diff options
author | Jessica Wagantall <jwagantall@linuxfoundation.org> | 2024-10-03 09:08:35 -0700 |
---|---|---|
committer | Jessica Wagantall <jwagantall@linuxfoundation.org> | 2024-10-03 09:08:55 -0700 |
commit | 2686ec95a09bafa2846860d403516f89cb2ed0c0 (patch) | |
tree | 8cd9f35488f87275ca42e20705b05742312212b3 /.github | |
parent | 89bfabfda2afeeedd1e6cdcba41705469d406f48 (diff) |
Revert "CI: Add test (silent) checkov scan as part of the verify process"
This reverts commit c8e2b3383830395bb4bc37371a9c6119a316cb53.
Issue-ID: CIMAN-33
Change-Id: I5120097ad05394e3667a868c4b7edd44ef1aa070
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/gerrit-verify.yaml | 151 |
1 files changed, 0 insertions, 151 deletions
diff --git a/.github/workflows/gerrit-verify.yaml b/.github/workflows/gerrit-verify.yaml deleted file mode 100644 index 91849215af..0000000000 --- a/.github/workflows/gerrit-verify.yaml +++ /dev/null @@ -1,151 +0,0 @@ ---- -name: Call Gerrit Verify - -# yamllint disable-line rule:truthy -on: - workflow_dispatch: - inputs: - GERRIT_BRANCH: - description: "Branch that change is against" - required: true - type: string - GERRIT_CHANGE_ID: - description: "The ID for the change" - required: true - type: string - GERRIT_CHANGE_NUMBER: - description: "The Gerrit number" - required: true - type: string - GERRIT_CHANGE_URL: - description: "URL to the change" - required: true - type: string - GERRIT_EVENT_TYPE: - description: "Type of Gerrit event" - required: true - type: string - GERRIT_PATCHSET_NUMBER: - description: "The patch number for the change" - required: true - type: string - GERRIT_PATCHSET_REVISION: - description: "The revision sha" - required: true - type: string - GERRIT_PROJECT: - description: "Project in Gerrit" - required: true - type: string - GERRIT_REFSPEC: - description: "Gerrit refspec of change" - required: true - type: string - secrets: - GERRIT_SSH_PRIVKEY: - description: "SSH Key for the authorized user account" - required: true - -concurrency: - # yamllint disable-line rule:line-length - group: gerrit-verify-${{ github.workflow }}-${{ github.event.inputs.GERRIT_BRANCH}}-${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }} - cancel-in-progress: true - -jobs: - prepare: - runs-on: ubuntu-latest - steps: - - name: Clear votes - # yamllint disable-line rule:line-length - uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8 - with: - host: ${{ vars.GERRIT_SERVER }} - username: ${{ vars.GERRIT_SSH_USER }} - key: ${{ secrets.GERRIT_SSH_PRIVKEY }} - known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }} - gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} - gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} - vote-type: clear - comment-only: true - - name: Allow replication - run: sleep 10s - - actionlint: - needs: prepare - runs-on: ubuntu-latest - steps: - - name: Gerrit Checkout - # yamllint disable-line rule:line-length - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 - with: - gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} - gerrit-project: ${{ inputs.GERRIT_PROJECT }} - gerrit-url: ${{ vars.GERRIT_URL }} - delay: "0s" - - name: Download actionlint - id: get_actionlint - # yamllint disable-line rule:line-length - run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) - shell: bash - - name: Check workflow files - run: ${{ steps.get_actionlint.outputs.executable }} -color - shell: bash - - # run pre-commit tox env separately to get use of more parallel processing - pre-commit: - needs: prepare - runs-on: ubuntu-latest - steps: - - name: Gerrit Checkout - # yamllint disable-line rule:line-length - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 - with: - gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} - gerrit-project: ${{ inputs.GERRIT_PROJECT }} - gerrit-url: ${{ vars.GERRIT_URL }} - delay: "0s" - # yamllint disable-line rule:line-length - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 - with: - python-version: "3.11" - - name: Run static analysis and format checkers - run: pipx run pre-commit run --all-files --show-diff-on-failure - - checkov-scan: - needs: prepare - runs-on: ubuntu-latest - steps: - - name: Gerrit Checkout - # yamllint disable-line rule:line-length - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 - with: - gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} - gerrit-project: ${{ inputs.GERRIT_PROJECT }} - gerrit-url: ${{ vars.GERRIT_URL }} - delay: "0s" - submodules: "true" - - name: Checkov GitHub Action - uses: bridgecrewio/checkov-action@v12 - with: - output_format: cli,sarif - output_file_path: console,results.sarif - - vote: - if: ${{ always() }} - needs: [prepare, actionlint, pre-commit, checkov-scan] - runs-on: ubuntu-latest - steps: - - name: Get conclusion - uses: im-open/workflow-conclusion@e4f7c4980600fbe0818173e30931d3550801b992 # v2.2.3 - - name: Set vote - # yamllint disable-line rule:line-length - uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8 - with: - host: ${{ vars.GERRIT_SERVER }} - username: ${{ vars.GERRIT_SSH_USER }} - key: ${{ secrets.GERRIT_SSH_PRIVKEY }} - known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }} - gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} - gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} - vote-type: ${{ env.WORKFLOW_CONCLUSION }} - comment-only: true |