-
Notifications
You must be signed in to change notification settings - Fork 5
130 lines (121 loc) · 3.87 KB
/
terraform-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# This is a workflow with the following actions
#1. Check Go formatting, linting, vetting
#2. Check for forbidden words
#3. Build
#4. Go security
#5. Generate
#6. Malware Scanner
#7. Acceptance Test
name: Terraform-CI
# Controls when the workflow will run
on:
# Triggers the workflow on pull request events
pull_request:
# Runs CI on every day (at 06:00 UTC)
schedule:
- cron: '0 6 * * *'
push:
branches: [ "main" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Testing only needs permissions to read the repository contents.
permissions:
contents: read
env:
# Go language version to use for building. This value should also be updated
# in the testing workflow if changed.
GO_VERSION: '1.22'
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
code-check:
name: Check Go formatting, linting, vetting
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Run the formatter, linter, and vetter
uses: dell/common-github-actions/go-code-formatter-linter-vetter@main
with:
directories: ./...
- uses: WillAbides/setup-go-faster@v1.9.1
with:
go-version: ${{ env.GO_VERSION }}
- name: Run the static check
uses: dominikh/staticcheck-action@v1.3.0
with:
# Trying this fix https://github.com/dominikh/staticcheck-action/pull/12
version: "2023.1.3"
install-go: false
sanitize:
name: Check for forbidden words
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Replace "master" with "main" in ATTRIBUTION.md
run: sed -i 's/\/master/\/main/g' about/ATTRIBUTION.md
- name: Run the forbidden words scan
uses: dell/common-github-actions/code-sanitizer@main
with:
args: /github/workspace
build:
name: Build
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v3
- run: go mod download
- run: go build -v .
go_security_scan:
name: Go security
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Run Go Security
uses: dell/common-github-actions/gosec-runner@main
with:
directories: ./...
# Commenting out since the github.com/hashicorp/terraform-plugin-docs v0.19.4 has a vulnerablity
# generate:
# name: Generate
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - uses: actions/setup-go@v3
# with:
# go-version: ${{ env.GO_VERSION }}
# - run: go generate ./...
# - name: git diff
# run: |
# git diff --compact-summary --exit-code || \
# (echo; echo "Unexpected difference in directories after code generation. Run 'go generate ./...' command and commit."; exit 1)
malware_security_scan:
name: Malware Scanner
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Malware Scanner
uses: dell/common-github-actions/malware-scanner@main
with:
directories: .
options: -ri
test:
name: Terraform Provider Unit Tests
needs: [build, ]
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v3
- run: go mod download
- run: go test -v -cover ./clients/
timeout-minutes: 60
- run: go test -v ./utils/
timeout-minutes: 60