-
Notifications
You must be signed in to change notification settings - Fork 8
/
action.yaml
239 lines (213 loc) · 8.75 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
name: Golang code sanity check
description: Checks code against of our desktop Go code quality and process standards.
inputs:
working-directory:
description: Directory were to run the action. All other paths are relative to this one.
default: '.'
go-build-script:
description: For more complex build steps, pass the script directly to it (executed through bash). go-tags is then ignored for building.
go-tags:
description: A comma separate list of go tags to consider when linting, building and checking for vulnerabilities.
tools-directory:
description: Directory pointing to go.mod file for checking tool versionning. If none is provided, it will download latest.
golangci-lint-configfile:
description: Which config file to check for golangci-lint. If not set, it will look for .golangci-lint in your project, or default to desktop team defaults.
generate-diff-paths-to-ignore:
description: Files and paths to ignore when checking if generated files changed. This is passed to git update-index.
default: po/* docs/**/*.md README.md
runs:
using: "composite"
steps:
- uses: actions/setup-go@v5
with:
go-version-file: ${{ inputs.working-directory }}/go.mod
check-latest: true
cache: false
- name: Set up jq
shell: bash
run: |
echo "::group::Download jq"
if [ "${{runner.os}}" = "Windows" ]; then
winget.exe install jqlang.jq --accept-source-agreements --accept-package-agreements --silent --verbose || true
else
sudo --version &> /dev/null && SUDO="sudo" || SUDO=""
DEBIAN_FRONTEND=noninteractive $SUDO apt update
DEBIAN_FRONTEND=noninteractive $SUDO apt install jq
fi
echo "::endgroup::"
jq --version
- name: Detect go version to use
id: go-version
working-directory: ${{ inputs.working-directory }}
run: |
echo Detect go version to use
set -eu
# First call to go version which may download a newever go toolchain
go version
# The output would be on that form, grab the version itself
# go version go1.21.5 linux/amd64
ver=$(go version)
version=$(echo "${ver}" | sed "s#go version go\(.*\) \(.*\)#\1#")
echo "version=${version}" >> $GITHUB_OUTPUT
shell: bash
- name: Get tooling version
shell: bash
id: tooling-version
if: ${{ always() && steps.go-version.outcome == 'success' }}
working-directory: ${{ inputs.tools-directory }}
run: |
function set-version {
name=$1
path=$2
version="latest"
mod_version="$(
go mod edit --json | jq -r ".Require[] | select(.Path==\"${path}\") | .Version"
)"
if [ -n "${mod_version}" ]; then
version="${mod_version}"
fi
echo "${name}=${version}" >> $GITHUB_OUTPUT
}
set-version "golangci-lint" "github.com/golangci/golangci-lint"
set-version "vulncheck" "golang.org/x/vuln"
- name: Get arguments and version for golangci-lint
if: ${{ always() && steps.tooling-version.outcome == 'success' }}
id: golanci-lint
working-directory: ${{ inputs.working-directory }}
shell: bash
run: |
echo Get arguments and version for golangci-lint
set -eu
# Detect which config file to use
config='${{ github.action_path }}/.golangci-lint'
if [ -f ".golangci-lint" ]; then
config=".golangci-lint"
fi
if [ -n '${{ inputs.golangci-lint-configfile }}' ]; then
echo "Using project local config file"
config='${{ inputs.golangci-lint-configfile }}'
fi
args="--config ${config}"
# Go version to use
args="${args} --go ${{ steps.go-version.outputs.version }}"
# Optional build tag go-tags
tags='${{ inputs.go-tags }}'
if [ -n "${tags}" ]; then
args="${args} --build-tags=${tags}"
fi
echo "args=${args}" >> $GITHUB_OUTPUT
- name: Workaround for golangci-lint bug
if: ${{ always() && steps.golanci-lint.outcome == 'success' && runner.os == 'Linux' }}
shell: bash
# This step is separated from the previous one because we need to be at the repository root
run: |
# A terrible workaround for https://github.com/golangci/golangci-lint-action/issues/135
# Avoid using sudo (it is unavailable in docker)
sudo --version &> /dev/null && SUDO="sudo" || SUDO=""
$SUDO chmod -R +w ../../../go/
- name: Code formatting, vet, static checker Security…
if: ${{ always() && steps.golanci-lint.outcome == 'success' }}
id: golangci-lint-check
uses: golangci/golangci-lint-action@v4
with:
version: ${{ steps.tooling-version.outputs.golangci-lint }}
args: ${{ steps.golanci-lint.outputs.args }}
working-directory: ${{ inputs.working-directory }}
- name: Update module files
if: ${{ always() && steps.go-version.outcome == 'success' }}
id: update-mod-files
working-directory: ${{ inputs.working-directory }}
run: |
echo Update module files
set -eu
echo "::group::Download dependencies"
go mod tidy
echo "::endgroup::"
shell: bash
- name: Ensure there is no diff between current and generated go.mod and go.sum files
if: ${{ always() && steps.update-mod-files.outcome == 'success' }}
id: gomod-check
# https://github.com/orgs/community/discussions/25246
uses: canonical/desktop-engineering/gh-actions/common/has-diff@main
with:
working-directory: ${{ inputs.working-directory }}
- name: Ensure there is no diff between current and generated files
if: ${{ always() && steps.go-version.outcome == 'success' }}
id: go-generate-check
# https://github.com/orgs/community/discussions/25246
uses: canonical/desktop-engineering/gh-actions/go/generate@main
with:
tools-directory: ${{ inputs.tools-directory }}
paths-to-ignore: ${{ inputs.generate-diff-paths-to-ignore }}
working-directory: ${{ inputs.working-directory }}
- name: Build any binaries
if: ${{ always() && steps.go-version.outcome == 'success' }}
id: build-check
working-directory: ${{ inputs.working-directory }}
run: |
echo Build any binaries
set -eu
if [ -n '${{ inputs.go-build-script }}' ]; then
buildTest=$(mktemp)
cat > ${buildTest} <<SCRIPTEOF
${{ inputs.go-build-script }}
SCRIPTEOF
bash ${buildTest}
exit 0
fi
tags='${{ inputs.go-tags }}'
if [ -n "${tags}" ]; then
tags="-tags=${tags}"
fi
go build ${tags} ./...
shell: bash
- name: Installing govulncheck
if: ${{ always() && steps.tooling-version.outcome == 'success' }}
id: install-govulncheck
working-directory: ${{ runner.temp }}
run: |
echo Installing govulncheck
set -eu
go install golang.org/x/vuln/cmd/govulncheck@${{ steps.tooling-version.outputs.vulncheck }}
shell: bash
- name: Known vulnerabilities check
if: ${{ always() && steps.install-govulncheck.outcome == 'success' }}
id: vulnerabilities-check
working-directory: ${{ inputs.working-directory }}
run: |
echo Checking known vulnerabilities
set -eu
tags='${{ inputs.go-tags }}'
if [ -n "${tags}" ]; then
tags="-tags=${tags}"
fi
govulncheck -test ${tags} ./...
shell: bash
- name: Compute title of summary
if: ${{ always() && steps.go-version.outcome == 'success' }}
id: compute-summary-title
working-directory: ${{ inputs.working-directory }}
run: |
echo Compute title of summary based on current directory
set -eu
title="Code sanity summary"
workspace=${{ github.workspace }}
dir=$(pwd)
dir=${dir#"${workspace}"}
if [ -n "${dir}" ]; then
title="${title} on ${dir}"
fi
echo "title=${title}" >> $GITHUB_OUTPUT
shell: bash
- name: Summary
if: ${{ always() && steps.compute-summary-title.outcome == 'success' }}
# https://github.com/orgs/community/discussions/25246
uses: canonical/desktop-engineering/gh-actions/common/print-summary@main
with:
title: ${{ steps.compute-summary-title.outputs.title }}
step-results: |
${{ steps.golangci-lint-check.outcome }} Linting
${{ steps.gomod-check.outcome }} Go module files up to date
${{ steps.go-generate-check.outcome }} Generated files up to date
${{ steps.build-check.outcome }} Build
${{ steps.vulnerabilities-check.outcome }} Vulnerability scanning