-
Notifications
You must be signed in to change notification settings - Fork 67
144 lines (123 loc) · 5.57 KB
/
code-quality.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
---
name: Code static analysis
on: # yamllint disable-line rule:truthy
push:
pull_request:
workflow_dispatch:
permissions:
contents: read
jobs:
check-generated-code:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Rerun all code generators we have
run: bash ci/generate_code.sh
- name: Check there aren't any modified files present
run: |
clean=$(git status --porcelain)
if [[ -z "$clean" ]]; then
echo "Empty git status --porcelain: $clean"
else
echo "::error::Please run 'bash ci/generate_code.sh' (the command from the previous step), commit the changed files locally, and push again."
echo "Uncommitted file changes detected: $clean"
git diff
exit 1
fi
pytest-tests:
runs-on: ubuntu-latest
env:
poetry_version: '1.8.3'
steps:
- uses: actions/checkout@v4
- name: Cache poetry in ~/.local
uses: actions/cache/restore@v4
id: cache-poetry-restore
with:
path: ~/.local
key: "${{ runner.os }}-local-${{ env.poetry_version }}"
- name: Install poetry
if: steps.cache-poetry-restore.outputs.cache-hit != 'true'
run: pipx install poetry==${{ env.poetry_version }}
env:
PIPX_HOME: /home/runner/.local/pipx
PIPX_BIN_DIR: /home/runner/.local/bin
- name: Check poetry is installed correctly
run: poetry env info
- name: Save cache
if: steps.cache-poetry-restore.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
with:
path: ~/.local
key: ${{ steps.cache-poetry-restore.outputs.cache-primary-key }}
- name: Set up Python
id: setup-python
uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'poetry'
- name: Configure poetry
run: poetry env use "${{ steps.setup-python.outputs.python-path }}"
- name: Install deps
run: poetry install --sync
- run: poetry run pytest
code-static-analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate YAML files (best code practices check included)
id: validate-yaml-files
run: |
type yamllint || sudo apt-get -y install yamllint
find . -name "*.yaml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml
find . -name "*.yml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml
# In some YAML files we use JSON strings, let's check these
- name: Validate JSON strings in YAML files (just syntax)
id: validate-json-strings-in-yaml-files
run: |
type json_verify || sudo apt-get -y install yajl-tools
bash ./ci/check-json.sh
- name: Validate JSON files (just syntax)
id: validate-json-files
run: |
type json_verify || sudo apt-get -y install yajl-tools
shopt -s globstar
ret_code=0
echo "-- Checking a regular '*.json' files"
for f in **/*.json; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done
echo "-- Checking a 'Pipfile.lock' files"
for f in **/Pipfile.lock; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done
echo "-- Checking a '*.ipynb' Jupyter notebook files"
for f in **/*.ipynb; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done
if test "${ret_code}" -ne 0; then
echo "There were errors in some of the checked files. Please run `json_verify` on such files and fix issues there."
fi
exit "${ret_code}"
- name: Validate Dockerfiles
id: validate-dockerfiles
run: |
type hadolint || sudo apt-get -y install wget \
&& wget --output-document=hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 \
&& chmod a+x hadolint
echo "Starting Hadolint"
find . -name "Dockerfile" | xargs ./hadolint --config ./ci/hadolint-config.yaml
echo "Hadolint done"
# This simply checks that the manifests and respective kustomization.yaml finishes without an error.
# Version of the kustomize that operator use in runtime to apply these changes is determined by:
# https://github.com/red-hat-data-services/rhods-operator/blob/7ccc405135f99c014982d7e297b8949e970dd750/go.mod#L28-L29
# and then to match appropriate kustomize release https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.0.2
- name: Check kustomize manifest
id: kustomize-manifests
run: |
KUSTOMIZE_VERSION=5.0.2
wget "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"
tar -xvf kustomize*
./kustomize version
echo "----------------------------------------------------------"
echo "Starting './kustomize build manifests/base'"
echo "----------------------------------------------------------"
./kustomize build manifests/base
echo "----------------------------------------------------------"
echo "Starting './kustomize build manifests/overlays/additional'"
echo "----------------------------------------------------------"
./kustomize build manifests/overlays/additional