ci: use a smarter git status
check for uncommitted files
#743
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Code static analysis | |
on: # yamllint disable-line rule:truthy | |
push: | |
pull_request: | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
check-generated-code: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Rerun all code generators we have | |
run: python3 ci/cached-builds/gen_gha_matrix_jobs.py | |
- name: Check there aren't any modified files present | |
run: | | |
clean=$(git status --porcelain) | |
if [[ -z "$clean" ]]; then | |
echo "Empty git status --porcelain: $clean" | |
else | |
echo "Uncommitted file changes detected: $clean" | |
git diff | |
exit 1 | |
fi | |
code-static-analysis: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Validate YAML files (best code practices check included) | |
id: validate-yaml-files | |
run: | | |
type yamllint || sudo apt-get -y install yamllint | |
find . -name "*.yaml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml | |
find . -name "*.yml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml | |
# In some YAML files we use JSON strings, let's check these | |
- name: Validate JSON strings in YAML files (just syntax) | |
id: validate-json-strings-in-yaml-files | |
run: | | |
type json_verify || sudo apt-get -y install yajl-tools | |
bash ./ci/check-json.sh | |
- name: Validate JSON files (just syntax) | |
id: validate-json-files | |
run: | | |
type json_verify || sudo apt-get -y install yajl-tools | |
shopt -s globstar | |
ret_code=0 | |
echo "-- Checking a regular '*.json' files" | |
for f in **/*.json; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done | |
echo "-- Checking a 'Pipfile.lock' files" | |
for f in **/Pipfile.lock; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done | |
echo "-- Checking a '*.ipynb' Jupyter notebook files" | |
for f in **/*.ipynb; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done | |
if test "${ret_code}" -ne 0; then | |
echo "There were errors in some of the checked files. Please run `json_verify` on such files and fix issues there." | |
fi | |
exit "${ret_code}" | |
- name: Validate Dockerfiles | |
id: validate-dockerfiles | |
run: | | |
type hadolint || sudo apt-get -y install wget \ | |
&& wget --output-document=hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 \ | |
&& chmod a+x hadolint | |
echo "Starting Hadolint" | |
find . -name "Dockerfile" | xargs ./hadolint --config ./ci/hadolint-config.yaml | |
echo "Hadolint done" | |
# This simply checks that the manifests and respective kustomization.yaml finishes without an error. | |
- name: Check kustomize manifest | |
id: kustomize-manifests | |
run: | | |
kubectl version --client=true | |
echo "----------------------------------------------------------" | |
echo "Starting 'kubectl kustomize manifests/base'" | |
echo "----------------------------------------------------------" | |
kubectl kustomize manifests/base | |
echo "----------------------------------------------------------" | |
echo "Starting 'kubectl kustomize manifests/overlays/additional'" | |
echo "----------------------------------------------------------" | |
kubectl kustomize manifests/overlays/additional |