-
Notifications
You must be signed in to change notification settings - Fork 6
100 lines (91 loc) · 2.97 KB
/
pr-test-lint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Build Packer Plugin
## Only trigger tests if source is changing
on:
push:
paths:
- "**.go"
- "**.mod"
- "go.sum"
jobs:
license-check:
name: License Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/[email protected]
- name: Setup Copywrite
uses: hashicorp/[email protected]
- name: Check Header Compliance
run: copywrite headers --plan
goreleaser:
name: GoReleaser
runs-on: self-hosted
env:
RUNNER_TYPE: "self-hosted"
timeout-minutes: 120
steps:
- name: Checkout
uses: actions/[email protected]
- name: Unshallow
run: git fetch --prune --unshallow
- name: Import environment variables from file
run: cat ".github/env" >> $GITHUB_ENV
- name: Set up Go
uses: actions/[email protected]
with:
go-version: ">=${{ env.golang-version }}"
cache: false
- name: Check go mod
run: |
go mod tidy
git diff --exit-code go.mod
- name: Run golangci-lint
uses: golangci/[email protected]
with:
version: latest
skip-cache: true
- name: "Install required tooling"
if: ${{ env.RUNNER_TYPE != 'self-hosted' }}
run: |
# Only use sudo on self-hosted runners
sudo apt install -y zip
- name: Set cnspec version
run: echo "CNSPEC_VERSION=$(go list -json -m go.mondoo.com/cnspec/v11 | jq -r '.Version')" >> $GITHUB_ENV
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: latest
args: release --snapshot --skip=publish --clean
env:
API_VERSION: x5.0
CNSPEC_VERSION: ${{ env.CNSPEC_VERSION }}
debug:
runs-on: ubuntu-latest
steps:
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
echo "$GITHUB_CONTEXT"
go-auto-approve:
runs-on: ubuntu-latest
needs: [goreleaser, license-check]
# For now, we only auto approve and merge cnspec bump PRs created by mondoo-tools.
# We have to check the commit author, because the PR is created by "github-actions[bot]"
# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#startswith
if: ${{ startsWith(github.ref, 'refs/heads/version/cnspec_update_v') && github.event.commits[0].author.username == 'mondoo-tools' }}
permissions:
contents: write
pull-requests: write
steps:
# figure out the PR for this commit
- uses: cloudposse-github-actions/[email protected]
id: pr
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
filterOutClosed: true
filterOutDraft: true
- name: Approve a PR
uses: fastify/github-action-merge-dependabot@v3
with:
pr-number: ${{ steps.pr.outputs.number }}