Skip to content

feat(queries): implementation of regal for linting rego files #13345

feat(queries): implementation of regal for linting rego files

feat(queries): implementation of regal for linting rego files #13345

Workflow file for this run

name: go-ci
on:
pull_request:
branches: [master]
jobs:
lint:
name: lint
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: golangci-lint
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
version: v1.61.0
args: -c .golangci.yml --timeout 20m
go-generate:
name: go-generate
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Generate mocks and marshall/unmarshall code
run: make generate
unit-tests:
name: unit-tests
strategy:
matrix:
go-version: [1.23.x]
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Check out code into the Go module directory
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Get cache paths
id: go-cache-paths
shell: bash
run: echo "GO_BUILD=$(go env GOCACHE)" >>$GITHUB_OUTPUT
- name: Cache dependencies
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ${{ steps.go-cache-paths.outputs.GO_BUILD }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.OS }}-build-${{ env.cache-name }}
${{ runner.OS }}-build-
${{ runner.OS }}-
- name: Get Modules
run: |
go mod vendor
- name: Set Windows Page size
if: matrix.os == 'windows-latest'
uses: al-cheb/configure-pagefile-action@a3b6ebd6b634da88790d9c58d4b37a7f4a7b8708 # v1.4
with:
minimum-size: 32GB
maximum-size: 32GB
disk-root: "C:"
- name: Test and Generate Report Dev
if: matrix.os != 'windows-latest'
run: |
go test -tags dev -mod=vendor -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log
result_code=${PIPESTATUS[0]}
exit $result_code
- name: Test and Generate Report Windows Dev
if: matrix.os == 'windows-latest'
run: |
go test -mod=vendor -tags dev -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log
- name: Archive test logs
if: always()
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with:
name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log
path: unit-test.log
security-scan:
name: security-scan
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run Gosec Security Scanner
uses: securego/gosec@6fbd381238e97e1d1f3358f0d6d65de78dcf9245 # v2.20.0
with:
args: "-no-fail -fmt sarif -out results.sarif ./..."
- name: Show results
run: |
cat results.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33
with:
sarif_file: results.sarif