Skip to content

Commit 76a3790

Browse files
OCM-24672 | chore: consolidate checks under make pre-push-checks
Unify the module merge gate in Makefile (inline pre-push-checks), add make tools for pinned CLI installs, extend the CI client image, add verify-min-terraform workflow, remove test.yml, and align docs. Co-authored-by: Cursor <cursoragent@cursor.com> Signed-off-by: Amanda Hager Lopes de Andrade Katz <amanda.katz@redhat.com>
1 parent 863dcb4 commit 76a3790

24 files changed

Lines changed: 547 additions & 491 deletions

.dockerignore

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
.git
2+
bin/
3+
**/.terraform/
4+
.terraform-docs-cache/

.github/pull_request_template.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,6 @@ Examples: variable rename/removal, output rename/removal, default value change,
8383
- [ ] Relevant Jira/GitHub issues and related PRs are linked.
8484
- [ ] Tests were added/updated where appropriate.
8585
- [ ] I manually tested the change.
86-
- [ ] `make verify` passes.
87-
- [ ] `make verify-gen` passes.
86+
- [ ] `make pre-push-checks` passes (or each step: `verify`, `verify-gen`, `lint`, `unit-tests`, `license-check`, `docs-lint`).
8887
- [ ] Documentation was added/updated where appropriate (see `make terraform-docs`).
8988
- [ ] Any risk, limitation, or follow-up work is documented.

.github/workflows/generate_terraform_docs.yaml renamed to .github/workflows/generate-terraform-docs.yaml

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -28,15 +28,7 @@ jobs:
2828
ref: ${{ github.head_ref }}
2929

3030
- name: Install terraform-docs
31-
run: |
32-
set -euo pipefail
33-
TERRAFORM_DOCS_VERSION="$(grep -E '^ARG TERRAFORM_DOCS_VERSION=' Dockerfile | cut -d= -f2)"
34-
curl -sSLo ./terraform-docs.tar.gz "https://terraform-docs.io/dl/v${TERRAFORM_DOCS_VERSION}/terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz"
35-
tar -xzf terraform-docs.tar.gz terraform-docs
36-
chmod +x terraform-docs
37-
sudo mv terraform-docs /usr/local/bin/terraform-docs
38-
rm -f terraform-docs.tar.gz
39-
terraform-docs version
31+
run: make terraform-docs-bin
4032

4133
# Commits are created via the GitHub Git Database API (not git commit) so GitHub can
4234
# attribute and verify them for the authenticated GitHub App installation.

.github/workflows/license-check.yaml

Lines changed: 0 additions & 24 deletions
This file was deleted.
Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# Interim GitHub Actions security gate until OpenShift Prow runs the client image scan.
2+
# A dedicated Prow presubmit will be investigated and added in openshift/release.
3+
# Requires Docker on the runner (available on ubuntu-latest) for `make security-check-image`.
4+
name: Security check (Trivy image)
5+
6+
on:
7+
pull_request:
8+
paths:
9+
- "**/Dockerfile"
10+
- "**/.dockerignore"
11+
- Makefile
12+
- trivy-image.yaml
13+
- hack/install-release-tool.sh
14+
- .github/workflows/security-check-image.yaml
15+
16+
jobs:
17+
security-check-image:
18+
runs-on: ubuntu-latest
19+
permissions:
20+
contents: read
21+
steps:
22+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
23+
with:
24+
persist-credentials: false
25+
26+
- name: Install Trivy
27+
uses: aquasecurity/setup-trivy@3fb12ec12f41e471780db15c232d5dd185dcb514 # v0.2.6
28+
with:
29+
version: v0.70.0
30+
31+
- name: Build client image and scan for vulnerabilities
32+
run: make security-check-image TRIVY="$(command -v trivy)"

.github/workflows/test.yml

Lines changed: 0 additions & 24 deletions
This file was deleted.
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
# Validates examples at the minimum Terraform version (root versions.tf required_version).
2+
# The Prow client Dockerfile pins the newest Terraform release; this job guards module minimum compatibility.
3+
name: Verify (minimum Terraform)
4+
5+
on:
6+
pull_request:
7+
8+
jobs:
9+
verify-terraform-1-5-7:
10+
runs-on: ubuntu-latest
11+
permissions:
12+
contents: read
13+
steps:
14+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
15+
with:
16+
persist-credentials: false
17+
18+
- uses: hashicorp/setup-terraform@dfe3c3f87815947d99a8997f908cb6525fc44e9e # v4.0.1
19+
with:
20+
terraform_version: "1.5.7"
21+
terraform_wrapper: false
22+
23+
- name: Validate examples (minimum supported Terraform)
24+
run: make verify

.gitignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# terraform-docs.sh pinned binary cache (version from Dockerfile)
1+
# terraform-docs local cache (version from Makefile)
22
.terraform-docs-cache/
33

44
# Local tool binaries (for example Vale installed via make docs-lint)

.terraform.d/checkpoint_cache

312 Bytes
Binary file not shown.

.terraform.d/checkpoint_signature

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
5c28becf-1c06-20db-56c0-b73dfe297bf0
2+
3+
4+
This signature is a randomly generated UUID used to de-duplicate
5+
alerts and version information. This signature is random, it is
6+
not based on any personally identifiable information. To create
7+
a new signature, you can simply delete this file at any time.
8+
See the documentation for the software using Checkpoint for more
9+
information on how to disable it.
10+

0 commit comments

Comments
 (0)