Skip to content
Lint

oidc system tests: wait for sign in to finish before continuing #8060

Sign in to view logs

oidc system tests: wait for sign in to finish before continuing

oidc system tests: wait for sign in to finish before continuing #8060

Workflow file for this run

.github/workflows/lint.yml at 816e389
name: Lint
on:
pull_request:
push:
branches:
- master
permissions:
contents: read
jobs:
rubocop:
name: Rubocop
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # v1.221.0
with:
bundler-cache: true
- name: Rubocop
run: bundle exec rubocop
brakeman:
name: Brakeman
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # v1.221.0
with:
bundler-cache: true
- name: Brakeman
run: bundle exec brakeman
importmap:
name: Importmap Verify
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # v1.221.0
with:
bundler-cache: true
- name: Importmap Verify
run: bundle exec rake importmap:verify
kubeconform:
name: Kubeconform
runs-on: ubuntu-24.04
strategy:
matrix:
kubernetes_version: ["1.29.1"]
environment:
- staging
- production
steps:
- name: login to Github Packages
run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # v1.221.0
with:
bundler-cache: true
- name: krane render
run: |
gem exec --silent krane render -f config/deploy/$ENVIRONMENT --bindings=environment=$ENVIRONMENT --current-sha=$REVISION > config/deploy/$ENVIRONMENT.rendered.yaml
env:
ENVIRONMENT: "${{ matrix.environment }}"
REVISION: "${{ github.sha }}"
- uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: "${{ matrix.environment }}.rendered.yaml"
path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
- name: kubeconform
uses: docker://ghcr.io/yannh/kubeconform@sha256:03f6b236ef64f20b4bc950209d6254b109e23b4b05e7811649f59eae5659fa58 # v0.6.3
with:
entrypoint: "/kubeconform"
args: "-strict -summary -output json --kubernetes-version ${{ matrix.kubernetes_version }} config/deploy/${{ matrix.environment }}.rendered.yaml"
frizbee:
name: Frizbee
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: stacklok/frizbee-action@5a96917a752dd98c16a4ac0bc50721284940c51e # main
env:
GITHUB_TOKEN: ${{ github.token }}
with:
action_paths: '[".github/workflows", ".github/actions"]'
dockerfiles: '["./Dockerfile", ".devcontainer/Dockerfile"]'
docker_compose: '["./docker-compose.yml", ".devcontainer/docker-compose.yml"]'
fail_on_unpinned: true
open_pr: false
repo_root: "."
zizmor:
name: zizmor
runs-on: ubuntu-latest
permissions:
security-events: write
# required for workflows in private repositories
contents: read
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Install the latest version of uv
uses: astral-sh/setup-uv@1edb52594c857e2b5b13128931090f0640537287 # v5.3.0
- name: Run zizmor 🌈
run: uvx zizmor --format sarif . > results.sarif
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
with:
sarif_file: results.sarif
category: zizmor