Add file integrity checks to CI workflow #2122
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| jobs: | |
| check-integrity: | |
| name: Check integrity | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: 1.20.7 | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Check Go modules dependency file integrity | |
| run: | | |
| for module_file in $(find . -type f -name go.mod); do | |
| module=$(dirname $module_file) | |
| cd "$module" | |
| go mod tidy | |
| if [ "$(git status --porcelain)" != "" ]; then | |
| printf >&2 '\n`go mod tidy` in module `%s` results in a dirty state, Go mod files are not in sync with the source code files, differences:\n\n%s\n\n' "$module" "$(git diff)" | |
| git reset --hard | |
| exit 1 | |
| fi | |
| cd - > /dev/null | |
| done | |
| - name: Check generated file integrity | |
| run: | | |
| make generate manifests | |
| git status --porcelain | |
| git version | |
| if [ "$(git status --porcelain)" != "" ]; then | |
| printf >&2 '\n`make generate and manifests` results in a dirty state, generated files are not in sync with the source code files, differences:\n\n%s\n\n' "$(git diff)" | |
| git reset --hard | |
| exit 1 | |
| fi | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: 1.20.7 | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: License cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: .licensei.cache | |
| key: license-v1-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| license-v1- | |
| - name: Download license information for dependencies | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: make license-cache | |
| - name: Vendor dependencies to retrieve licenses locally | |
| # Vendor deps before running https://github.com/goph/licensei | |
| # to avoid false-positive when modules github repo could not be determined | |
| run: go mod vendor | |
| - name: Check licenses | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: make license-check | |
| - name: Check license header | |
| env: | |
| GOTEMPLATE_DEBUG: true | |
| GOTEMPLATE_INTERNAL_LOG_LEVEL: debug | |
| GOTEMPLATE_TEMPLATE_LOG_LEVEL: debug | |
| run: make license-header-check | |
| - name: Build | |
| run: | | |
| make generate | |
| - name: Lint | |
| run: | | |
| make lint | |
| - name: Run tests | |
| run: | | |
| make test |