Skip to content
Code static analysis

Red Hat Konflux purge runtime-minimal-ubi9-python-3-11 #2370

Sign in to view logs

Red Hat Konflux purge runtime-minimal-ubi9-python-3-11

Red Hat Konflux purge runtime-minimal-ubi9-python-3-11 #2370

Workflow file for this run

.github/workflows/code-quality.yaml at 0b497b5
---
name: Code static analysis
on: # yamllint disable-line rule:truthy
push:
pull_request:
workflow_dispatch:
permissions:
contents: read
jobs:
check-generated-code:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Rerun all code generators we have
run: bash ci/generate_code.sh
- name: Check there aren't any modified files present
run: |
clean=$(git status --porcelain)
if [[ -z "$clean" ]]; then
echo "Empty git status --porcelain: $clean"
else
echo "::error::Please run 'bash ci/generate_code.sh' (the command from the previous step), commit the changed files locally, and push again."
echo "Uncommitted file changes detected: $clean"
git diff
exit 1
fi
pytest-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# https://github.com/astral-sh/setup-uv
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v5
with:
version: "latest"
python-version: "3.12"
enable-cache: true
cache-dependency-glob: "uv.lock"
pyproject-file: "pyproject.toml"
- name: Check uv is installed correctly
run: uv version
- name: Install deps
run: uv sync --locked
# https://github.com/pre-commit/action
- name: Run pre-commit on all files
run: |
uv run pre-commit run --all-files
- run: uv run pytest
code-static-analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Do not check secrets, they are encrypted
run: rm -rf ./ci/secrets
- name: Validate YAML files (best code practices check included)
id: validate-yaml-files
run: |
type yamllint || sudo apt-get -y install yamllint
find . -name "*.yaml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml
find . -name "*.yml" | xargs yamllint --strict --config-file ./ci/yamllint-config.yaml
# In some YAML files we use JSON strings, let's check these
- name: Validate JSON strings in YAML files (just syntax)
id: validate-json-strings-in-yaml-files
run: |
type json_verify || sudo apt-get -y install yajl-tools
bash ./ci/check-json.sh
- name: Validate JSON files (just syntax)
id: validate-json-files
run: |
set -Eeuxo pipefail
type json_verify || sudo apt-get -y install yajl-tools
shopt -s globstar
ret_code=0
echo "-- Checking a regular '*.json' files"
for f in **/*.json; do echo "Checking: '${f}"; echo -n " > "; [[ "$(basename "$f")" == "tsconfig.json" ]] && echo "Skipping ${f}" && continue; cat $f | json_verify || ret_code=1; done
echo "-- Checking a 'Pipfile.lock' files"
for f in **/Pipfile.lock; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done
echo "-- Checking a '*.ipynb' Jupyter notebook files"
for f in **/*.ipynb; do echo "Checking: '${f}"; echo -n " > "; cat $f | json_verify || ret_code=1; done
if test "${ret_code}" -ne 0; then
echo "There were errors in some of the checked files. Please run `json_verify` on such files and fix issues there."
fi
exit "${ret_code}"
- name: Validate Dockerfiles
id: validate-dockerfiles
run: |
type hadolint || sudo apt-get -y install wget \
&& wget --output-document=hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 \
&& chmod a+x hadolint
echo "Starting Hadolint"
find . -name "Dockerfile*" | xargs ./hadolint --config ./ci/hadolint-config.yaml
echo "Hadolint done"
# This simply checks that the manifests and respective kustomization.yaml finishes without an error.
- name: Check kustomize manifest
id: kustomize-manifests
run: |
./ci/kustomize.sh