.github/workflows/pr.yaml

name: Validate PR
on:
  pull_request:
    branches: [ main ]
jobs:
  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
          go-version-file: './go.mod'
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
          args: --timeout=5m

  security_scan:
    name: Security scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
          go-version-file: './go.mod'

      # https://github.com/securego/gosec/blob/12be14859bc7d4b956b71bef0b443694aa519d8a/README.md#integrating-with-code-scanning
      - name: Run Gosec Security Scanner
        uses: securego/gosec@master
        with:
          # we let the report trigger content trigger a failure using the GitHub Security features.
          args: '-no-fail -fmt sarif -out results.sarif ./...'
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v2
        with:
          # Path to SARIF file relative to the root of the repository
          sarif_file: results.sarif

  code_coverage:
    name: Code Coverage
    runs-on: ubuntu-latest
    steps:
      - name: Checkout 
        uses: actions/checkout@v3
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
          go-version-file: './go.mod'
      - name: Run tests and collect coverage
        run: make test
      - name: Upload codecov report
        uses: codecov/codecov-action@v3.1.1

  test_prune_images:
    name: Run prune_images tests
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v3
    - uses: actions/setup-python@v5
      with:
        python-version: '3.9'
    - run: |
        cd config/registry_image_pruner/image_pruner/
        python3.9 test_prune_images.py