aboutsummaryrefslogtreecommitdiffstats
path: root/.github
diff options
context:
space:
mode:
authorJessica Wagantall <jwagantall@linuxfoundation.org>2024-10-03 09:08:35 -0700
committerJessica Wagantall <jwagantall@linuxfoundation.org>2024-10-03 09:08:55 -0700
commit2686ec95a09bafa2846860d403516f89cb2ed0c0 (patch)
tree8cd9f35488f87275ca42e20705b05742312212b3 /.github
parent89bfabfda2afeeedd1e6cdcba41705469d406f48 (diff)
Revert "CI: Add test (silent) checkov scan as part of the verify process"
This reverts commit c8e2b3383830395bb4bc37371a9c6119a316cb53. Issue-ID: CIMAN-33 Change-Id: I5120097ad05394e3667a868c4b7edd44ef1aa070 Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/gerrit-verify.yaml151
1 files changed, 0 insertions, 151 deletions
diff --git a/.github/workflows/gerrit-verify.yaml b/.github/workflows/gerrit-verify.yaml
deleted file mode 100644
index 91849215af..0000000000
--- a/.github/workflows/gerrit-verify.yaml
+++ /dev/null
@@ -1,151 +0,0 @@
----
-name: Call Gerrit Verify
-
-# yamllint disable-line rule:truthy
-on:
- workflow_dispatch:
- inputs:
- GERRIT_BRANCH:
- description: "Branch that change is against"
- required: true
- type: string
- GERRIT_CHANGE_ID:
- description: "The ID for the change"
- required: true
- type: string
- GERRIT_CHANGE_NUMBER:
- description: "The Gerrit number"
- required: true
- type: string
- GERRIT_CHANGE_URL:
- description: "URL to the change"
- required: true
- type: string
- GERRIT_EVENT_TYPE:
- description: "Type of Gerrit event"
- required: true
- type: string
- GERRIT_PATCHSET_NUMBER:
- description: "The patch number for the change"
- required: true
- type: string
- GERRIT_PATCHSET_REVISION:
- description: "The revision sha"
- required: true
- type: string
- GERRIT_PROJECT:
- description: "Project in Gerrit"
- required: true
- type: string
- GERRIT_REFSPEC:
- description: "Gerrit refspec of change"
- required: true
- type: string
- secrets:
- GERRIT_SSH_PRIVKEY:
- description: "SSH Key for the authorized user account"
- required: true
-
-concurrency:
- # yamllint disable-line rule:line-length
- group: gerrit-verify-${{ github.workflow }}-${{ github.event.inputs.GERRIT_BRANCH}}-${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }}
- cancel-in-progress: true
-
-jobs:
- prepare:
- runs-on: ubuntu-latest
- steps:
- - name: Clear votes
- # yamllint disable-line rule:line-length
- uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8
- with:
- host: ${{ vars.GERRIT_SERVER }}
- username: ${{ vars.GERRIT_SSH_USER }}
- key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
- known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
- gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
- gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
- vote-type: clear
- comment-only: true
- - name: Allow replication
- run: sleep 10s
-
- actionlint:
- needs: prepare
- runs-on: ubuntu-latest
- steps:
- - name: Gerrit Checkout
- # yamllint disable-line rule:line-length
- uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
- with:
- gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
- gerrit-project: ${{ inputs.GERRIT_PROJECT }}
- gerrit-url: ${{ vars.GERRIT_URL }}
- delay: "0s"
- - name: Download actionlint
- id: get_actionlint
- # yamllint disable-line rule:line-length
- run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
- shell: bash
- - name: Check workflow files
- run: ${{ steps.get_actionlint.outputs.executable }} -color
- shell: bash
-
- # run pre-commit tox env separately to get use of more parallel processing
- pre-commit:
- needs: prepare
- runs-on: ubuntu-latest
- steps:
- - name: Gerrit Checkout
- # yamllint disable-line rule:line-length
- uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
- with:
- gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
- gerrit-project: ${{ inputs.GERRIT_PROJECT }}
- gerrit-url: ${{ vars.GERRIT_URL }}
- delay: "0s"
- # yamllint disable-line rule:line-length
- - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
- with:
- python-version: "3.11"
- - name: Run static analysis and format checkers
- run: pipx run pre-commit run --all-files --show-diff-on-failure
-
- checkov-scan:
- needs: prepare
- runs-on: ubuntu-latest
- steps:
- - name: Gerrit Checkout
- # yamllint disable-line rule:line-length
- uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
- with:
- gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
- gerrit-project: ${{ inputs.GERRIT_PROJECT }}
- gerrit-url: ${{ vars.GERRIT_URL }}
- delay: "0s"
- submodules: "true"
- - name: Checkov GitHub Action
- uses: bridgecrewio/checkov-action@v12
- with:
- output_format: cli,sarif
- output_file_path: console,results.sarif
-
- vote:
- if: ${{ always() }}
- needs: [prepare, actionlint, pre-commit, checkov-scan]
- runs-on: ubuntu-latest
- steps:
- - name: Get conclusion
- uses: im-open/workflow-conclusion@e4f7c4980600fbe0818173e30931d3550801b992 # v2.2.3
- - name: Set vote
- # yamllint disable-line rule:line-length
- uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8
- with:
- host: ${{ vars.GERRIT_SERVER }}
- username: ${{ vars.GERRIT_SSH_USER }}
- key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
- known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
- gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
- gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
- vote-type: ${{ env.WORKFLOW_CONCLUSION }}
- comment-only: true