lighthouse/.github/workflows/linting.yml at devel · submariner-io/lighthouse · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
---
name: Linting

on:
  pull_request:

permissions: {}

jobs:
  apply-suggestions-commits:
    name: 'No "Apply suggestions from code review" Commits'
    runs-on: ubuntu-latest
    steps:
      - name: Get PR commits
        id: 'get-pr-commits'
        uses: tim-actions/get-pr-commits@198af03565609bb4ed924d1260247b4881f09e7d
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: 'Verify no "Apply suggestions from code review" commits'
        uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791
        with:
          commits: ${{ steps.get-pr-commits.outputs.commits }}
          pattern: '^(?!.*(apply suggestions from code review))'
          flags: 'i'
          error: 'Commits addressing code review feedback should typically be squashed into the commits under review'

      - name: 'Verify no "fixup!" commits'
        uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791
        with:
          commits: ${{ steps.get-pr-commits.outputs.commits }}
          pattern: '^(?!fixup!)'
          flags: 'i'
          error: 'Fixup commits should be squashed into the commits under review'

  check-branch-dependencies:
    name: Check branch dependencies
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      - name: Check that no dependencies include unmerged commits
        run: make check-non-release-versions

  gitlint:
    name: Commit Message(s)
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
        with:
          fetch-depth: 0
      - name: Run gitlint
        run: make gitlint

  golangci-lint:
    name: Go
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      - name: Run golangci-lint
        run: make golangci-lint

  licenses:
    name: Dependency Licenses
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd

      - name: Check the licenses
        run: make licensecheck

  markdown-link-check:
    name: Markdown Links (modified files)
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd

      - name: Run markdown-link-check
        uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31
        with:
          config-file: ".markdownlinkcheck.json"
          check-modified-files-only: "yes"
          base-branch: ${{ github.base_ref }}

  markdownlint:
    name: Markdown
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      - name: Run markdownlint
        run: make markdownlint

  packagedoc-lint:
    name: Package Documentation
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      - name: Run packagedoc-lint
        run: make packagedoc-lint

  vulnerability-scan:
    name: Vulnerability Scanning
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      - name: Run Anchore vulnerability scanner
        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c
        id: scan
        with:
          path: "."
          fail-build: true
          severity-cutoff: high
      - name: Show Anchore scan SARIF report
        if: always()
        run: cat ${{ steps.scan.outputs.sarif }}
      - name: Upload Anchore scan SARIF report
        if: always()
        uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}

  yaml-lint:
    name: YAML
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      - name: Run yamllint
        run: make yamllint