Add betteralign to gh actions #293
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test & Build | |
| on: | |
| pull_request: | |
| branches: | |
| - 'main' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| pull-requests: write # for betteralign to comment on PR | |
| checks: write # for golangci/golangci-lint-action to annotate Pull Requests | |
| name: Lint Go code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup Golang | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 | |
| with: | |
| version: v1.54 | |
| args: --timeout 10m --exclude SA5011 --verbose --issues-exit-code=0 | |
| only-new-issues: true | |
| - name: Run betteralign | |
| id: betteralign | |
| run: | | |
| go install github.com/dkorunic/betteralign/cmd/betteralign@latest | |
| { | |
| echo 'BETTERALIGN_OUTPUT<<EOF' | |
| betteralign ./... 2>&1 || true | |
| echo "EOF" | |
| } >> "$GITHUB_ENV" | |
| - uses: actions/github-script@v7 | |
| env: | |
| BETTERALIGN_OUTPUT: '${{env.BETTERALIGN_OUTPUT}}' | |
| with: | |
| script: | | |
| const {BETTERALIGN_OUTPUT} = process.env | |
| const output = `#### Betteralign 🤖 | |
| \`\`\`bash | |
| $ betteralign ./... | |
| ${BETTERALIGN_OUTPUT} | |
| \n\`\`\` | |
| *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) | |
| govulncheck: | |
| runs-on: ubuntu-latest | |
| name: Run govulncheck | |
| steps: | |
| - id: govulncheck | |
| uses: golang/govulncheck-action@v1 | |
| with: | |
| go-version-file: go.mod | |
| go-package: ./... | |
| test: | |
| name: Run unit tests for Go packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 # v3.5.3 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Download and required packages | |
| run: | | |
| make deps | |
| - name: Run all unit tests | |
| run: make test | |
| - name: Check test coverage | |
| run: | | |
| go install github.com/vladopajic/go-test-coverage/v2@latest | |
| go-test-coverage --config=./.testcoverage.yml | |
| - name: Generate code coverage artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: code-coverage | |
| path: coverage.out | |
| build: | |
| needs: | |
| - test | |
| - lint | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - linux/amd64 | |
| - linux/arm64 | |
| name: Build Images | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: ${{ matrix.platform }} | |
| - name: Build Images | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: ${{ matrix.platform }} | |
| load: true | |
| push: false | |
| tags: quay.io/jetstack/version-checker:${{github.sha}} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: 'quay.io/jetstack/version-checker:${{github.sha}}' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' |