-
Notifications
You must be signed in to change notification settings - Fork 2
103 lines (93 loc) · 2.76 KB
/
terraform-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# This is a workflow with the following actions
#1. Check Go formatting, linting, vetting
#2. Check for forbidden words
#3. Build
#4. Go security
#5. Generate
#6. Malware Scanner
name: Terraform-main-CI
# Controls when the workflow will run
on:
# Triggers the workflow on pull request events
pull_request:
# Runs CI on every day (at 06:00 UTC)
schedule:
- cron: '0 6 * * *'
push:
branches: [ "main" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Testing only needs permissions to read the repository contents.
permissions:
contents: read
env:
# Go language version to use for building. This value should also be updated
# in the testing workflow if changed.
GO_VERSION: '1.19'
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
code-check:
name: Check Go formatting, linting, vetting
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Extract go client
run: make clean extract-client
- name: Run the formatter, linter, and vetter
uses: dell/common-github-actions/go-code-formatter-linter-vetter@main
with:
directories: ./powermax/...
sanitize:
name: Check for forbidden words
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Run the forbidden words scan
uses: dell/common-github-actions/code-sanitizer@main
with:
args: /github/workspace
build:
name: Build
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v3
- run: make clean build
go_security_scan:
name: Go security
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Run Go Security
uses: securego/gosec@master
generate:
runs-on: ubuntu-latest
name: Generate
steps:
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v3
- run: make clean extract-client
- run: go generate
- name: git diff
run: |
git diff --compact-summary --exit-code || \
(echo; echo "Unexpected difference in directories after code generation. Run 'go generate ./...' command and commit."; exit 1)
malware_security_scan:
name: Malware Scanner
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Malware Scanner
uses: dell/common-github-actions/malware-scanner@main
with:
directories: .
options: -ri