From 49034904332ac3c8718de9ae972ecee7214cdbfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=BCchinger=20Dominic?= Date: Thu, 26 Dec 2024 16:52:28 +0100 Subject: [PATCH] build: Added basic CI support --- .github/workflows/lint.yml | 30 ++++++++++++++++++++++++++++++ .github/workflows/sast.yml | 28 ++++++++++++++++++++++++++++ .github/workflows/tests.yml | 18 ++++++++++++++++++ Makefile | 5 +++-- 4 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/sast.yml create mode 100644 .github/workflows/tests.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..dd3f909 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,30 @@ +name: Lint + +on: [push, pull_request] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +jobs: + lua-check: + timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT || 10) }} + name: Lua Check + runs-on: ubuntu-24.04 + permissions: + contents: read + issues: read + checks: write + pull-requests: write + if: (github.actor != 'dependabot[bot]') + + steps: + - name: Checkout source code + uses: actions/checkout@v3 + + - name: Lua Check + uses: Kong/public-shared-actions/code-check-actions/lua-lint@0ccacffed804d85da3f938a1b78c12831935f992 # v2.8.0 + with: + additional_args: '--no-default-config --config .luacheckrc' + action_fail: true + print_results: true diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml new file mode 100644 index 0000000..6b25c1e --- /dev/null +++ b/.github/workflows/sast.yml @@ -0,0 +1,28 @@ +name: SAST + +on: + pull_request: {} + push: + branches: + - master + - main + workflow_dispatch: {} + + +jobs: + semgrep: + timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT || 10) }} + name: Semgrep SAST + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + # only required for workflows in private repositories + actions: read + contents: read + + if: (github.actor != 'dependabot[bot]') + + steps: + - uses: actions/checkout@v3 + - uses: Kong/public-shared-actions/security-actions/semgrep@33449c46c6766a3d3c8f167cc383381225862b36 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..e149cba --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,18 @@ +name: Test + +on: [push, pull_request] + +jobs: + tests: + timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT || 10) }} + name: Busted Tests + + runs-on: ubuntu-24.04 + + steps: + - name: Checkout source code + uses: actions/checkout@main + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Run tests + run: make test-unit DOCKER_RUN_FLAGS_TTY='' diff --git a/Makefile b/Makefile index bc61594..2de1f17 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,8 @@ _docker_is_podman = $(shell $(DOCKER) --version | grep podman 2>/dev/null) # - set username/UID to executor DOCKER_USER ?= $$(id -u) DOCKER_USER_OPT = $(if $(_docker_is_podman),--userns keep-id,--user $(DOCKER_USER)) -DOCKER_RUN_FLAGS ?= --rm --interactive --tty $(DOCKER_USER_OPT) +DOCKER_RUN_FLAGS_TTY ?= --tty +DOCKER_RUN_FLAGS ?= --rm --interactive $(DOCKER_RUN_FLAGS_TTY) $(DOCKER_USER_OPT) DOCKER_NO_CACHE := @@ -254,7 +255,7 @@ stop-services: stop-service-redis stop-service-openfga stop-service-postgres .PHONY: lint lint: container-ci-kong-tooling - $(CONTAINER_CI_KONG_TOOLING_RUN) sh -c '(cd /kong-plugin; luacheck .)' + $(CONTAINER_CI_KONG_TOOLING_RUN) sh -c '(cd /kong-plugin; luacheck --no-default-config --config .luacheckrc .)' .PHONY: format-code format-code: container-ci-kong-tooling