mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
eeadde0c86
Ubuntu 22.04 is over 3 years old and therefore ships with quite an old kernel. Our production VMs (for relays) all run Ubuntu 24.04 so it makes sense to build and test them on the same kernel / OS release. For consistency reasons, we therefore bump all runners to 24.04.
101 lines
3.5 KiB
YAML
101 lines
3.5 KiB
YAML
name: Static Analysis
|
|
on:
|
|
workflow_call:
|
|
pull_request:
|
|
types: [edited]
|
|
|
|
jobs:
|
|
pr-lint:
|
|
if: github.event_name == 'pull_request'
|
|
runs-on: ubuntu-24.04
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
permissions:
|
|
pull-requests: read
|
|
steps:
|
|
- name: Enforce PR title length <= 64
|
|
# Don't run for Dependabot PRs
|
|
if: ${{ !contains(github.event.pull_request.head.label, 'dependabot') }}
|
|
env:
|
|
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
|
|
REPOSITORY_NAME: ${{ github.repository }}
|
|
run: |
|
|
PR_TITLE=$(gh pr view "$PULL_REQUEST_NUMBER" --repo "$REPOSITORY_NAME" --json title -q '.title')
|
|
|
|
pr_title_length=${#PR_TITLE}
|
|
|
|
# 64 instead of 72 because GitHub adds the PR number to the title
|
|
if [ "$pr_title_length" -gt 64 ]; then
|
|
echo "PR title too long. Please keep it under 64 characters."
|
|
exit 1
|
|
fi
|
|
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 #v5.5.3
|
|
|
|
version-check:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Check version is up to date
|
|
run: |
|
|
./scripts/bump-versions.sh
|
|
if [ -z "$(git status --porcelain)" ]; then
|
|
# Working directory clean
|
|
echo "Version manifests up to date"
|
|
else
|
|
# Uncommitted changes
|
|
echo "'scripts/bump-versions.sh' found outdated files! Showing diff"
|
|
git diff
|
|
exit 1
|
|
fi
|
|
|
|
link-check:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1
|
|
with:
|
|
fail: true
|
|
args: --offline --verbose --no-progress **/*.md
|
|
|
|
actionlint:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: raven-actions/actionlint@3a24062651993d40fed1019b58ac6fbdfbf276cc # v2.0.1
|
|
|
|
global-linter:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
|
with:
|
|
python-version: "3.11"
|
|
- uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
|
|
name: Restore Python Cache
|
|
id: cache
|
|
with:
|
|
path: ~/.cache/pip
|
|
key: ubuntu-24.04-${{ runner.arch }}-pip-${{ hashFiles('.github/requirements.txt') }}
|
|
- name: Install Python Dependencies
|
|
run: |
|
|
pip install -r .github/requirements.txt
|
|
- uses: ./.github/actions/setup-node
|
|
with:
|
|
npmjs-token: ${{ secrets.NPMJS_TOKEN }}
|
|
lockfile-dir: ./.github
|
|
- name: Install dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y shfmt
|
|
pnpm i --frozen-lockfile --dir ./.github
|
|
- name: Run pre-commit
|
|
run: |
|
|
pre-commit install --config .github/pre-commit-config.yaml
|
|
SKIP=no-commit-to-branch pre-commit run --all-files --config .github/pre-commit-config.yaml
|
|
- uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
|
|
if: ${{ steps.cache.outputs.cache-hit != 'true'}}
|
|
name: Save Python Cache
|
|
with:
|
|
path: ~/.cache/pip
|
|
key: ${{ steps.cache.outputs.cache-primary-key }}
|