token: ${{ github.token }}
check_name: JUnit ${{ env.image_tag }}
fail_on_failure: true
require_tests: true
require_passed_tests: true
report_paths: "logs/**.xml"
- name: Checkstyle aggregation
uses: lcollins/[email protected]
with:
path: "logs/*.xml"
- name: Upload Test Results
if: ${{ always() }}
uses: actions/upload-artifact@v4
with:
name: Test Results ${{ env.image_tag }}
path: |
logs/**
- uses: ouzi-dev/commit-status-updater@v2
with:
name: unit-tests-${{matrix.vendor}}-${{matrix.bashTarVersion}}
status: ${{ job.status }}
overallTestResults:
name: "Overall Tests Results"
if: ${{ always() }}
needs: [unit-tests]
runs-on: ubuntu-22.04
permissions:
# needed by ouzi-dev/commit-status-updater@v2
statuses: write
steps:
# run this action to get the workflow conclusion
# You can get the conclusion via env (env.WORKFLOW_CONCLUSION)
- uses: AbsoLouie/[email protected]
- uses: ouzi-dev/commit-status-updater@v2
with:
name: build-bash-tools
# neutral, success, skipped, cancelled, timed_out, action_required, failure
status: ${{ env.WORKFLOW_CONCLUSION }}