Skip to content

setup(dockerfile): update golang from 1.23.4 to 1.23.5 #18

setup(dockerfile): update golang from 1.23.4 to 1.23.5

setup(dockerfile): update golang from 1.23.4 to 1.23.5 #18

name: "New changes validation"
on:
pull_request: # yamllint disable-line rule:empty-values
permissions:
contents: "read"
packages: "read"
env:
REGISTRY: "ghcr.io"
IMAGE_NAME: "articola-tools/file-path-validator"
jobs:
find-changed-files:
runs-on: "ubuntu-latest"
outputs:
is_yaml_changed: "${{ steps.filter.outputs.yaml }}"
is_dockerfile_changed: "${{ steps.filter.outputs.dockerfile }}"
is_validator_image_changed: "${{ steps.filter.outputs.validator-image }}"
is_go_changed: "${{ steps.filter.outputs.go }}"
is_markdown_changed: "${{ steps.filter.outputs.markdown }}"
changed_or_added_files: "${{ steps.filter.outputs.changed-or-added-files }}"
changed_or_added_files_list: "${{ steps.filter.outputs.changed-or-added-files_files }}"
permissions:
pull-requests: "read"
steps:
- name: "Checkout ${{ github.event.repository.name }}"
uses: "actions/checkout@v4"
with:
fetch-depth: 1
- name: "Find changed files"
uses: "dorny/paths-filter@v3"
id: "filter"
with:
list-files: "shell"
filters: |
yaml:
- "**/*.yaml"
- "**/*.yml"
dockerfile:
- "**/Dockerfile"
validator-image:
- "**/Dockerfile"
- "**/.dockerignore"
- "**/*.go"
go:
- "**/*.go"
markdown:
- "**/*.md"
changed-or-added-files:
- added|modified: '**'
validate-file-path-validator-image:
runs-on: "ubuntu-latest"
needs: "find-changed-files"
if: "${{ needs.find-changed-files.outputs.is_validator_image_changed == 'true' }}"
# NOTE: building and running Docker image of file path validator take around 1 minute.
# If this job takes more than 5 minutes, it means that something is wrong.
timeout-minutes: 5
steps:
- name: "Checkout ${{ github.event.repository.name }}"
uses: "actions/checkout@v4"
- name: "Set up Docker Buildx"
uses: "docker/setup-buildx-action@v3"
- name: "Login to Docker registry"
uses: "docker/login-action@v3"
with:
registry: "${{ env.REGISTRY }}"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "Build file path validator Docker image"
uses: "docker/build-push-action@v6"
with:
push: false
load: true
# NOTE: using another name to don't allow docker to download image from the internet in the next step.
tags: "local/file-path-validator-pr:latest"
cache-from: "type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
cache-to: "type=inline"
- name: "Check correct snake_case file paths"
run: |
while IFS= read -r file_path; do
docker run --rm local/file-path-validator-pr:latest \
--naming-convention snake_case --path-to-validate "$file_path";
done < ${{ github.workspace }}/tests/correct_snake_case_file_paths.txt
- name: "Check incorrect snake_case file paths"
run: |
while IFS= read -r file_path; do
if docker run --rm local/file-path-validator-pr:latest \
--naming-convention snake_case --path-to-validate "$file_path"; then
echo "Validation unexpectedly succeeded for file path '$file_path'!" >&2
exit 1
fi
done < ${{ github.workspace }}/tests/incorrect_snake_case_file_paths.txt
- name: "Check correct PascalCase file paths"
run: |
while IFS= read -r file_path; do
docker run --rm local/file-path-validator-pr:latest \
--naming-convention PascalCase --path-to-validate "$file_path";
done < ${{ github.workspace }}/tests/correct_pascal_case_file_paths.txt
- name: "Check incorrect PascalCase file paths"
run: |
while IFS= read -r file_path; do
if docker run --rm local/file-path-validator-pr:latest \
--naming-convention PascalCase --path-to-validate "$file_path"; then
echo "Validation unexpectedly succeeded for file path '$file_path'!" >&2
exit 1
fi
done < ${{ github.workspace }}/tests/incorrect_pascal_case_file_paths.txt
- name: "Validate files in repo directory"
run: |
for path in $(find . -type f); do
# NOTE: ignore `.idea` folder because it's generated.
# NOTE: ignore files with special names.
# NOTE: ignore `.git` folder because it's generated.
if [[ "$path" != ./.idea* && "$path" != ./.git* && "$path" != *Dockerfile && "$path" != *README.md
&& "$path" != *LICENSE ]]; then
docker run --rm local/file-path-validator-pr:latest \
--naming-convention snake_case --path-to-validate "$path";
fi
done
- name: "Run Dockerfile security scanner"
run: "docker run --rm --group-add $(getent group docker | cut -d: -f3)
-v /var/run/docker.sock:/var/run/docker.sock
${{ env.REGISTRY }}/articola-tools/dockerfile-security-scanner local/file-path-validator-pr:latest"
validate-dockerfile-changes:
runs-on: "ubuntu-latest"
needs: "find-changed-files"
if: "${{ needs.find-changed-files.outputs.is_dockerfile_changed == 'true' }}"
# NOTE: validating Dockerfile changes takes around 1 minute.
# If this job takes more than 5 minutes, it means that something is wrong.
timeout-minutes: 5
steps:
- name: "Checkout ${{ github.event.repository.name }}"
uses: "actions/checkout@v4"
- name: "Login to Docker registry"
uses: "docker/login-action@v3"
with:
registry: "${{ env.REGISTRY }}"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "Run Dockerfile linter"
run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo
${{ env.REGISTRY }}/articola-tools/dockerfile-linter:latest"
validate-yaml-changes:
runs-on: "ubuntu-latest"
needs: "find-changed-files"
if: "${{ needs.find-changed-files.outputs.is_yaml_changed == 'true' }}"
# NOTE: validating YAML changes takes around 1 minute.
# If this job takes more than 5 minutes, it means that something is wrong.
timeout-minutes: 5
steps:
- name: "Checkout ${{ github.event.repository.name }}"
uses: "actions/checkout@v4"
- name: "Login to Docker registry"
uses: "docker/login-action@v3"
with:
registry: "${{ env.REGISTRY }}"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "Run YAML linter"
run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo
${{ env.REGISTRY }}/articola-tools/yaml-linter:latest"
validate-markdown-changes:
runs-on: "ubuntu-latest"
needs: "find-changed-files"
if: "${{ needs.find-changed-files.outputs.is_markdown_changed == 'true' }}"
# NOTE: validating Markdown changes takes around 1 minute.
# If this job takes more than 5 minutes, it means that something is wrong.
timeout-minutes: 5
steps:
- name: "Checkout ${{ github.event.repository.name }}"
uses: "actions/checkout@v4"
- name: "Login to Docker registry"
uses: "docker/login-action@v3"
with:
registry: "${{ env.REGISTRY }}"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "Run Dockerfile linter"
run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo
${{ env.REGISTRY }}/articola-tools/markdown-linter:latest"
validate-go-changes:
runs-on: "ubuntu-latest"
needs: "find-changed-files"
if: "${{ needs.find-changed-files.outputs.is_go_changed == 'true' }}"
# NOTE: validating Go changes takes around 1 minute.
# If this job takes more than 5 minutes, it means that something is wrong.
timeout-minutes: 5
steps:
- name: "Checkout ${{ github.event.repository.name }}"
uses: "actions/checkout@v4"
- name: "Build code"
run: "go build -ldflags \"-s -w\" -o file_path_validator ./cmd/file_path_validator/"
- name: "Run unit tests"
run: "go test ./..."
- name: "Validate files in repo directory"
run: |
for path in $(find . -type f); do
# NOTE: ignore `.idea` folder because it's generated.
# NOTE: ignore files with special names.
# NOTE: ignore `.git` folder because it's generated.
if [[ "$path" != ./.idea* && "$path" != ./.git* && "$path" != *Dockerfile && "$path" != *README.md
&& "$path" != *LICENSE ]]; then
./file_path_validator --naming-convention snake_case --path-to-validate "$path";
fi
done
- name: "Login to Docker registry"
uses: "docker/login-action@v3"
with:
registry: "${{ env.REGISTRY }}"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "Run linter"
run: "docker run --rm -v ./:/linter_workdir ${{ env.REGISTRY }}/articola-tools/go-linter:latest"
validate-file-paths:
runs-on: "ubuntu-latest"
needs: "find-changed-files"
# NOTE: do not run this job when `is_validator_image_changed` or `is_go_changed` is true, because this job validates
# file paths changes with the latest released file-path-validator image, and new changes in file-path-validator image
# or Go code can introduce false positives for this job (since changes in file-path-validator or Go code can change
# how file paths are validated).
if: "${{ needs.find-changed-files.outputs.changed_or_added_files == 'true'
&& needs.find-changed-files.outputs.is_validator_image_changed == 'false'
&& needs.find-changed-files.outputs.is_go_changed == 'false' }}"
# NOTE: validating file paths takes around 1 minute.
# If this job takes more than 5 minutes, it means that something is wrong.
timeout-minutes: 5
steps:
- name: "Validate file paths"
run: |
for path in ${{ needs.find-changed-files.outputs.changed_or_added_files_list }}; do
# NOTE: ignore `.idea` folder because it's generated. Ignore files with special names.
if [[ "$path" != .idea* && "$path" != *Dockerfile && "$path" != *README.md && "$path" != *LICENSE ]]; then
docker run --rm ${{ env.REGISTRY }}/articola-tools/file-path-validator \
--naming-convention snake_case --path-to-validate "$path";
fi
done