fix: update modules, workflows, tests, examples, etc #191
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: validate | |
| on: | |
| pull_request: | |
| branches: [main] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITHUB_OWNER: ${{ github.repository_owner }} | |
| NIX_INSTALL_SHA: e9d447ce3d2ff62d7ff9cb6ef401de6fa8acb148839dd00f7271945d7b638b14 | |
| NIX_INSTALL_VERSION: 2.34.7 | |
| permissions: {} | |
| jobs: | |
| terraform: | |
| name: 'Terraform' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| # https://github.com/actions/checkout/releases | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: install-nix | |
| run: | | |
| curl -L -o install.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install" | |
| echo "${NIX_INSTALL_SHA} install.sh" | sha256sum -c - | |
| chmod +x install.sh | |
| ./install.sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: lint terraform | |
| shell: /home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep GITHUB_TOKEN --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0} | |
| run: | | |
| terraform fmt -check -recursive | |
| tflint --recursive | |
| actionlint: | |
| name: 'Lint Workflows' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| # https://github.com/actions/checkout/releases | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: install-nix | |
| run: | | |
| curl -L -o install.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install" | |
| echo "${NIX_INSTALL_SHA} install.sh" | sha256sum -c - | |
| chmod +x install.sh | |
| ./install.sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: action lint | |
| shell: /home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep GITHUB_TOKEN --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0} | |
| run: actionlint | |
| shellcheck: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| # https://github.com/actions/checkout/releases | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: install-nix | |
| run: | | |
| curl -L -o install.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install" | |
| echo "${NIX_INSTALL_SHA} install.sh" | sha256sum -c - | |
| chmod +x install.sh | |
| ./install.sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: shell check | |
| shell: /home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep GITHUB_TOKEN --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0} | |
| run: | | |
| while read -r file; do | |
| echo "checking $file..." | |
| shellcheck -x "$file" | |
| done <<<"$(grep -Rl -e '^#!' | grep -v '.terraform'| grep -v '.git')" | |
| validate-commit-message: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| steps: | |
| # https://github.com/actions/checkout/releases | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 # fetch all history so that we can validate the commit messages | |
| - name: install-nix | |
| run: | | |
| curl -L -o install.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install" | |
| echo "${NIX_INSTALL_SHA} install.sh" | sha256sum -c - | |
| chmod +x install.sh | |
| ./install.sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: Check commit message | |
| shell: /home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep GITHUB_TOKEN --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0} | |
| run: | | |
| set -e | |
| # Check commit messages | |
| # This steps enforces https://www.conventionalcommits.org/en/v1.0.0/ | |
| # This format enables automatic generation of changelogs and versioning | |
| filter() { | |
| COMMIT="$1" | |
| output="$(echo "$COMMIT" | grep -v -e '^fix: ' -e '^feature: ' -e '^feat: ' -e '^refactor!: ' -e '^feature!: ' -e '^feat!: ' -e '^chore(main): ' -e '^Merge branch ' || true)" | |
| echo "$output" | |
| } | |
| prefix_check() { | |
| message="$1" | |
| if [ "" != "$(filter "$message")" ]; then | |
| cat <<EOF | |
| ...Commit message does not start with the required prefix. | |
| Please use one of the following prefixes: "fix:", "feature:", "feat:", "refactor!:", "feature!:", or "feat!:". | |
| This enables release-please to automatically format release notes based on the commit message. | |
| $message | |
| EOF | |
| exit 1 | |
| else | |
| echo "...Commit message starts with the required prefix." | |
| fi | |
| } | |
| empty_check() { | |
| message="$1" | |
| if [ "" == "$message" ]; then | |
| echo "...Empty commit message." | |
| exit 1 | |
| else | |
| echo "...Commit message isnt empty." | |
| fi | |
| } | |
| length_check() { | |
| message="$1" | |
| length="$(wc -m <<<"$message")" | |
| if [ $length -gt 100 ]; then | |
| echo "...Commit message subject line should be less than 100 characters, found $length." | |
| exit 1 | |
| else | |
| echo "...Commit message subject line is less than 100 characters." | |
| fi | |
| } | |
| spell_check() { | |
| message="$1" | |
| WORDS="$(aspell list --dont-validate-words <<<"$message")" | |
| if [ "" != "$WORDS" ]; then | |
| echo "...Commit message contains spelling errors on: ^$WORDS\$" | |
| echo "...Also try updating the PR title." | |
| echo "...If this is a mistake, add your word to the aspell_custom.txt file, it is case insensitive." | |
| exit 1 | |
| else | |
| echo "...Commit message doesnt contain spelling errors." | |
| fi | |
| } | |
| # Fetch the commit messages | |
| COMMIT_MESSAGES="$(gh pr view ${{github.event.number}} --json commits | jq -r '.commits[].messageHeadline')" | |
| echo "Commit messages found: " | |
| echo "$COMMIT_MESSAGES" | |
| while read -r message; do | |
| echo "checking message ^$message\$" | |
| empty_check "$message" | |
| prefix_check "$message" | |
| length_check "$message" | |
| spell_check "$message" | |
| echo "message ^$message\$ passed all checks" | |
| done <<<"$COMMIT_MESSAGES" | |
| gitleaks: | |
| name: 'Scan for Secrets' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| # https://github.com/actions/checkout/releases | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: install-nix | |
| run: | | |
| curl -L -o install.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install" | |
| echo "${NIX_INSTALL_SHA} install.sh" | sha256sum -c - | |
| chmod +x install.sh | |
| ./install.sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: Check for secrets | |
| shell: /home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep GITHUB_TOKEN --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0} | |
| run: | | |
| gitleaks detect --no-banner -v --no-git | |
| gitleaks detect --no-banner -v | |
| continue-on-error: true | |
| test-compile-check: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| # https://github.com/actions/checkout/releases | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: install-nix | |
| run: | | |
| curl -L -o install.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install" | |
| echo "${NIX_INSTALL_SHA} install.sh" | sha256sum -c - | |
| chmod +x install.sh | |
| ./install.sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: compile-check | |
| shell: /home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep GITHUB_TOKEN --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0} | |
| run: | | |
| cd test/tests | |
| go test -c | |
| lint-tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # https://github.com/actions/checkout/releases | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: install-nix | |
| run: | | |
| curl -L -o install.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install" | |
| echo "${NIX_INSTALL_SHA} install.sh" | sha256sum -c - | |
| chmod +x install.sh | |
| ./install.sh | |
| source /home/runner/.nix-profile/etc/profile.d/nix.sh | |
| nix --version | |
| which nix | |
| - name: compile-check | |
| shell: /home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep GITHUB_TOKEN --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0} | |
| run: | | |
| cd test/tests | |
| echo "checking tests for go lint errors..." | |
| if ! golangci-lint run; then echo "lint failed..."; exit 1; fi | |
| echo "lint errors complete" | |
| echo "checking for format issues" | |
| if [ -n "$(gofmt -l -s -d .)" ]; then echo "some files need formatting..."; exit 1; fi | |
| echo "formatting check complete" |