ci: add tests and lint for PRs

.envrc

@@ -2,4 +2,8 @@ has nix && use flake . -L
 watch_file *.nix
 dotenv_if_exists .env # You can create a .env file with your env vars for this project. You can also use .secrets if you are using act. See the line below.
 dotenv_if_exists .secrets # Used by [act](https://nektosact.com/) to load secrets into the pipelines
+strict_env
+
+env_vars_required SECURE_API_URL SECURE_API_TOKEN
+
 export RUST_BACKTRACE=1

.github/workflows/ci-pull-request.yml

@@ -0,0 +1,61 @@
+name: CI - Pull Request
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run lint
+        run: |
+          just lint
+
+  pre-commit:
+    name: Pre-commit
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run pre-commit
+        run: |
+          pre-commit run -a
+
+  build-and-test:
+    name: Build and test
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run tests
+        run: |
+          just test
+        env:
+          SECURE_API_URL: https://us2.app.sysdig.com
+          SECURE_API_TOKEN: ${{ secrets.SECURE_API_TOKEN }}

.pre-commit-config.yaml

@@ -12,12 +12,3 @@ repos:
     - id: trailing-whitespace
     - id: end-of-file-fixer
     - id: check-yaml
-
-- repo: local
-  hooks:
-    - id: cargo-nextest
-      name: cargo nextest
-      entry: cargo nextest run
-      language: system
-      files: \.rs$
-      pass_filenames: false

Justfile

@@ -8,5 +8,9 @@ fix:
 fmt:
     cargo fmt
 
+lint:
+    cargo check
+    cargo clippy
+
 watch:
     cargo watch -x "nextest run"

flake.nix

@@ -51,7 +51,6 @@
                 rust-analyzer
                 lldb
                 pre-commit
-                sysdig-cli-scanner
               ];
 
               inputsFrom = [ sysdig-lsp ];

src/infra/sysdig_image_scanner.rs

@@ -175,16 +175,23 @@ impl ImageScanner for SysdigImageScanner {
 #[cfg(test)]
 #[serial_test::file_serial]
 mod tests {
+    use lazy_static::lazy_static;
+
     use crate::app::ImageScanner;
 
     use super::{SysdigAPIToken, SysdigImageScanner};
 
+    lazy_static! {
+        static ref SYSDIG_SECURE_URL: String =
+            std::env::var("SECURE_API_URL").expect("SECURE_API_URL env var not set");
+        static ref SYSDIG_SECURE_TOKEN: SysdigAPIToken =
+            SysdigAPIToken(std::env::var("SECURE_API_TOKEN").expect("SECURE_API_TOKEN not set"));
+    }
+
     #[tokio::test]
     async fn it_retrieves_the_scanner_from_the_specified_version() {
-        let sysdig_url = "https://us2.app.sysdig.com".to_string();
-        let sysdig_secure_token = SysdigAPIToken(std::env::var("SECURE_API_TOKEN").unwrap());
-
-        let scanner = SysdigImageScanner::new(sysdig_url, sysdig_secure_token);
+        let scanner =
+            SysdigImageScanner::new(SYSDIG_SECURE_URL.clone(), SYSDIG_SECURE_TOKEN.clone());
 
         let report = scanner.scan("ubuntu:22.04").await.unwrap();
 
@@ -195,10 +202,8 @@ mod tests {
 
     #[tokio::test]
     async fn it_scans_the_ubuntu_image_correctly() {
-        let sysdig_url = "https://us2.app.sysdig.com".to_string();
-        let sysdig_secure_token = SysdigAPIToken(std::env::var("SECURE_API_TOKEN").unwrap());
-
-        let scanner = SysdigImageScanner::new(sysdig_url, sysdig_secure_token);
+        let scanner =
+            SysdigImageScanner::new(SYSDIG_SECURE_URL.clone(), SYSDIG_SECURE_TOKEN.clone());
 
         let report = scanner.scan_image("ubuntu:22.04").await.unwrap();
 

tests/test.rs

@@ -41,7 +41,7 @@ impl TestClient {
             .initialize(InitializeParams {
                 initialization_options: Some(json!({"sysdig":
                     {
-                        "api_url": "https://us2.app.sysdig.com"
+                        "api_url": "some_api_url"
                     }
                 })),
                 ..Default::default()