wolfictl/.github/workflows/build.yaml at e9bffe13aa3bd3942795fe0b56d110392e82d01c · wolfi-dev/wolfictl · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: ci

on:
  pull_request:
    branches: ['main']
  push:
    branches: ['main']

permissions: {}

jobs:
  build:
    permissions:
      contents: read

    name: build
    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false

      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
        with:
          go-version-file: 'go.mod'
          check-latest: true

      - uses: chainguard-dev/actions/goimports@b479012116eacde7f895586c17b598f7ba0ee700 # v1.5.9
      - run: make wolfictl
      - run: make test

  wolfictl-text:
    permissions:
      contents: read

    name: wolfictl text on wolfi-dev/os
    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false

      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
        with:
          go-version-file: 'go.mod'
          check-latest: true

      - run: make wolfictl
      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          repository: 'wolfi-dev/os'
          path: 'wolfi-os'

      # This command is not itself used by Wolfi directly, but it demonstrates that we're able to construct a graph of packages
      # without cycles or unsatisfied deps, which prevents a class of build failures.
      # This check is here to ensure that graph construction changes in this repo don't break graph resolution on the Wolfi OS repo.
      - name: Test Wolfi OS repo
        run: |
          ./wolfictl text -d wolfi-os \
            --type=name \
            --pipeline-dir=wolfi-os/pipelines/ \
            --repository-append=https://packages.wolfi.dev/os \
            --keyring-append=https://packages.wolfi.dev/os/wolfi-signing.rsa.pub \
            --keyring-append=https://packages.wolfi.dev/bootstrap/stage3/wolfi-signing.rsa.pub \
            --repository-append=https://packages.wolfi.dev/bootstrap/stage3

      - name: Test nested repo structure
        run: |
          ./wolfictl text -d testdata/text/ | grep foo-0.0.2-r0
          ./wolfictl text -d testdata/text/ | grep bar-0.0.1-r0
          ./wolfictl text -d testdata/text/ | grep root-0.0.1-r0


  docs:
    permissions:
      contents: read

    name: check generated docs
    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false

      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
        with:
          go-version-file: 'go.mod'
          check-latest: true

      - run: rm -rf docs/**/*.md docs/**/*.1
      - run: make docs
      - run: git diff --exit-code