-
Notifications
You must be signed in to change notification settings - Fork 14
165 lines (150 loc) · 4.65 KB
/
pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
# Name: pr.yaml
# Author: Mathew Fleisch <[email protected]>
# Description: This action will run go lint/unit tests as well as
# build a docker container and test it against a KinD cluster.
# See Makefile for more details (make help).
name: PR Tests
on:
pull_request_target:
branches:
- main
jobs:
anchore-container-scan:
name: Anchore Container Scan
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Build the Docker image
run: make docker-build
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
uses: anchore/scan-action@main
with:
image: "bashbot:local"
fail-build: false
acs-report-enable: true
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
codeql-code-scan:
name: CodeQL
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'go' ]
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Golang via asdf
uses: asdf-vm/actions/install@v2
with:
tool_versions: golang 1.19.4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- run: |
asdf global golang 1.19.4
make go-setup
make go-build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
unit_test:
name: Lint and Unit Tests
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
-
name: Install stuff with asdf
uses: asdf-vm/actions/install@v2
with:
tool_versions: |
action-validator 0.1.2
dockle 0.4.5
helm 3.8.1
golangci-lint 1.44.2
yq 4.22.1
-
name: Lint Actions
run: make test-lint-actions
-
name: Lint Go
run: make test-lint
-
name: Unit Tests
run: make test-go
# -
# name: Docker Login
# uses: docker/login-action@v2
# with:
# registry: docker.io
# username: ${{ secrets.REGISTRY_USERNAME }}
# password: ${{ secrets.REGISTRY_PASSWORD }}
# -
# name: Lint Container Using Dockle
# run: make test-docker
integration_test:
name: KinD Integration Tests
# needs: [unit_test]
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
-
name: KinD Test
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
SLACK_APP_TOKEN: ${{ secrets.SLACK_APP_TOKEN }}
AIRQUALITY_API_KEY: ${{ secrets.AIRQUALITY_API_KEY }}
BASHBOT_CONFIG_FILEPATH: /bashbot/config.yaml
GIT_TOKEN: not-used
run: |
cp sample-config.yaml config.yaml
if [[ -z "$SLACK_BOT_TOKEN" ]] || [[ -z "$SLACK_APP_TOKEN" ]]; then
echo "Missing github secret(s): SLACK_BOT_TOKEN, SLACK_APP_TOKEN"
exit 1
fi
cat sample-env-file | envsubst > .env \
&& make test-kind \
&& rm -rf .env \
&& echo "Deployment assets and KinD cluster removed"
-
name: Debug
if: ${{ always() }}
shell: bash
run: |
make help
ls -alF
kubectl version
helm version
helm list -n bashbot
echo "Deployments:"
kubectl --namespace bashbot get deployments -o wide
echo "Pods:"
kubectl --namespace bashbot get pods -o wide
echo "Service Accounts:"
kubectl --namespace bashbot get serviceaccounts
echo "Secrets:"
kubectl --namespace bashbot get secrets
echo "Configmaps:"
kubectl --namespace bashbot get configmaps
# echo "bashbot Config:"
# kubectl --namespace bashbot get configmaps bashbot-configmap -o jsonpath='{.data.config\.json}' | jq '.' || true
echo "Describe bashbot pod:"
kubectl --namespace bashbot describe pod $(kubectl --namespace bashbot get pods | grep bashbot | awk '{print $1}') || true
echo "Logs:"
kubectl --namespace bashbot logs $(kubectl --namespace bashbot get pods | grep bashbot | awk '{print $1}') || true
make kind-cleanup || true