-
Notifications
You must be signed in to change notification settings - Fork 5
131 lines (112 loc) · 3.23 KB
/
static.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# SPDX-License-Identifier: MIT
# (c) Copyright 2023 Advanced Micro Devices, Inc.
name: "Static Analysis"
on:
workflow_dispatch:
inputs:
lint_codebase:
description: Lint all files instead of changed
default: false
required: true
type: boolean
pull_request:
branches: [master]
push:
branches: [master]
# schedule:
# - cron: '44 2 * * 5'
env:
lint-all: ${{ github.event_name == 'workflow_dispatch' && inputs.lint_codebase }}
permissions:
contents: read
jobs:
lint-general:
name: Super Linter
runs-on: ubuntu-latest
timeout-minutes: 20
permissions:
contents: read
statuses: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # super-linter req
- name: Super Linter
uses: docker://ghcr.io/super-linter/super-linter:slim-v5.3.1 # go-1.21
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# super-linter is designed around linting changed files only,
# which is fast. Optionally, lint all files.
VALIDATE_ALL_CODEBASE: ${{ env.lint-all }}
VALIDATE_GO: false
FILTER_REGEX_EXCLUDE: '(.*/ContainerFileNotice|.*_patch\.yaml)'
KUBERNETES_KUBECONFORM_OPTIONS: --ignore-missing-schemas
IGNORE_GITIGNORED_FILES: true
ERROR_ON_MISSING_EXEC_BIT: true
LINTER_RULES_PATH: /
YAML_CONFIG_FILE: .yamllint.yml
GO_LINTER_RULES: .golangci.yml
# super-linter has issues with go-1.21 & linting of changed go files only
lint-go:
name: Go Linter
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Go - setup env
uses: actions/setup-go@v4
with:
go-version-file: go.mod
cache: false # handled by linter action
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.54 # go 1.21
only-new-issues: ${{ !env.lint-all }}
unit-tests:
name: Unit Tests
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Go - setup env
uses: actions/setup-go@v4
with:
go-version-file: go.mod
- run: make test
analyse:
name: CodeQL
runs-on: ubuntu-latest
needs: [ unit-tests, lint-go ] # cost mitigation
timeout-minutes: 360
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ go ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Go - setup env
uses: actions/setup-go@v4
with:
go-version-file: go.mod
- name: Go - download dependencies
run: go get
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: security-extended,security-and-quality
- name: Go Build on Operator, Device Plugin, and Worker
run: make build device-plugin-build worker-build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"