# Copyright 2023 The Janus IDP Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. name: PR Test operator on: pull_request: branches: - main - rhdh-1.[0-9]+ - 1.[0-9]+.x jobs: pr-validate: name: PR Validate runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 # check changes in this commit for regex include and exclude matches; pipe to an env var - name: Check for changes to build run: | # don't fail if nothing returned by grep set +e CHANGES="$(git diff --name-only ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} | \ grep -E "workflows/pr.yaml|Makefile|bundle/|config/|go.mod|go.sum|.+\.go" | \ grep -v -E "/.rhdh/")"; echo "Changed files for this commit:" echo "==============================" echo "$CHANGES" echo "==============================" { echo 'CHANGES<> "$GITHUB_ENV" - name: Setup Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 with: go-version-file: 'go.mod' # gosec needs a "build" stage so connect it to the lint step which we always do - name: build run: make lint - name: test # run this stage only if there are changes that match the includes and not the excludes if: ${{ env.CHANGES != '' }} run: make test - name: Run Gosec Security Scanner run: make gosec - name: Upload SARIF file uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3 with: # Path to SARIF file relative to the root of the repository sarif_file: gosec.sarif