From de0f393f6901863cb2a79fdfb0a054f052b9362c Mon Sep 17 00:00:00 2001
From: Matthew Baggett <matthew@baggett.me>
Date: Sat, 18 May 2024 19:59:54 +0200
Subject: [PATCH] To the tune of "shots": Tests, Tests, Tests, Tests, Tests!
---
.actrc | 6 ++++
.github/workflows/test.yml | 56 ++++++++++++++++++++++++++++++
.github/workflows/trunk.cache.yml | 31 +++++++++++++++++
.github/workflows/trunk.check.yml | 28 +++++++++++++++
.gitignore | 3 +-
.trunk/.gitignore | 9 +++++
.trunk/configs/.checkov.yaml | 3 ++
.trunk/configs/.hadolint.yaml | 3 ++
.trunk/configs/.markdownlint.yaml | 10 ++++++
.trunk/configs/.markdownlintignore | 1 +
.trunk/configs/.shellcheck | 0
.trunk/configs/.shellcheckrc | 6 ++++
.trunk/configs/.yamllint.yaml | 15 ++++++++
.trunk/trunk.yaml | 37 ++++++++++++++++++++
action.yml | 29 ++++++++++++----
15 files changed, 229 insertions(+), 8 deletions(-)
create mode 100644 .actrc
create mode 100644 .github/workflows/test.yml
create mode 100644 .github/workflows/trunk.cache.yml
create mode 100644 .github/workflows/trunk.check.yml
create mode 100644 .trunk/.gitignore
create mode 100644 .trunk/configs/.checkov.yaml
create mode 100644 .trunk/configs/.hadolint.yaml
create mode 100644 .trunk/configs/.markdownlint.yaml
create mode 100644 .trunk/configs/.markdownlintignore
create mode 100644 .trunk/configs/.shellcheck
create mode 100644 .trunk/configs/.shellcheckrc
create mode 100644 .trunk/configs/.yamllint.yaml
create mode 100644 .trunk/trunk.yaml
diff --git a/.actrc b/.actrc
new file mode 100644
index 0000000..f81e275
--- /dev/null
+++ b/.actrc
@@ -0,0 +1,6 @@
+--use-new-action-cache
+--platform self-hosted=ghcr.io/catthehacker/ubuntu:act-latest
+--platform ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest
+--platform ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04
+--platform ubuntu-20.04=ghcr.io/catthehacker/ubuntu:act-20.04
+--platform ubuntu-18.04=ghcr.io/catthehacker/ubuntu:act-18.04
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..5d592be
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,56 @@
+name: Test
+
+permissions: read-all
+
+on:
+ push:
+
+concurrency:
+ group: ${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+jobs:
+ test-no-composer-file:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: ./.
+ - run: |
+ # Verify that PHP is available
+ if ! command -v php; then
+ echo "PHP is not available"
+ exit 1
+ fi
+ # Verify composer made it too.
+ if ! command -v composer; then
+ echo "Composer is not available"
+ exit 1
+ fi
+ # PHP Version is 8.3 or greater
+ if [ "$(php -r 'echo PHP_VERSION_ID;')" -lt 80300 ]; then
+ echo "PHP Version is less than 8.3"
+ exit 1
+ fi
+ test-with-composer-file:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - run: |
+ echo '{"require": {"php": ">=7.4"}}' > composer.json
+ - uses: ./.
+ - run: |
+ # Verify that PHP is available
+ if ! command -v php; then
+ echo "PHP is not available"
+ exit 1
+ fi
+ # Verify composer made it too.
+ if ! command -v composer; then
+ echo "Composer is not available"
+ exit 1
+ fi
+ # PHP Version is equal to 7.4
+ if [ "$(php -r 'echo PHP_VERSION_ID;')" -gte 70400 && "$(php -r 'echo PHP_VERSION_ID;')" -lt 70500 ]; then
+ echo "PHP Version is not 7.4. Got $(php -r 'echo PHP_VERSION_ID;') instead of between 70400-70500"
+ exit 1
+ fi
diff --git a/.github/workflows/trunk.cache.yml b/.github/workflows/trunk.cache.yml
new file mode 100644
index 0000000..97daa79
--- /dev/null
+++ b/.github/workflows/trunk.cache.yml
@@ -0,0 +1,31 @@
+name: "Quality Control: Trunk Cache"
+
+permissions: read-all
+
+on:
+ workflow_call:
+ workflow_dispatch:
+ push:
+ branches:
+ - main
+ paths:
+ - .trunk/trunk.yaml
+ schedule:
+ - cron: "0 9 * * 1" # 9am Tooling Monday
+
+concurrency:
+ group: ${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+jobs:
+ trunk-cache:
+ name: Trunk Cache
+ runs-on: ubuntu-latest
+ permissions:
+ actions: write
+ steps:
+ - uses: actions/checkout@v4
+ - name: "Trunk Cache"
+ uses: trunk-io/trunk-action@v1
+ with:
+ check-mode: populate_cache_only
diff --git a/.github/workflows/trunk.check.yml b/.github/workflows/trunk.check.yml
new file mode 100644
index 0000000..0d9c7e8
--- /dev/null
+++ b/.github/workflows/trunk.check.yml
@@ -0,0 +1,28 @@
+name: "Quality Control: Trunk Check"
+
+permissions: read-all
+
+on:
+ workflow_call:
+ workflow_dispatch:
+ push:
+ branches:
+ - main
+ schedule:
+ - cron: "0 11 * * 2" # 11am Patch Tuesday
+
+concurrency:
+ group: ${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+jobs:
+ trunk-check:
+ name: Trunk Check Runner
+ runs-on: ubuntu-latest
+ permissions:
+ checks: write # For trunk to post annotations
+ contents: read # For repo checkout
+ steps:
+ - uses: actions/checkout@v4
+ - name: "Trunk Check"
+ uses: trunk-io/trunk-action@v1
diff --git a/.gitignore b/.gitignore
index 723ef36..571d92f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-.idea
\ No newline at end of file
+/.idea
+/.secrets
\ No newline at end of file
diff --git a/.trunk/.gitignore b/.trunk/.gitignore
new file mode 100644
index 0000000..15966d0
--- /dev/null
+++ b/.trunk/.gitignore
@@ -0,0 +1,9 @@
+*out
+*logs
+*actions
+*notifications
+*tools
+plugins
+user_trunk.yaml
+user.yaml
+tmp
diff --git a/.trunk/configs/.checkov.yaml b/.trunk/configs/.checkov.yaml
new file mode 100644
index 0000000..8331ca9
--- /dev/null
+++ b/.trunk/configs/.checkov.yaml
@@ -0,0 +1,3 @@
+---
+skip-check:
+ - CKV_SECRET_* # Skip all checks that start with CKV_SECRET, we already have gitleaks doing this.
diff --git a/.trunk/configs/.hadolint.yaml b/.trunk/configs/.hadolint.yaml
new file mode 100644
index 0000000..d700141
--- /dev/null
+++ b/.trunk/configs/.hadolint.yaml
@@ -0,0 +1,3 @@
+ignored:
+ - DL3006
+ - DL3008
diff --git a/.trunk/configs/.markdownlint.yaml b/.trunk/configs/.markdownlint.yaml
new file mode 100644
index 0000000..fb94039
--- /dev/null
+++ b/.trunk/configs/.markdownlint.yaml
@@ -0,0 +1,10 @@
+# Autoformatter friendly markdownlint config (all formatting rules disabled)
+default: true
+blank_lines: false
+bullet: false
+html: false
+indentation: false
+line_length: false
+spaces: false
+url: false
+whitespace: false
diff --git a/.trunk/configs/.markdownlintignore b/.trunk/configs/.markdownlintignore
new file mode 100644
index 0000000..bf789ea
--- /dev/null
+++ b/.trunk/configs/.markdownlintignore
@@ -0,0 +1 @@
+LICENCE.md
diff --git a/.trunk/configs/.shellcheck b/.trunk/configs/.shellcheck
new file mode 100644
index 0000000..e69de29
diff --git a/.trunk/configs/.shellcheckrc b/.trunk/configs/.shellcheckrc
new file mode 100644
index 0000000..8cc03cd
--- /dev/null
+++ b/.trunk/configs/.shellcheckrc
@@ -0,0 +1,6 @@
+enable=all
+source-path=SCRIPTDIR
+
+# If you're having issues with shellcheck following source, disable the errors via:
+# disable=SC1090
+# disable=SC1091
diff --git a/.trunk/configs/.yamllint.yaml b/.trunk/configs/.yamllint.yaml
new file mode 100644
index 0000000..984573e
--- /dev/null
+++ b/.trunk/configs/.yamllint.yaml
@@ -0,0 +1,15 @@
+extends: relaxed
+rules:
+ quoted-strings:
+ required: only-when-needed
+ extra-allowed: ["{|*}"]
+ empty-values:
+ forbid-in-block-mappings: false
+ forbid-in-flow-mappings: false
+ ignore:
+ - .github/workflows/*.yml
+ key-duplicates: {}
+ octal-values:
+ forbid-implicit-octal: true
+ document-start: disable
+ line-length: disable
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
new file mode 100644
index 0000000..f88fc1f
--- /dev/null
+++ b/.trunk/trunk.yaml
@@ -0,0 +1,37 @@
+# This file controls the behavior of Trunk: https://docs.trunk.io/cli
+# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
+version: 0.1
+cli:
+ version: 1.22.1
+# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
+plugins:
+ sources:
+ - id: trunk
+ ref: v1.5.0
+ uri: https://github.com/trunk-io/plugins
+# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
+runtimes:
+ enabled:
+ - node@18.12.1
+ - python@3.10.8
+# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
+lint:
+ disabled:
+ - git-diff-check
+ enabled:
+ - actionlint@1.7.0
+ - checkov@3.2.95
+ - markdownlint@0.40.0
+ - prettier@3.2.5
+ - trivy@0.51.1
+ - trufflehog@3.76.3
+ - yamllint@1.35.1
+actions:
+ enabled:
+ - trunk-announce
+ - trunk-check-pre-push
+ - trunk-fmt-pre-commit
+ - trunk-upgrade-available
+tools:
+ enabled:
+ - act@0.2.62
diff --git a/action.yml b/action.yml
index 20a57e7..f665d58 100644
--- a/action.yml
+++ b/action.yml
@@ -26,7 +26,18 @@ runs:
- id: read-php-version
shell: bash
working-directory: ${{ inputs.working_directory }}
- run: echo "php_version=$(jq -r '.require["php"]' composer.json | sed -E 's/[^0-9.]//g')" >> $GITHUB_OUTPUT
+ run: |
+ # if composer.json exists, set the php_version output
+ if [ -f composer.json ]; then
+ # And that the require php key exists
+ if jq -e '.require["php"]' composer.json > /dev/null; then
+ php_version=$(jq -r '.require["php"]' composer.json | sed -E 's/[^0-9.]//g')
+ echo "Detected PHP version $php_version from composer.json"
+ echo "php_version=$php_version" >> $GITHUB_OUTPUT
+ echo "has_composer=true" >> $GITHUB_OUTPUT
+ exit 0
+ fi
+ fi
- uses: shivammathur/setup-php@v2
with:
php-version: ${{ steps.read-php-version.outputs.php_version }}
@@ -40,27 +51,31 @@ runs:
echo "restore-key=${{ runner.os }}-${{ inputs.working_directory }}-composer-"
} >> $GITHUB_OUTPUT
- id: composer-cache-restore
+ if: ${{ steps.read-php-version.outputs.has_composer }}
uses: actions/cache/restore@v4
with:
path: ${{ steps.composer-cache-find.outputs.dir }}
key: ${{ steps.composer-cache-find.outputs.key
restore-keys: ${{ steps.composer-cache-find.outputs.restore-key }}
- working-directory: ${{ inputs.working_directory }}
+ if: ${{ steps.read-php-version.outputs.has_composer }}
shell: bash
run: composer install --ignore-platform-reqs --prefer-dist
- id: composer-cache-save
+ if: ${{ steps.read-php-version.outputs.has_composer }}
uses: actions/cache/save@v4
with:
- path: ${{ steps.composer-cache-find.outputs.dir }}
- key: ${{ steps.composer-cache-find.outputs.key }}
+ path: ${{ steps.composer-cache-find.outputs.dir }}
+ key: ${{ steps.composer-cache-find.outputs.key }}
- shell: bash
run: |
echo "PHP Version: ${{ steps.read-php-version.outputs.php_version }}"
echo "PHP Tools: ${{ inputs.php_tools }}"
- echo "Composer Cache Dir: ${{ steps.composer-cache-find.outputs.dir }}"
- echo "Composer Cache Key: ${{ steps.composer-cache-find.outputs.key }}"
- echo "Composer Cache Restore Key: ${{ steps.composer-cache-find.outputs.restore-key }}"
+ if [ ${{ steps.read-php-version.outputs.has_composer }} == "true" ]; then
+ echo "Composer Cache Dir: ${{ steps.composer-cache-find.outputs.dir }}"
+ echo "Composer Cache Key: ${{ steps.composer-cache-find.outputs.key }}"
+ echo "Composer Cache Restore Key: ${{ steps.composer-cache-find.outputs.restore-key }}"
+ fi
{
echo "PHP_VERSION=${{ steps.read-php-version.outputs.php_version }}"
} >> $GITHUB_ENV
-