[automation] Auto-update linters version, help and documentation #21857
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
######################### | |
######################### | |
## Deploy Docker Image ## | |
######################### | |
######################### | |
# | |
# Documentation: | |
# https://help.github.com/en/articles/workflow-syntax-for-github-actions | |
# | |
####################################### | |
# Start the job on all push to main # | |
####################################### | |
name: "Build & Deploy - DEV" | |
on: | |
push: | |
branches-ignore: | |
- main | |
paths-ignore: | |
- .github/CONTRIBUTING.md | |
- CHANGELOG.md | |
- README.md | |
- .github/workflows/slash-command-dispatch.yml | |
- .github/workflows/help-command.yml | |
- .github/workflows/build-command.yml | |
pull_request: | |
############### | |
# Set the Job # | |
############### | |
concurrency: | |
group: ${{ github.ref_name }}-${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
# Name the Job | |
name: Tests + Deploy Docker Image - DEV | |
# Set the agent to run on | |
runs-on: ubuntu-latest | |
permissions: read-all | |
# Prevent duplicate run from happening when a forked push is committed | |
if: (github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository) && !contains(github.event.head_commit.message, 'skip deploy') | |
# Set max build time for the job | |
timeout-minutes: 120 | |
################## | |
# Load all steps # | |
################## | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# Free disk space | |
- name: Free Disk space | |
shell: bash | |
run: | | |
sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android | |
sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET | |
sudo rm -rf /opt/ghc | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
- name: Docker Metadata action | |
uses: docker/[email protected] | |
id: meta | |
with: | |
images: | | |
${{ github.repository }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
################################### | |
# Build image locally for testing # | |
################################### | |
- name: Build MegaLinter Docker Image (quick) | |
if: ${{ contains(github.event.head_commit.message, 'quick build') }} | |
id: docker_build_quick | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: Dockerfile-quick | |
platforms: linux/amd64 | |
build-args: | | |
BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} | |
BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} | |
BUILD_REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} | |
MEGA_LINTER_BASE_IMAGE="oxsecurity/megalinter:beta" | |
--squash # Enable image squashing to produce a single-layer image | |
load: true | |
push: false | |
secrets: | | |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
tags: ${{ steps.meta.outputs.tags }} | |
timeout-minutes: 90 | |
####################################### | |
# Build image (full for forked repos) # | |
####################################### | |
- name: Build MegaLinter Docker Image (full from forks) | |
if: | | |
( | |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || | |
(github.event_name == 'push' && github.repository != 'oxsecurity/megalinter') | |
) | |
&& | |
!contains(github.event.head_commit.message, 'quick build') | |
id: docker_build | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: Dockerfile | |
platforms: linux/amd64 | |
build-args: | | |
BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} | |
BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} | |
BUILD_REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} | |
--squash # Enable image squashing to produce a single-layer image | |
load: true | |
push: false | |
secrets: | | |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
tags: ${{ steps.meta.outputs.tags }} | |
timeout-minutes: 90 | |
#################################### | |
# Build image (full for main repo) # | |
#################################### | |
- name: Build MegaLinter Docker Image (full from main repo) & push | |
if: | | |
( | |
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) || | |
(github.event_name == 'push' && github.repository == 'oxsecurity/megalinter') | |
) | |
&& | |
!contains(github.event.head_commit.message, 'quick build') | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: Dockerfile | |
platforms: linux/amd64 | |
build-args: | | |
BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} | |
BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} | |
BUILD_REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} | |
--squash # Enable image squashing to produce a single-layer image | |
load: true | |
push: false | |
secrets: | | |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
tags: ${{ steps.meta.outputs.tags }} | |
# Clean docker build cache | |
- name: Clean docker buildx cache | |
run: docker buildx prune --force | |
##################################### | |
# Run Linter test cases # | |
##################################### | |
- name: Run Test Cases | |
shell: bash | |
run: | | |
GITHUB_REPOSITORY=$([ "${{ github.event_name }}" == "pull_request" ] && echo "${{ github.event.pull_request.head.repo.full_name }}" || echo "${{ github.repository }}") | |
GITHUB_BRANCH=$([ "${{ github.event_name }}" == "pull_request" ] && echo "${{ github.head_ref }}" || echo "${{ github.ref_name }}") | |
export CI_ENV="$(bash <(curl -s https://codecov.io/env)) -e GITHUB_ACTIONS" | |
TEST_KEYWORDS_TO_USE="" | |
if [[ "${{ github.event.head_commit.message }}" == *"TEST_KEYWORDS="* ]]; then | |
COMMIT_MSG="${{ github.event.head_commit.message }}" | |
TEST_KEYWORDS_TO_USE=${COMMIT_MSG#*TEST_KEYWORDS=} | |
echo "Run only tests with keywords ${TEST_KEYWORDS_TO_USE}" | |
if [[ "${TEST_KEYWORDS_TO_USE}" =~ $'\r' ]]; then | |
echo "Problem while parsing test keywords: switch back to all tests" | |
TEST_KEYWORDS_TO_USE="" | |
fi | |
fi | |
docker image ls | |
docker run $CI_ENV -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -e GITHUB_BRANCH=${GITHUB_BRANCH} -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -e TEST_KEYWORDS="${TEST_KEYWORDS_TO_USE}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint ${{ fromJson(steps.meta.outputs.json).tags[0]}} | |
timeout-minutes: 90 | |
##################################### | |
# Run Linter against ALL code base # | |
##################################### | |
- name: Run against all code base | |
if: "!contains(github.event.head_commit.message, 'quick build')" | |
shell: bash | |
run: docker run -e GITHUB_REPOSITORY="${{ github.repository }}" -e GITHUB_SHA="${{ github.sha }}" -e GITHUB_TOKEN="${{ github.token }}" -e GITHUB_RUN_ID="${{ github.run_id }}" -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint ${{ fromJson(steps.meta.outputs.json).tags[0]}} | |
timeout-minutes: 15 | |
# Upload MegaLinter artifacts | |
- name: Archive production artifacts | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MegaLinter reports | |
path: | | |
megalinter-reports | |
mega-linter.log | |
linter-helps.json | |
linter-versions.json | |
- name: debug | |
if: success() || failure() | |
run: echo ${{ steps.docker_build.outcome }} | |
# Clean disk space | |
- name: Clear disk space | |
run: | | |
sudo rm -rf /opt/ghc | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
sudo swapoff -a || true | |
sudo rm -f /swapfile || true | |
sudo apt clean || true | |
# Test mega-linter-runner with newly created image | |
- name: Setup Node | |
if: ${{ steps.docker_build.outcome }} == 'success' && !contains(github.event.head_commit.message, 'quick build') | |
uses: actions/[email protected] | |
with: | |
node-version: "20.x" | |
- name: Install NPM dependencies | |
if: ${{ steps.docker_build.outcome }} == 'success' && !contains(github.event.head_commit.message, 'quick build') | |
run: cd mega-linter-runner && yarn install --frozen-lockfile && npm link | |
- name: Run mega-linter-runner tests | |
if: ${{ steps.docker_build.outcome }} == 'success' && !contains(github.event.head_commit.message, 'quick build') | |
run: cd mega-linter-runner && MEGALINTER_RELEASE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} MEGALINTER_IMAGE=${{ fromJson(steps.meta.outputs.json).tags[0]}} MEGALINTER_NO_DOCKER_PULL=true npm run test | |
# - name: free disk space | |
# run: | | |
# sudo swapoff -a || true | |
# sudo rm -f /swapfile || true | |
# sudo apt clean || true | |
# ############################################## | |
# # Check Docker image security with Trivy # | |
# ############################################## | |
# - name: Run Trivy vulnerability scanner | |
# uses: aquasecurity/trivy-action@master | |
# with: | |
# image-ref: "${{ fromJson(steps.meta.outputs.json).tags[0]}}" | |
# format: 'table' | |
# exit-code: '1' | |
# ignore-unfixed: true | |
# scanners: vuln | |
# vuln-type: 'os,library' | |
# severity: 'CRITICAL,HIGH' | |
# timeout: 15m0s |