Remove common secret config keys and BASE64_NETWORK_CONFIG env #4531
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: (all packages) Lints | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
pre-commit: | |
name: Pre-commit checks | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the Repo | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
fetch-depth: 0 # needed for pre-commit to work correctly | |
- name: Install Nix | |
uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable | |
- name: Run pre-commit checks | |
env: | |
BASE_REF: ${{ github.base_ref }} | |
HEAD_REF: ${{ github.head_ref }} | |
run: | | |
nix develop -c sh -c "\ | |
git fetch origin ${BASE_REF}:${BASE_REF} &&\ | |
git fetch origin ${HEAD_REF}:${HEAD_REF} &&\ | |
gitdiffs=\$(git diff --name-only ${BASE_REF}...${HEAD_REF} | xargs) &&\ | |
echo \"changed files: \$gitdiffs\" &&\ | |
pre-commit run --hook-stage pre-commit --show-diff-on-failure --color=always --files \${gitdiffs}" | |
tools: | |
name: Get tool-versions | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Parse tool-versions file | |
uses: smartcontractkit/tool-versions-to-env-action@aabd5efbaf28005284e846c5cf3a02f2cba2f4c2 # v1.0.8 | |
id: tool-versions | |
outputs: | |
golangci-lint-version: ${{ steps.tool-versions.outputs.golangci-lint_version }} | |
golangci: | |
name: Linting-${{ matrix.project.name }} | |
runs-on: ubuntu-latest | |
needs: [tools] | |
strategy: | |
fail-fast: false | |
matrix: | |
project: | |
- name: root | |
path: ./ | |
- name: gotestloghelper | |
path: ./tools/gotestloghelper/ | |
- name: k8s-test-runner | |
path: ./k8s-test-runner/ | |
- name: testlistgenerator | |
path: ./tools/testlistgenerator/ | |
- name: ecrimagefetcher | |
path: ./tools/ecrimagefetcher/ | |
- name: ghlatestreleasechecker | |
path: ./tools/ghlatestreleasechecker/ | |
- name: asciitable | |
path: ./tools/asciitable/ | |
- name: workflowresultparser | |
path: ./tools/workflowresultparser/ | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Install Go | |
uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/setup-go@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16 | |
with: | |
test_download_vendor_packages_command: cd ${{ matrix.project.path }} && go mod download | |
go_mod_path: ${{ matrix.project.path }}go.mod | |
cache_key_id: ctf-go-${{ matrix.project.name }} | |
cache_restore_only: 'false' | |
- name: golangci-lint ${{ needs.tools.outputs.golangci-lint-version }} | |
uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc # v5.1.0 | |
with: | |
version: v${{ needs.tools.outputs.golangci-lint-version }} | |
args: --out-format checkstyle:golangci-lint-report.xml | |
skip-cache: true | |
working-directory: ${{ matrix.project.path }} | |
- name: Print lint report artifact | |
if: always() | |
run: test -f ${{ matrix.project.path }}golangci-lint-report.xml || true | |
- name: Store lint report artifact | |
if: always() | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: golangci-lint-report-${{ matrix.project.name }} | |
path: ${{ matrix.project.path }}golangci-lint-report.xml | |
vulnerabilities-check: | |
name: Check for Vulnerabilities | |
runs-on: ubuntu-latest | |
needs: [tools] | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Install Go | |
uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/setup-go@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16 | |
with: | |
test_download_vendor_packages_command: go mod download | |
go_mod_path: ./go.mod | |
cache_key_id: ctf-go | |
cache_restore_only: 'false' | |
- name: Write Go List | |
run: go list -json -deps ./... > go.list | |
- name: Nancy | |
uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3 | |
asdf-install: | |
name: Validate GitHub Action Workflows | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Install asdf dependencies | |
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3.0.2 | |
helmlint: | |
name: Lint Helm Charts | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
# Without this parameter, the merged commit that CI produces will make it so that ct will | |
# not detect a diff even if one exists | |
fetch-depth: 0 | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 | |
- name: Add helm chart repo | |
run: helm repo add chainlink-qa https://raw.githubusercontent.com/smartcontractkit/qa-charts/gh-pages/ | |
- name: Run chart-testing (lint) | |
run: ct lint --config ${{ github.workspace }}/.github/configs/ct.yaml | |
actionlint: | |
name: Validate GitHub Action Workflows | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Run actionlint | |
uses: reviewdog/action-actionlint@9d8b58041eed1373f173e91b9a3db5a844197236 # v1.44.0 | |
sonarqube: | |
name: SonarQube Analysis | |
needs: [golangci] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repo | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
fetch-depth: 0 # fetches all history for all tags and branches to provide more metadata for sonar reports | |
- name: Download all workflow run artifacts | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
- name: SonarQube Scan | |
uses: sonarsource/sonarqube-scan-action@53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0 # v2.0.2 | |
with: | |
args: > | |
-Dsonar.go.golangci-lint.reportPaths=golangci-lint-report/golangci-lint-report.xml | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} |