.github/workflows/pr-validation.yaml

name: PR Validation

on: pull_request

env:
  NAME: "grafana-operator"

jobs:
  go-lint:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repo
        uses: actions/checkout@v2.4.2
      - name: Setup go
        uses: actions/setup-go@v3
        with:
          go-version: "1.22"
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v2.5.2
        with:
          version: "v1.46.2"
          only-new-issues: true

  fmt:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repo
        uses: actions/checkout@v2.4.2
      - name: Setup go
        uses: actions/setup-go@v3
        with:
          go-version: "1.22"
      - name: Run fmt
        run: |
          make fmt
      - name: Check if working tree is dirty
        run: |
          if [[ $(git status --porcelain) ]]; then
            git diff
            echo 'run make fmt and commit changes'
            exit 1
          fi

  manifests:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repo
        uses: actions/checkout@v2.4.2
      - name: Setup go
        uses: actions/setup-go@v3
        with:
          go-version: "1.22"
      - name: Run manifests
        run: |
          make manifests
      - name: Check if working tree is dirty
        run: |
          if [[ $(git status --porcelain) ]]; then
            git diff
            echo 'run make manifests and commit changes'
            exit 1
          fi

  api-docs:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repo
        uses: actions/checkout@v2.4.2
      - name: Setup go
        uses: actions/setup-go@v3
        with:
          go-version: "1.22"
      - name: Run api-docs
        run: |
          make api-docs
      - name: Check if working tree is dirty
        run: |
          if [[ $(git status --porcelain) ]]; then
            git diff
            echo 'run make api-docs and commit changes'
            exit 1
          fi

  test:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repo
        uses: actions/checkout@v2.4.2
      - name: Setup go
        uses: actions/setup-go@v3
        with:
          go-version: "1.22"
      - name: Run test
        shell: bash
        run: |
          make test
      - name: Check if working tree is dirty
        run: |
          if [[ $(git status --porcelain) ]]; then
            git diff
            echo 'run make test and commit changes'
            exit 1
          fi

  build:
    name: github super-linter
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Code
        uses: actions/checkout@v2.4.2
        with:
          fetch-depth: 0

      - name: super-linter
        uses: docker://ghcr.io/github/super-linter:slim-v4
        env:
          VALIDATE_ALL_CODEBASE: false
          DEFAULT_BRANCH: master
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # VALIDATE_GITHUB_ACTIONS: true
          VALIDATE_MARKDOWN: true
          # VALIDATE_YAML: false

  build-container:
    runs-on: ubuntu-latest
    env:
      DOCKER_PLATFORMS: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
    services:
      registry:
        image: registry:2
        ports:
          - 5000:5000
    steps:
      - name: Clone repo and checkout submodules
        uses: actions/checkout@v2.4.2
        with:
          submodules: recursive
      - name: Setup go
        uses: actions/setup-go@v3
        with:
          go-version: "1.22"
      - name: Prepare
        id: prep
        run: |
          VERSION=sha-${GITHUB_SHA::8}
          if [[ $GITHUB_REF == refs/tags/* ]]; then
            VERSION=${GITHUB_REF/refs\/tags\//}
          fi
          echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
          echo ::set-output name=VERSION::${VERSION}
          echo ::set-output name=BUILDARCH::$(go env GOARCH)
      - name: Lint Dockerfile with hadolint
        uses: hadolint/hadolint-action@v2.1.0
        with:
          dockerfile: Dockerfile
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1
        with:
          driver-opts: network=host
      - name: Build and push to ephemeral registry
        uses: docker/build-push-action@v2
        with:
          builder: ${{ steps.buildx.outputs.name }}
          platforms: ${{ env.DOCKER_PLATFORMS }}
          push: true
          tags: localhost:${{ job.services.registry.ports[5000] }}/${{ env.NAME }}:${{ steps.prep.outputs.VERSION }}
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: registry:${{ job.services.registry.ports[5000] }}/${{ env.NAME }}:${{ steps.prep.outputs.VERSION }}
          format: "table"
          exit-code: "1"
          ignore-unfixed: true
          severity: "CRITICAL,HIGH"
        env:
          TRIVY_NON_SSL: "true"