feat(queries): implementation of regal for linting rego files #13345
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: go-ci | |
on: | |
pull_request: | |
branches: [master] | |
jobs: | |
lint: | |
name: lint | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
cache: false | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 | |
with: | |
version: v1.61.0 | |
args: -c .golangci.yml --timeout 20m | |
go-generate: | |
name: go-generate | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- name: Generate mocks and marshall/unmarshall code | |
run: make generate | |
unit-tests: | |
name: unit-tests | |
strategy: | |
matrix: | |
go-version: [1.23.x] | |
os: [ubuntu-latest, windows-latest, macos-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
persist-credentials: false | |
- name: Get cache paths | |
id: go-cache-paths | |
shell: bash | |
run: echo "GO_BUILD=$(go env GOCACHE)" >>$GITHUB_OUTPUT | |
- name: Cache dependencies | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ${{ steps.go-cache-paths.outputs.GO_BUILD }} | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.OS }}-build-${{ env.cache-name }} | |
${{ runner.OS }}-build- | |
${{ runner.OS }}- | |
- name: Get Modules | |
run: | | |
go mod vendor | |
- name: Set Windows Page size | |
if: matrix.os == 'windows-latest' | |
uses: al-cheb/configure-pagefile-action@a3b6ebd6b634da88790d9c58d4b37a7f4a7b8708 # v1.4 | |
with: | |
minimum-size: 32GB | |
maximum-size: 32GB | |
disk-root: "C:" | |
- name: Test and Generate Report Dev | |
if: matrix.os != 'windows-latest' | |
run: | | |
go test -tags dev -mod=vendor -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log | |
result_code=${PIPESTATUS[0]} | |
exit $result_code | |
- name: Test and Generate Report Windows Dev | |
if: matrix.os == 'windows-latest' | |
run: | | |
go test -mod=vendor -tags dev -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log | |
- name: Archive test logs | |
if: always() | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 | |
with: | |
name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log | |
path: unit-test.log | |
security-scan: | |
name: security-scan | |
runs-on: ubuntu-latest | |
env: | |
GO111MODULE: on | |
steps: | |
- name: Checkout Source | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Run Gosec Security Scanner | |
uses: securego/gosec@6fbd381238e97e1d1f3358f0d6d65de78dcf9245 # v2.20.0 | |
with: | |
args: "-no-fail -fmt sarif -out results.sarif ./..." | |
- name: Show results | |
run: | | |
cat results.sarif | |
- name: Upload SARIF file | |
uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33 | |
with: | |
sarif_file: results.sarif |