diff --git a/.github/actions/git-dirty-check/action.yaml b/.github/actions/git-dirty-check/action.yaml new file mode 100644 index 0000000000..68314cac26 --- /dev/null +++ b/.github/actions/git-dirty-check/action.yaml @@ -0,0 +1,32 @@ +name: 'Git dirty check' +description: 'Check if git is not dirty after generating artifacts' + +inputs: + package-name: + required: true + description: Name of the package (folder) for checking git status + +runs: + using: 'composite' + steps: + - run: git diff --no-ext-diff --exit-code + id: git-dirty-check + shell: bash + - uses: marocchino/sticky-pull-request-comment@v2 + if: failure() && steps.git-dirty-check.outcome == 'failure' + with: + header: git-dirty-check-${{ inputs.package-name }} + hide_and_recreate: true + message: | + # ${{ inputs.package-name }} - uncommitted changes detected + + Seems like you forgot to commit some code. Possible causes: + * Generated code not part of the PR, fix with: `make generate` and commit the changes + * Dependency mismatch for tools (protoc, etc). Ensure your local machine has same versions of tools as CI does + * Formatting drift, fix with `make format ${{ inputs.package-name }}` / `pnpm format ${{ inputs.package-name }}` + + - uses: marocchino/sticky-pull-request-comment@v2 + if: success() && steps.git-dirty-check.outcome == 'success' + with: + header: git-dirty-check-${{ inputs.package-name }} + delete: true diff --git a/.github/actions/image-scan/action.yaml b/.github/actions/image-scan/action.yaml index 28a4af3b18..8321ef083c 100644 --- a/.github/actions/image-scan/action.yaml +++ b/.github/actions/image-scan/action.yaml @@ -23,7 +23,7 @@ runs: uses: aquasecurity/trivy-action@0.34.1 id: scan with: - version: v0.58.0 + version: v0.69.3 image-ref: ${{ inputs.image_ref }} ignore-unfixed: true exit-code: 1 diff --git a/.github/workflows/aws-lambda-router-ci.yaml b/.github/workflows/aws-lambda-router-ci.yaml index d012ce27b0..2d4e7aa8eb 100644 --- a/.github/workflows/aws-lambda-router-ci.yaml +++ b/.github/workflows/aws-lambda-router-ci.yaml @@ -34,8 +34,9 @@ jobs: - name: Generate code run: make generate-go - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: aws-lambda-router - name: Install dependencies working-directory: ./aws-lambda-router diff --git a/.github/workflows/cli-ci.yaml b/.github/workflows/cli-ci.yaml index dc3ede95bc..b632e711b3 100644 --- a/.github/workflows/cli-ci.yaml +++ b/.github/workflows/cli-ci.yaml @@ -37,8 +37,9 @@ jobs: - name: Generate router templates run: pnpm --filter ./cli compile-templates - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: cli - name: Build Node.js NPM Package run: pnpm --filter ./cli --filter ./connect --filter ./shared --filter ./composition --filter ./protographic run build @@ -119,4 +120,4 @@ jobs: run: exit 0 - name: 'Some tests failed' if: ${{ contains(needs.*.result, 'failure') }} - run: exit 1 \ No newline at end of file + run: exit 1 diff --git a/.github/workflows/composition-ci.yaml b/.github/workflows/composition-ci.yaml index cdc8ae4fea..86e1e4d671 100644 --- a/.github/workflows/composition-ci.yaml +++ b/.github/workflows/composition-ci.yaml @@ -38,8 +38,9 @@ jobs: run: ./generate.sh working-directory: composition-go - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: composition-go - name: Build run: pnpm run --filter ./composition --filter ./connect --filter ./shared build @@ -81,4 +82,4 @@ jobs: composition-go/coverage_normal.out composition-go/coverage_v8.out retention-days: 14 - codecov-token: ${{ secrets.CODECOV_TOKEN }} \ No newline at end of file + codecov-token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/connect-go-ci.yaml b/.github/workflows/connect-go-ci.yaml index 21f0aab1b3..0e7a36285c 100644 --- a/.github/workflows/connect-go-ci.yaml +++ b/.github/workflows/connect-go-ci.yaml @@ -26,5 +26,6 @@ jobs: - name: Generate code run: make generate-go - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: connect-go diff --git a/.github/workflows/controlplane-ci.yaml b/.github/workflows/controlplane-ci.yaml index 57b1224b91..8a6a838726 100644 --- a/.github/workflows/controlplane-ci.yaml +++ b/.github/workflows/controlplane-ci.yaml @@ -66,8 +66,9 @@ jobs: - name: Generate email templates run: pnpm run --filter ./controlplane/emails build - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: controlplane - name: Build run: pnpm run --filter ./controlplane --filter ./connect --filter ./shared --filter ./composition --filter ./protographic build diff --git a/.github/workflows/graphqlmetrics-ci.yaml b/.github/workflows/graphqlmetrics-ci.yaml index 15daea0dd7..8ac7b02821 100644 --- a/.github/workflows/graphqlmetrics-ci.yaml +++ b/.github/workflows/graphqlmetrics-ci.yaml @@ -46,8 +46,9 @@ jobs: - name: Generate code run: rm -rf graphqlmetrics/gen && buf generate --path proto/wg/cosmo/graphqlmetrics --path proto/wg/cosmo/common --template buf.graphqlmetrics.go.gen.yaml - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: graphqlmetrics - name: Install dependencies working-directory: ./graphqlmetrics diff --git a/.github/workflows/playground-ci.yaml b/.github/workflows/playground-ci.yaml index 8815ef2e93..ef1c120e13 100644 --- a/.github/workflows/playground-ci.yaml +++ b/.github/workflows/playground-ci.yaml @@ -29,8 +29,9 @@ jobs: - name: Build for router run: pnpm run --filter ./playground build:router - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: playground - name: Build as plugin run: pnpm run --filter ./playground build diff --git a/.github/workflows/protographic.yaml b/.github/workflows/protographic.yaml index fba042714b..6eadfdbc52 100644 --- a/.github/workflows/protographic.yaml +++ b/.github/workflows/protographic.yaml @@ -29,8 +29,9 @@ jobs: - name: Generate code run: pnpm generate - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: protographic - name: Build run: pnpm run --filter ./connect --filter ./composition --filter ./protographic build diff --git a/.github/workflows/router-ci.yaml b/.github/workflows/router-ci.yaml index 8648c76504..31396301ac 100644 --- a/.github/workflows/router-ci.yaml +++ b/.github/workflows/router-ci.yaml @@ -65,8 +65,9 @@ jobs: - name: Generate code run: make generate-go - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: router - name: Install dependencies working-directory: ./router diff --git a/.github/workflows/studio-ci.yaml b/.github/workflows/studio-ci.yaml index 9862b4339e..0cb3c8a60e 100644 --- a/.github/workflows/studio-ci.yaml +++ b/.github/workflows/studio-ci.yaml @@ -43,8 +43,9 @@ jobs: - name: Generate code run: pnpm buf generate --template buf.ts.gen.yaml - - name: Check if git is not dirty after generating files - run: git diff --no-ext-diff --exit-code + - uses: ./.github/actions/git-dirty-check + with: + package-name: studio - name: Build run: pnpm run --filter ./studio --filter ./connect --filter ./shared --filter ./composition build diff --git a/trivy.yaml b/trivy.yaml index 0c7f01a0fa..be0f5d558b 100644 --- a/trivy.yaml +++ b/trivy.yaml @@ -1 +1,4 @@ ignorefile: .trivyignore.yaml +db: + repositories: + - ghcr.io/aquasecurity/trivy-db:2