Skip to content
CI

chore(deps): update actions/create-github-app-token action to v3 #312

Sign in to view logs

chore(deps): update actions/create-github-app-token action to v3

chore(deps): update actions/create-github-app-token action to v3 #312

Workflow file for this run

.github/workflows/ci.yml at 44cfce6
name: CI
on:
pull_request:
types: [opened, synchronize, reopened]
push:
branches: [ main, dev ]
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.x'
- name: Install yamllint
run: pip install yamllint
- name: Find and run yamllint on compose files
run: |
set -euo pipefail
files=$(git ls-files "**/docker-compose*.yml" "**/docker-compose*.yaml" || true)
if [ -n "$files" ]; then
echo "$files" | xargs yamllint
else
echo "No compose files found"
fi
trivy-scan:
needs: [lint]
name: Filesystem scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Trivy scan
uses: aquasecurity/trivy-action@v0.36.0
with:
format: 'table'
scan-type: 'fs'
severity: 'HIGH,CRITICAL'
exit-code: '1'
ignore-unfixed: true
stack-sync-check:
needs: [lint]
name: Stack drift check
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.x'
- name: Install PyYAML
run: pip install PyYAML
- name: Check stacks are in sync with compose sources
run: python3 tools/generate_stacks.py --output-dir /tmp/stacks-check
- name: Diff generated vs committed stacks
run: |
drift=0
for stack in infrastructure observability platform; do
if ! diff -q "/tmp/stacks-check/${stack}.yml" "stacks/${stack}.yml" >/dev/null 2>&1; then
echo "DRIFT: stacks/${stack}.yml is out of sync"
diff "stacks/${stack}.yml" "/tmp/stacks-check/${stack}.yml" || true
drift=1
else
echo "OK: stacks/${stack}.yml"
fi
done
if [ "$drift" -eq 1 ]; then
echo ""
echo "Run './stackctl.sh generate' and commit the result."
exit 1
fi