VAULT-32206: radar scan vault's audit log and systemd journal #528
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: lint-enos | |
| on: | |
| pull_request: | |
| paths: | |
| - enos/** | |
| jobs: | |
| metadata: | |
| # Only run this workflow on pull requests from hashicorp/vault branches | |
| # as we need secrets to install enos. | |
| if: "! github.event.pull_request.head.repo.fork" | |
| name: metadata | |
| runs-on: ubuntu-latest | |
| outputs: | |
| runs-on: ${{ steps.metadata.outputs.runs-on }} | |
| version: ${{ steps.metadata.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - id: set-product-version | |
| uses: hashicorp/actions-set-product-version@v2 | |
| - id: metadata | |
| run: | | |
| echo "version=${{ steps.set-product-version.outputs.product-version }}" >> "$GITHUB_OUTPUT" | |
| github_repository="${{ github.repository }}" | |
| if [ "${github_repository##*/}" == "vault-enterprise" ] ; then | |
| echo 'runs-on=["self-hosted","ondemand","linux","type=c6a.4xlarge"]' >> "$GITHUB_OUTPUT" | |
| else | |
| echo 'runs-on="custom-linux-xl-vault-latest"' >> "$GITHUB_OUTPUT" | |
| fi | |
| lint: | |
| needs: metadata | |
| runs-on: ${{ fromJSON(needs.metadata.outputs.runs-on) }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} | |
| ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| with: | |
| cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 | |
| go-version-file: .go-version | |
| - uses: ./.github/actions/install-external-tools | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_wrapper: false | |
| - uses: hashicorp/action-setup-enos@v1 | |
| with: | |
| github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} | |
| - name: Ensure shellcheck is available for linting | |
| run: which shellcheck || (sudo apt update && sudo apt install -y shellcheck) | |
| - name: lint | |
| working-directory: ./enos | |
| env: | |
| ENOS_VAR_vault_product_version: ${{ needs.metadata.outputs.version }} | |
| run: make lint |