-
Notifications
You must be signed in to change notification settings - Fork 23
136 lines (120 loc) · 4.16 KB
/
linting.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
---
name: Linting
on:
pull_request:
permissions: {}
jobs:
apply-suggestions-commits:
name: 'No "Apply suggestions from code review" Commits'
runs-on: ubuntu-latest
steps:
- name: Get PR commits
id: 'get-pr-commits'
uses: tim-actions/get-pr-commits@198af03565609bb4ed924d1260247b4881f09e7d
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Verify no "Apply suggestions from code review" commits'
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}
pattern: '^(?!.*(apply suggestions from code review))'
flags: 'i'
error: 'Commits addressing code review feedback should typically be squashed into the commits under review'
- name: 'Verify no "fixup!" commits'
uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}
pattern: '^(?!fixup!)'
flags: 'i'
error: 'Fixup commits should be squashed into the commits under review'
gitlint:
name: Commit Message(s)
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- name: Run gitlint
run: make gitlint
golangci-lint:
name: Go
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run golangci-lint
run: make golangci-lint
licenses:
name: Dependency Licenses
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Check the licenses
run: make licensecheck
markdown-link-check:
name: Markdown Links (modified files)
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run markdown-link-check
uses: gaurav-nelson/github-action-markdown-link-check@1b916f2cf6c36510a6059943104e3c42ce6c16bc
with:
config-file: ".markdownlinkcheck.json"
check-modified-files-only: "yes"
base-branch: ${{ github.base_ref }}
markdownlint:
name: Markdown
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run markdownlint
run: make markdownlint
packagedoc-lint:
name: Package Documentation
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run packagedoc-lint
run: make packagedoc-lint
shellcheck:
name: Shell
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run shellcheck
run: make shellcheck
vulnerability-scan:
name: Vulnerability Scanning
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run Anchore vulnerability scanner
uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342
id: scan
with:
path: "."
fail-build: true
severity-cutoff: high
- name: Show Anchore scan SARIF report
if: always()
run: cat ${{ steps.scan.outputs.sarif }}
- name: Upload Anchore scan SARIF report
if: always()
uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
yaml-lint:
name: YAML
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run yamllint
run: make yamllint