Skip to content

fix: Skip commit message check if token not provided #260

fix: Skip commit message check if token not provided

fix: Skip commit message check if token not provided #260

Workflow file for this run

name: CI
on:
pull_request:
push:
branches:
- main
permissions:
# Allow action to write raw configs back to the repository.
contents: write
# Run commits in order to prevent out of order write back commits.
concurrency:
group: ${{ github.head_ref || github.ref_name }}
cancel-in-progress: false
jobs:
shellcheck:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install ShellCheck
run: sudo apt-get install shellcheck
- name: Run ShellCheck test script
run: shellcheck -x -s bash .github/workflows/scripts/*.sh
go:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: 1.22
- name: Go Test
run: go test ./...
- name: Run Gosec Security Scanner
run: |
export PATH=$PATH:$(go env GOPATH)/bin
go install github.com/securego/gosec/v2/cmd/[email protected]
gosec ./...
- name: Go Build
working-directory: cmd/action
run: CGO_ENABLED=0 go build
# Scan binaries for invalid 3rd party licenses
- name: Scan Binary
working-directory: cmd/action
run: |
export PATH=$PATH:$(go env GOPATH)/bin
go install github.com/uw-labs/[email protected]
lichen --config=../../.github/license.yaml action
test:
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
# This matrix allows us to test multiple bindplane versions.
# When writing back to the repo, we write to directories based
# on the bindplane version.
bindplane_versions:
- 1.45.0 # keep
- 1.55.0 # keep
- 1.59.0 # organizations and projects
- 1.65.0
- 1.71.0
- 1.73.0
- 1.76.0
- 1.80.0
- 1.82.0
- latest # keep
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect Runner IP
run: echo "MAIN_IP=$(ip addr show | grep 'inet ' | grep -v '127.0.0.1' | awk '{print $2}' | cut -f1 -d'/' | head -n 1)" >> $GITHUB_ENV
- name: Print Runner IP
run: echo $MAIN_IP
# https://smallstep.com/docs/step-cli/installation/
- name: Install Step CLI
run: |
wget https://dl.smallstep.com/cli/docs-cli-install/latest/step-cli_amd64.deb
sudo dpkg -i step-cli_amd64.deb
- name: Generate TLS Certs
run: ./.github/workflows/scripts/tls.sh
env:
MAIN_IP: ${{ env.MAIN_IP }}
- name: Set CA certificate
run: |
{
echo 'TLS_CA_CERT<<EOF'
cat step/ca.crt
echo EOF
} >> "$GITHUB_ENV"
- name: Pull BindPlane
run: docker pull ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }}
- name: Start BindPlane
run: |
docker run \
-d \
--name bindplane \
-e BINDPLANE_USERNAME=admin \
-e BINDPLANE_PASSWORD=admin \
-e BINDPLANE_REMOTE_URL=https://${MAIN_IP}:3001 \
-e BINDPLANE_SESSION_SECRET=2c23c9d3-850f-4062-a5c8-3f9b814ae144 \
-e BINDPLANE_LOG_OUTPUT=stdout \
-e BINDPLANE_ACCEPT_EULA=true \
-e BINDPLANE_TLS_CERT=/bindplane.crt \
-e BINDPLANE_TLS_KEY=/bindplane.key \
-e BINDPLANE_LICENSE="${BINDPLANE_LICENSE}" \
-p 3001:3001 \
-v $(pwd)/step/bindplane.crt:/bindplane.crt \
-v $(pwd)/step/bindplane.key:/bindplane.key \
-v $(pwd)/step/ca.crt:/ca.crt \
ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }}
env:
BINDPLANE_LICENSE: ${{ secrets.BINDPLANE_LICENSE }}
- name: Init BindPlane Account or Organization
uses: nick-fields/retry@v2
with:
timeout_minutes: 1
polling_interval_seconds: 2
max_attempts: 3
shell: bash
command: .github/workflows/scripts/init.sh ${{ matrix.bindplane_versions }}
- name: Run BindPlane Action
# This should be replaced with a release action.
# <organization>/<repository>@<tag>
uses: ./
with:
# These values are hardcode to match the test instance used by
# this workflow. The instance does not persist. Consumers of
# this action should always use secrets when passing in the remote
# url, bindplane_username, bindplane_password or api key.
#
# Remote url will never be localhost when running this action. The action
# executes in a container and localhost will always be the container's network
# and not the network of the bindplane instance, even if that instance
# is running within this runner.
bindplane_remote_url: https://${{ env.MAIN_IP }}:3001
bindplane_username: admin
bindplane_password: admin
destination_path: test/resources/destinations/resource.yaml
configuration_path: test/resources/configurations/resource.yaml
configuration_output_dir: test/otel/${{ matrix.bindplane_versions }}
configuration_output_branch: otel-raw-configs
target_branch: main
# Token should have contents: write permissions
token: ${{ secrets.GITHUB_TOKEN }}
enable_otel_config_write_back: true
enable_auto_rollout: true
# Generally this would come from a secret, but the certificate
# was created in this workflow.
tls_ca_cert: ${{ env.TLS_CA_CERT }}
- name: Get Resources
if: always()
run: |
docker exec bindplane /bindplane get destinations --tls-ca /ca.crt
docker exec bindplane /bindplane get configurations --tls-ca /ca.crt
- name: Debug Container Logs
if: always()
run: docker logs bindplane