remove azurerm resources that don't contain tags anymore (#371) #323
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'docs/**' | |
| - 'INTHEWILD.md' | |
| - 'README.md' | |
| - '.github/**' | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| concurrency: | |
| group: 'build' | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| runs-on: [self-hosted, public, linux, x64] | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v2 | |
| with: | |
| go-version: 1.19 | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| with: | |
| token: ${{ secrets.PAT }} | |
| - name: "Terraform Init" | |
| uses: hashicorp/terraform-github-actions@master | |
| with: | |
| tf_actions_version: 0.14.5 | |
| tf_actions_subcommand: "init" | |
| tf_actions_working_dir: "tests/terraform/resources" | |
| - name: Prepare external plugin tests | |
| run: | | |
| go build -buildmode=plugin -o tests/yor_plugins/example/extra_tags.so tests/yor_plugins/example/*.go | |
| go build -buildmode=plugin -o tests/yor_plugins/tag_group_example/extra_tag_groups.so tests/yor_plugins/tag_group_example/*.go | |
| - name: Test | |
| run: | | |
| go build -v && go test ./src/... -covermode=count -coverprofile=coverage.out | |
| go tool cover -func=coverage.out -o=coverage.out | |
| - name: Go Coverage Badge # Pass the `coverage.out` output to this action | |
| uses: tj-actions/coverage-badge-go@v2 | |
| with: | |
| filename: coverage.out | |
| - name: Verify Changed files | |
| uses: tj-actions/verify-changed-files@v12 | |
| id: verify-changed-files | |
| with: | |
| files: README.md | |
| - name: Commit changes | |
| if: steps.verify-changed-files.outputs.files_changed == 'true' | |
| run: | | |
| git config --local user.email "action@github.com" | |
| git config --local user.name "GitHub Action" | |
| git add README.md | |
| git commit -m "chore: Updated coverage badge." | |
| - name: Push changes | |
| if: steps.verify-changed-files.outputs.files_changed == 'true' | |
| uses: ad-m/github-push-action@master | |
| with: | |
| github_token: ${{ secrets.PAT }} | |
| branch: ${{ github.head_ref }} | |
| linter: | |
| name: golangci-lint | |
| runs-on: [self-hosted, public, linux, x64] | |
| steps: | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v2 | |
| - name: golangci-lint | |
| uses: reviewdog/action-golangci-lint@v1 | |
| with: | |
| tool_name: golangci-lint | |
| fail_on_error: true | |
| integration-tests: | |
| runs-on: [self-hosted, public, linux, x64] | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v2 | |
| with: | |
| go-version: 1.19 | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: build | |
| run: go build | |
| - name: Clone Terragoat - vulnerable terraform | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: bridgecrewio/terragoat # clone https://github.com/bridgecrewio/terragoat/ | |
| fetch-depth: 0 | |
| clean: false | |
| path: 'terragoat' | |
| ref: 063dc2db3bb036160ed39d3705508ee8293a27c8 | |
| - name: Run yor | |
| run: | | |
| git config --local user.email "action@github.com" | |
| ./yor list-tags -g code2cloud,git > list-tags-result.txt | |
| ./yor tag -d terragoat -o json --output-json-file result.json | |
| go test -race ./tests/integration/... | |
| create-release: | |
| runs-on: [self-hosted, public, linux, x64] | |
| needs: | |
| - integration-tests | |
| - test | |
| - linter | |
| outputs: | |
| version: ${{ steps.version.outputs.new_tag }} | |
| steps: | |
| - name: Wait for coverage to update | |
| run: sleep 10s | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: main | |
| - name: version | |
| uses: anothrNick/github-tag-action@1.26.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| WITH_V: false | |
| RELEASE_BRANCHES: main | |
| DEFAULT_BUMP: patch | |
| id: version | |
| - name: Install Go | |
| uses: actions/setup-go@v2 | |
| with: | |
| go-version: 1.19 | |
| - name: Git Fetch Repo | |
| run: | | |
| git fetch | |
| - uses: goreleaser/goreleaser-action@v2 | |
| name: goreleaser | |
| with: | |
| version: latest | |
| args: release --rm-dist | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.PAT }} | |
| GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.new_tag }} | |
| # - name: Update go reportcard | |
| # uses: creekorful/goreportcard-action@v1.0 | |
| publish-dockerhub: | |
| runs-on: [self-hosted, public, linux, x64] | |
| needs: | |
| - create-release | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Publish to Registry | |
| uses: elgohr/Publish-Docker-Github-Action@master | |
| with: | |
| name: bridgecrew/yor | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| buildoptions: "--no-cache" | |
| tags: "latest,${{ needs.create-release.outputs.version }}" | |
| - name: Update Docker Hub README | |
| uses: peter-evans/dockerhub-description@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| repository: bridgecrew/yor | |
| short-description: ${{ github.event.repository.description }} | |
| update-bridgecrew-projects: | |
| needs: publish-dockerhub | |
| runs-on: [self-hosted, public, linux, x64] | |
| steps: | |
| - name: update on yor release | |
| run: | | |
| curl -XPOST -H "Authorization: token ${{ secrets.PAT }}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/bridgecrewio/yor-action/dispatches --data '{"event_type": "build"}' | |
| curl -XPOST -H "Authorization: token ${{ secrets.PAT }}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/bridgecrewio/yor-choco/dispatches --data '{"event_type": "build"}' | |
| curl -X POST "https://jenkins-webhook.bridgecrew.cloud/buildByToken/build?job=Open-Source/upgrade-yor&token=${{ secrets.BC_JENKINS_TOKEN }}" |