EPSS enricher #5372
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- "**" | |
jobs: | |
gating-lints: | |
name: Gating Lints | |
runs-on: ubuntu-latest | |
steps: | |
- name: Commit Check | |
uses: gsactions/commit-message-checker@v2 | |
with: | |
pattern: | | |
^[^:!]+: .+\n\n.*$ | |
error: 'Commit must begin with <scope>: <subject>' | |
flags: 'gm' | |
excludeTitle: true | |
excludeDescription: true | |
checkAllCommitMessages: true | |
accessToken: ${{ secrets.GITHUB_TOKEN }} | |
- name: Checkout | |
id: checkout | |
if: ${{ !cancelled() }} | |
uses: actions/checkout@v4 | |
- name: Check Filenames | |
if: ${{ !cancelled() && steps.checkout.conclusion == 'success' }} | |
run: | # Check for all the characters Windows hates. | |
git ls-files -- ':/:*[<>:"|?*]*' | while read -r file; do | |
printf '::error file=%s,title=Bad Filename::Disallowed character in file name\n' "$file" | |
done | |
exit $(git ls-files -- ':/:*[<>:"|?*]*' | wc -l) | |
- name: Setup Go | |
id: 'setupgo' | |
if: ${{ !cancelled() && steps.checkout.conclusion == 'success' }} | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: ./go.mod | |
- name: Go Tidy | |
if: ${{ !cancelled() && steps.checkout.conclusion == 'success' && steps.setupgo.conclusion == 'success' }} | |
run: | | |
trap 'echo "::error file=go.mod,title=Tidy Check::Commit would leave go.mod untidy"' ERR | |
go mod tidy | |
git diff --exit-code | |
build-documentation: | |
name: Build Docs | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup mdBook | |
uses: peaceiris/actions-mdbook@v2 | |
with: | |
mdbook-version: 'latest' | |
- name: mdBook Build | |
run: mdbook build | |
tests: | |
name: Tests | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
go: | |
- 'stable' | |
- 'oldstable' | |
steps: | |
- name: Check for Previous Run | |
id: previous | |
uses: actions/cache@v4 | |
with: | |
path: ~/ok-by-run | |
key: commit-ok-${{ matrix.go }}-${{ github.sha }} | |
- name: Checkout | |
if: steps.previous.outputs.cache-hit != 'true' | |
uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
if: steps.previous.outputs.cache-hit != 'true' | |
with: | |
go-version: ${{ matrix.go }} | |
- name: Cache Integration Assets | |
if: steps.previous.outputs.cache-hit != 'true' | |
uses: actions/cache@v4 | |
with: | |
key: integration-assets-${{ hashFiles('**/*_test.go') }} | |
restore-keys: | | |
integration-assets- | |
path: | | |
~/.cache/clair-testing | |
- name: Tests | |
run: | | |
if test -f ~/ok-by-run; then | |
echo "::notice title=Commit Previously Passed::See $(cat ~/ok-by-run) (cache key 'commit-ok-${{ matrix.go }}-${{ github.sha }}')" | |
exit 0 | |
fi | |
printf '%s/%s/actions/runs/%s/attempts/%s\n'\ | |
"${GITHUB_SERVER_URL}" "${GITHUB_REPOSITORY}" "${GITHUB_RUN_ID}" "${GITHUB_RUN_ATTEMPT}"\ | |
> ~/ok-by-run | |
find . -name .git -prune -o -name testdata -prune -o -name go.mod -printf '%h\n' | | |
while read -r dir; do ( | |
cd "$dir" | |
go list -m | |
go mod download | |
go test -race ${RUNNER_DEBUG:+-v} "-coverprofile=${{ runner.temp }}/$(go list -m | tr / _).codecov.out" -covermode=atomic ./... | |
); done | |
- name: Codecov | |
if: >- | |
steps.previous.outputs.cache-hit != 'true' && | |
success() && | |
strategy.job-index == 0 | |
uses: codecov/codecov-action@v4 | |
with: | |
directory: ${{ runner.temp }} | |
override_branch: ${{ github.ref_name }} | |
- name: Database Logs | |
if: failure() || env.RUNNER_DEBUG == 1 | |
run: | | |
sudo -u postgres psql -c 'SELECT version();' | |
sudo journalctl --unit postgresql.service --boot -0 | |
ls /var/log/postgresql/postgresql-*.log | |
sudo cat /var/log/postgresql/postgresql-*.log |