Submit data to CodeCov only if actor has access to token secrets #16333
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| # NOTE(mhayden): Restricting branches prevents jobs from being doubled since | |
| # a push to a pull request triggers two events. | |
| on: | |
| pull_request: | |
| branches: | |
| - "*" | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| unit-tests: | |
| name: "🛃 Unit tests" | |
| runs-on: ubuntu-20.04 | |
| container: | |
| image: registry.fedoraproject.org/fedora:37 | |
| steps: | |
| # krb5-devel is needed to test internal/upload/koji package | |
| # gcc is needed to build the mock dnf-json binary for the unit tests | |
| # gpgme-devel is needed for container upload dependencies | |
| - name: Install build and test dependencies | |
| run: dnf -y install krb5-devel gcc git-core go gpgme-devel btrfs-progs-devel device-mapper-devel | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Mark the working directory as safe for git | |
| run: git config --global --add safe.directory "$(pwd)" | |
| - name: Run unit tests | |
| run: go test -race -covermode=atomic -coverprofile=coverage.txt -coverpkg=$(go list ./... | grep -v rpmmd/test$ | tr "\n" ",") ./... | |
| - uses: codecov/codecov-action@v4 | |
| if: env.CODECOV_TOKEN | |
| with: | |
| fail_ci_if_error: false | |
| verbose: true | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| db-tests: | |
| name: "🗄 DB tests" | |
| runs-on: ubuntu-20.04 | |
| services: | |
| postgres: | |
| # 12 is used in deployments | |
| image: postgres:12 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: foobar | |
| POSTGRES_DB: osbuildcomposer | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 5432:5432 | |
| steps: | |
| - name: Apt update | |
| run: sudo apt-get update | |
| # gpgme-devel is needed for container upload dependencies | |
| - name: Install test dependencies | |
| run: sudo apt-get install -y libgpgme-dev | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.20" | |
| - env: | |
| PGUSER: postgres | |
| PGPASSWORD: foobar | |
| PGDATABASE: osbuildcomposer | |
| PGHOST: localhost | |
| PGPORT: 5432 | |
| run: | | |
| WORKDIR=$(readlink -f pkg/jobqueue/dbjobqueue/schemas) | |
| pushd $(mktemp -d) | |
| go mod init temp | |
| go install github.com/jackc/tern@latest | |
| $(go env GOPATH)/bin/tern migrate -m "$WORKDIR" | |
| popd | |
| - run: go test -tags=integration ./cmd/osbuild-composer-dbjobqueue-tests | |
| - run: go test -tags=integration ./cmd/osbuild-service-maintenance | |
| python-lint: | |
| name: "🐍 Lint python scripts" | |
| runs-on: ubuntu-latest | |
| container: | |
| image: registry.fedoraproject.org/fedora:37 | |
| steps: | |
| - name: Install build and test dependencies | |
| run: dnf -y install python3-pylint git-core python3-requests | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Analysing the code with pylint | |
| run: | | |
| python3 -m pylint tools/koji-compose.py | |
| golang-lint: | |
| name: "⌨ Golang Lint" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go 1.20 | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.20" | |
| id: go | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Apt update | |
| run: sudo apt-get update | |
| # This is needed to lint internal/upload/koji package | |
| - name: Install kerberos devel package | |
| run: sudo apt-get install -y libkrb5-dev | |
| # This is needed for the container upload dependencies | |
| - name: Install libgpgme devel package | |
| run: sudo apt-get install -y libgpgme-dev | |
| # This is needed for the 'github.com/containers/storage' package | |
| - name: Install btrfs-progs devel package | |
| run: sudo apt-get install -y libbtrfs-dev | |
| - name: Install libdevmapper devel package | |
| run: sudo apt-get install -y libdevmapper-dev | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v5 | |
| with: | |
| version: v1.54.2 | |
| args: --verbose --timeout 5m0s | |
| packit-config-lint: | |
| name: "📦 Packit config lint" | |
| runs-on: ubuntu-latest | |
| container: | |
| image: registry.fedoraproject.org/fedora:latest | |
| steps: | |
| - name: Install Packit | |
| run: dnf -y install packit | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Validate Packit config | |
| run: | | |
| packit validate-config .packit.yaml | |
| prepare: | |
| name: "🔍 Check source preparation" | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Set up Go 1.20 | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.20" | |
| id: go | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Check that source has been prepared | |
| run: | | |
| ./tools/prepare-source.sh | |
| if [ -n "$(git status --porcelain)" ]; then | |
| echo | |
| echo "Please include these changes in your branch: " | |
| git status -vv | |
| exit "1" | |
| else | |
| exit "0" | |
| fi | |
| check-snapshots: | |
| name: "🔍 Check for valid snapshot urls" | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Check for valid snapshot urls | |
| run: ./tools/check-snapshots --errors-only . | |
| check-runners: | |
| name: "🔍 Check for missing or unused runner repos" | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Check for missing or unused runner repos | |
| run: ./tools/check-runners | |
| shellcheck: | |
| name: "🐚 Shellcheck" | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Run ShellCheck | |
| uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 | |
| with: | |
| ignore: vendor # We don't want to fix the code in vendored dependencies | |
| env: | |
| # don't check /etc/os-release sourcing, allow useless cats to live inside our codebase, and | |
| # allow seemingly unreachable commands | |
| SHELLCHECK_OPTS: -e SC1091 -e SC2002 -e SC2317 | |
| - name: Do not doube trap signals inside test scripts | |
| run: | | |
| FILES_WITH_DOUBLE_TRAP=$(grep trap test/cases/* -R | cut -f1 -d: | sort | uniq -c | grep -v 1 || echo -n) | |
| echo "INFO: ----- files with possible double calls to 'trap' -----" | |
| echo "$FILES_WITH_DOUBLE_TRAP" | |
| echo "---------- END ----------" | |
| if [ -n "$FILES_WITH_DOUBLE_TRAP" ]; then | |
| echo "FAIL: Do not double 'trap' signals" | |
| echo "INFO: because this may lead to cleanup() function not being executed" | |
| exit 1 | |
| fi | |
| rpmlint: | |
| name: "📦 RPMlint" | |
| runs-on: ubuntu-20.04 | |
| container: registry.fedoraproject.org/fedora:37 | |
| steps: | |
| - name: Install dependencies | |
| run: sudo dnf install -y rpmlint rpm-build make git-core | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Create SRPM | |
| run: | | |
| git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| make srpm | |
| - name: Run rpmlint | |
| run: rpmlint rpmbuild/SRPMS/* | |
| gitlab-ci-helper: | |
| name: "Gitlab CI trigger helper" | |
| runs-on: ubuntu-latest | |
| env: | |
| SKIP_CI: ${{ (github.event.pull_request.draft == true || contains(github.event.pull_request.labels.*.name, 'WIP')) && !contains(github.event.pull_request.labels.*.name, 'WIP+test') }} | |
| steps: | |
| - name: Write PR status | |
| run: echo "$SKIP_CI" > SKIP_CI.txt | |
| - name: Upload status | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: PR_STATUS | |
| path: SKIP_CI.txt | |
| kube-linter: | |
| name: "🎀 kube-linter" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: redhat-actions/oc-installer@v1 | |
| - name: Process template | |
| run: | | |
| mkdir processed-templates | |
| oc process -f templates/openshift/composer.yml \ | |
| -p IMAGE_TAG=image_tag \ | |
| --local \ | |
| -o yaml > processed-templates/composer.yml | |
| oc process -f templates/openshift/maintenance.yml \ | |
| -p IMAGE_TAG=image_tag \ | |
| --local \ | |
| -o yaml > processed-templates/maintenance.yml | |
| - uses: stackrox/kube-linter-action@v1.0.5 | |
| with: | |
| directory: processed-templates | |
| config: templates/.kube-linter-config.yml | |
| version: 0.3.0 | |
| cloud-cleaner-is-enabled: | |
| name: "🧹 cloud-cleaner-is-enabled" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check if workflow is enabled | |
| run: | | |
| curl https://github.com/osbuild/cloud-cleaner/actions/workflows/run_ib.yml 2>/dev/null | grep -vz "This scheduled workflow is disabled" >/dev/null | |
| - name: How to enable cloud-cleaner | |
| if: failure() | |
| run: | | |
| echo "Cloud-cleaner is disabled" | |
| echo "Go to https://github.com/osbuild/cloud-cleaner/actions/workflows/run_ib.yml and" | |
| echo "https://github.com/osbuild/cloud-cleaner/actions/workflows/run_cloudx.yml and" | |
| echo "manually enable it!" |