From d62ea19927334a384760b2989f7f989a7a7a96a4 Mon Sep 17 00:00:00 2001
From: Fede Barcelona <fede_rico_94@hotmail.com>
Date: Fri, 28 Mar 2025 15:14:14 +0100
Subject: [PATCH] ci: add tests and lint for PRs

---
 .envrc                                |  4 ++
 .github/workflows/ci-pull-request.yml | 61 +++++++++++++++++++++++++++
 .pre-commit-config.yaml               |  9 ----
 Justfile                              |  4 ++
 flake.nix                             |  1 -
 src/infra/sysdig_image_scanner.rs     | 21 +++++----
 tests/test.rs                         |  2 +-
 7 files changed, 83 insertions(+), 19 deletions(-)
 create mode 100644 .github/workflows/ci-pull-request.yml

diff --git a/.envrc b/.envrc
index 2f87afd..c742153 100644
--- a/.envrc
+++ b/.envrc
@@ -2,4 +2,8 @@ has nix && use flake . -L
 watch_file *.nix
 dotenv_if_exists .env # You can create a .env file with your env vars for this project. You can also use .secrets if you are using act. See the line below.
 dotenv_if_exists .secrets # Used by [act](https://nektosact.com/) to load secrets into the pipelines
+strict_env
+
+env_vars_required SECURE_API_URL SECURE_API_TOKEN
+
 export RUST_BACKTRACE=1
diff --git a/.github/workflows/ci-pull-request.yml b/.github/workflows/ci-pull-request.yml
new file mode 100644
index 0000000..d6e6c3d
--- /dev/null
+++ b/.github/workflows/ci-pull-request.yml
@@ -0,0 +1,61 @@
+name: CI - Pull Request
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run lint
+        run: |
+          just lint
+
+  pre-commit:
+    name: Pre-commit
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run pre-commit
+        run: |
+          pre-commit run -a
+
+  build-and-test:
+    name: Build and test
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run tests
+        run: |
+          just test
+        env:
+          SECURE_API_URL: https://us2.app.sysdig.com
+          SECURE_API_TOKEN: ${{ secrets.SECURE_API_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index de816b3..1b33893 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -12,12 +12,3 @@ repos:
     - id: trailing-whitespace
     - id: end-of-file-fixer
     - id: check-yaml
-
-- repo: local
-  hooks:
-    - id: cargo-nextest
-      name: cargo nextest
-      entry: cargo nextest run
-      language: system
-      files: \.rs$
-      pass_filenames: false
diff --git a/Justfile b/Justfile
index e4b1ce7..8a902da 100644
--- a/Justfile
+++ b/Justfile
@@ -8,5 +8,9 @@ fix:
 fmt:
     cargo fmt
 
+lint:
+    cargo check
+    cargo clippy
+
 watch:
     cargo watch -x "nextest run"
diff --git a/flake.nix b/flake.nix
index d5cf9d5..206e0e0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -51,7 +51,6 @@
                 rust-analyzer
                 lldb
                 pre-commit
-                sysdig-cli-scanner
               ];
 
               inputsFrom = [ sysdig-lsp ];
diff --git a/src/infra/sysdig_image_scanner.rs b/src/infra/sysdig_image_scanner.rs
index ae2092f..b63b51f 100644
--- a/src/infra/sysdig_image_scanner.rs
+++ b/src/infra/sysdig_image_scanner.rs
@@ -175,16 +175,23 @@ impl ImageScanner for SysdigImageScanner {
 #[cfg(test)]
 #[serial_test::file_serial]
 mod tests {
+    use lazy_static::lazy_static;
+
     use crate::app::ImageScanner;
 
     use super::{SysdigAPIToken, SysdigImageScanner};
 
+    lazy_static! {
+        static ref SYSDIG_SECURE_URL: String =
+            std::env::var("SECURE_API_URL").expect("SECURE_API_URL env var not set");
+        static ref SYSDIG_SECURE_TOKEN: SysdigAPIToken =
+            SysdigAPIToken(std::env::var("SECURE_API_TOKEN").expect("SECURE_API_TOKEN not set"));
+    }
+
     #[tokio::test]
     async fn it_retrieves_the_scanner_from_the_specified_version() {
-        let sysdig_url = "https://us2.app.sysdig.com".to_string();
-        let sysdig_secure_token = SysdigAPIToken(std::env::var("SECURE_API_TOKEN").unwrap());
-
-        let scanner = SysdigImageScanner::new(sysdig_url, sysdig_secure_token);
+        let scanner =
+            SysdigImageScanner::new(SYSDIG_SECURE_URL.clone(), SYSDIG_SECURE_TOKEN.clone());
 
         let report = scanner.scan("ubuntu:22.04").await.unwrap();
 
@@ -195,10 +202,8 @@ mod tests {
 
     #[tokio::test]
     async fn it_scans_the_ubuntu_image_correctly() {
-        let sysdig_url = "https://us2.app.sysdig.com".to_string();
-        let sysdig_secure_token = SysdigAPIToken(std::env::var("SECURE_API_TOKEN").unwrap());
-
-        let scanner = SysdigImageScanner::new(sysdig_url, sysdig_secure_token);
+        let scanner =
+            SysdigImageScanner::new(SYSDIG_SECURE_URL.clone(), SYSDIG_SECURE_TOKEN.clone());
 
         let report = scanner.scan_image("ubuntu:22.04").await.unwrap();
 
diff --git a/tests/test.rs b/tests/test.rs
index bb80799..7bf1fd0 100644
--- a/tests/test.rs
+++ b/tests/test.rs
@@ -41,7 +41,7 @@ impl TestClient {
             .initialize(InitializeParams {
                 initialization_options: Some(json!({"sysdig":
                     {
-                        "api_url": "https://us2.app.sysdig.com"
+                        "api_url": "some_api_url"
                     }
                 })),
                 ..Default::default()