mirror of
https://github.com/hashicorp/vault.git
synced 2026-01-08 02:01:38 +01:00
94b4d7ca17
* actions: use self-hosted runners in hashicorp/vault While it is recommended that we use self-hosted runners for every workflow in private and internal accounts, this change was primarily motivated by different runner types using different cache paths. By using the same runner type everywhere we can avoid double caches of the internal Vault tools. * disable the terraform wrapper in ci-bootstrap to handle updated action Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
111 lines
4.4 KiB
YAML
111 lines
4.4 KiB
YAML
name: Run linters
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, ready_for_review]
|
|
push:
|
|
branches:
|
|
- main
|
|
- release/**
|
|
|
|
concurrency:
|
|
group: ${{ github.head_ref || github.run_id }}-lint
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
setup:
|
|
name: Setup
|
|
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
- name: Ensure Go modules are cached
|
|
uses: ./.github/actions/set-up-go
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
no-restore: true # don't download them on a cache hit
|
|
- uses: ./.github/actions/install-tools
|
|
name: Ensure Vault tools are cached
|
|
with:
|
|
no-restore: true # don't download them on a cache hit
|
|
|
|
deprecations:
|
|
name: Deprecated functions
|
|
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
|
|
needs: setup
|
|
if: github.base_ref == 'main'
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
fetch-depth: 0
|
|
- uses: ./.github/actions/set-up-go
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
- uses: ./.github/actions/install-tools # for staticcheck
|
|
- run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com
|
|
- run: make ci-deprecations
|
|
name: Check deprecations
|
|
|
|
codechecker:
|
|
name: Code checks
|
|
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
|
|
needs: setup
|
|
if: github.base_ref == 'main'
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
fetch-depth: 0
|
|
- uses: ./.github/actions/set-up-go
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
- uses: ./.github/actions/install-tools # for buf
|
|
- run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com
|
|
# Note: if there is a function we want to ignore the nilnil check for,
|
|
# You can add 'ignore-nil-nil-function-check' somewhere in the
|
|
# godoc for the function.
|
|
- run: make ci-vet-codechecker
|
|
name: Check custom linters
|
|
- run: make protolint
|
|
name: Protobuf lint
|
|
|
|
generate-delta:
|
|
name: Protobuf generate delta
|
|
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
|
|
needs: setup
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
- uses: ./.github/actions/set-up-go
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
- uses: ./.github/actions/install-tools # for buf and protoc-*
|
|
- run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com
|
|
- name: Check generate delta
|
|
run: make prep check-proto-delta
|
|
|
|
format:
|
|
name: Format
|
|
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
|
|
needs: setup
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
- uses: ./.github/actions/set-up-go
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
- uses: ./.github/actions/install-tools # for buf and gofumpt
|
|
- run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com
|
|
- name: Go format
|
|
run: make prep check-go-fmt
|
|
- name: Protobuf format
|
|
run: |
|
|
echo "Using buf version $(buf --version)"
|
|
make check-proto-fmt
|
|
|
|
semgrep:
|
|
name: Semgrep
|
|
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
|
|
container:
|
|
image: returntocorp/semgrep@sha256:cfad18cfb6536aa48ad5a71017207a10320b4e17e3b2bd7b7de27b42dc9651e7 #v1.58
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
- name: Run Semgrep Rules
|
|
run: semgrep ci --include '*.go' --config 'tools/semgrep/ci'
|