Merge pull request #559 from harshad16/sync-main-2024a #590
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Code static analysis | |
on: # yamllint disable-line rule:truthy | |
push: | |
pull_request: | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
check-generated-code: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Rerun all code generators we have | |
run: python3 ci/cached-builds/gen_gha_matrix_jobs.py | |
- name: Check there aren't any modified files present | |
run: | | |
if [[ $(git ls-files . -d -m -o --exclude-standard --full-name -v | tee modified.log | wc -l) -gt 0 ]]; then | |
echo "There are changed files" | |
exit 1 | |
fi | |
- name: Print modified files | |
if: ${{ failure() }} | |
run: | | |
cat modified.log | |
git diff | |
code-static-analysis: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Validate YAML files (best code practices check included) | |
id: validate-yaml-files | |
run: | | |
type yamllint || sudo apt-get -y install yamllint | |
find . -name "*.yaml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml | |
find . -name "*.yml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml | |
# In some YAML files we use JSON strings, let's check these | |
- name: Validate JSON strings in YAML files (just syntax) | |
id: validate-json-strings-in-yaml-files | |
run: | | |
type json_verify || sudo apt-get -y install yajl-tools | |
bash ./ci/check-json.sh | |
- name: Validate JSON files (just syntax) | |
id: validate-json-files | |
run: | | |
type json_verify || sudo apt-get -y install yajl-tools | |
shopt -s globstar | |
ret_code=0 | |
echo "-- Checking a regular '*.json' files" | |
for f in **/*.json; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done | |
echo "-- Checking a 'Pipfile.lock' files" | |
for f in **/Pipfile.lock; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done | |
echo "-- Checking a '*.ipynb' Jupyter notebook files" | |
for f in **/*.ipynb; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done | |
if test "${ret_code}" -ne 0; then | |
echo "There were errors in some of the checked files. Please run `json_verify` on such files and fix issues there." | |
fi | |
exit "${ret_code}" | |
- name: Validate Dockerfiles | |
id: validate-dockerfiles | |
run: | | |
type hadolint || sudo apt-get -y install wget \ | |
&& wget --output-document=hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 \ | |
&& chmod a+x hadolint | |
echo "Starting Hadolint" | |
find . -name "Dockerfile" | xargs ./hadolint --config ./ci/hadolint-config.yaml | |
echo "Hadolint done" | |
# This simply checks that the manifests and respective kustomization.yaml finishes without an error. | |
- name: Check kustomize manifest | |
id: kustomize-manifests | |
run: | | |
kubectl version --client=true | |
echo "----------------------------------------------------------" | |
echo "Starting 'kubectl kustomize manifests/base'" | |
echo "----------------------------------------------------------" | |
kubectl kustomize manifests/base | |
echo "----------------------------------------------------------" | |
echo "Starting 'kubectl kustomize manifests/overlays/additional'" | |
echo "----------------------------------------------------------" | |
kubectl kustomize manifests/overlays/additional |