policies: widen allowed filepaths #2357
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
# NOTE(mhayden): Restricting branches prevents jobs from being doubled since | |
# a push to a pull request triggers two events. | |
on: | |
pull_request: | |
branches: | |
- "*" | |
push: | |
branches: | |
- main | |
# for merge queue | |
merge_group: | |
jobs: | |
unit-tests: | |
name: "π Unit tests" | |
runs-on: ubuntu-20.04 | |
container: | |
image: registry.fedoraproject.org/fedora:latest | |
steps: | |
# krb5-devel is needed to test internal/upload/koji package | |
# gcc is needed to build the mock depsolver binary for the unit tests | |
# gpgme-devel is needed for container upload dependencies | |
- name: Install build and test dependencies | |
run: dnf -y install krb5-devel gcc git-core go gpgme-devel osbuild-depsolve-dnf btrfs-progs-devel device-mapper-devel | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Mark the working directory as safe for git | |
run: git config --global --add safe.directory "$(pwd)" | |
- name: Run unit tests | |
run: go test -race ./... | |
- name: Run depsolver tests with force-dnf to make sure it's not skipped for any reason | |
run: go test -race ./pkg/dnfjson/... -force-dnf | |
unit-tests-c9s: | |
name: "π Unit tests (CentOS Stream 9)" | |
runs-on: ubuntu-20.04 | |
container: | |
image: quay.io/centos/centos:stream9 | |
env: | |
GOFLAGS: "-tags=exclude_graphdriver_btrfs" | |
steps: | |
- name: Install dnf plugins | |
run: dnf -y install dnf-plugins-core | |
- name: Enable crb repo | |
run: dnf config-manager --set-enabled crb | |
- name: Install build and test dependencies | |
run: dnf -y install krb5-devel gcc git-core go gpgme-devel osbuild-depsolve-dnf device-mapper-devel | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Mark the working directory as safe for git | |
run: git config --global --add safe.directory "$(pwd)" | |
- name: Run unit tests | |
run: go test -race ./... | |
- name: Run depsolver tests with force-dnf to make sure it's not skipped for any reason | |
run: go test -race ./pkg/dnfjson/... -force-dnf | |
unit-tests-c8s: | |
name: "π Unit tests (CentOS Stream 8)" | |
runs-on: ubuntu-20.04 | |
container: | |
image: quay.io/centos/centos:stream8 | |
env: | |
GOFLAGS: "-tags=exclude_graphdriver_btrfs" | |
steps: | |
- name: Install dnf plugins | |
run: dnf -y install dnf-plugins-core | |
- name: Enable powertools repo | |
run: dnf config-manager --set-enabled powertools | |
- name: Install build and test dependencies | |
run: dnf -y install krb5-devel gcc git-core go gpgme-devel osbuild-depsolve-dnf device-mapper-devel | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Mark the working directory as safe for git | |
run: git config --global --add safe.directory "$(pwd)" | |
- name: Run unit tests | |
run: go test -race ./... | |
- name: Run depsolver tests with force-dnf to make sure it's not skipped for any reason | |
run: go test -race ./pkg/dnfjson/... -force-dnf | |
lint: | |
name: "β¨ Lint" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.19 | |
id: go | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Apt update | |
run: sudo apt update | |
# This is needed to lint internal/upload/koji package | |
- name: Install kerberos devel package | |
run: sudo apt install -y libkrb5-dev | |
# This is needed for the container upload dependencies | |
- name: Install libgpgme devel package | |
run: sudo apt install -y libgpgme-dev libbtrfs-dev libdevmapper-dev | |
- name: Run golangci-lint | |
uses: golangci/golangci-lint-action@v4 | |
with: | |
version: v1.54.2 | |
args: --verbose --timeout 5m0s | |
prepare: | |
name: "π Check source preparation" | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.19 | |
id: go | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Check that source has been prepared | |
run: | | |
./tools/prepare-source.sh | |
if [ -n "$(git status --porcelain)" ]; then | |
echo | |
echo "Please include these changes in your branch: " | |
git status -vv | |
exit "1" | |
else | |
exit "0" | |
fi | |
shellcheck: | |
name: "π Shellcheck" | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Run ShellCheck | |
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 | |
with: | |
ignore: vendor # We don't want to fix the code in vendored dependencies | |
env: | |
# don't check /etc/os-release sourcing, allow useless cats to live inside our codebase, and | |
# allow seemingly unreachable commands | |
SHELLCHECK_OPTS: -e SC1091 -e SC2002 -e SC2317 | |
python-test: | |
name: "π pytest (imgtestlib)" | |
runs-on: ubuntu-latest | |
container: | |
image: registry.fedoraproject.org/fedora:latest | |
steps: | |
- name: Install build and test dependencies | |
run: dnf -y install python3-pytest podman skopeo | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Testing imgtestlib | |
run: | | |
python3 -m pytest -v | |
python-lint: | |
name: "π Lint (test scripts)" | |
runs-on: ubuntu-latest | |
container: | |
image: registry.fedoraproject.org/fedora:latest | |
steps: | |
- name: Install build and test dependencies | |
run: dnf -y install python3-pylint git-core grep python3-pytest | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Analysing the code with pylint | |
run: | | |
python3 -m pylint $(grep -l "/usr/bin/env python3" -r test/scripts) test/scripts/*.py |