Massive cleanup and move to Composite GitHub Actions (#15)

* Massive cleanup and move to Composite GitHub Actions * Update README with new input names * Use matrix for OS tests * Remove reviewdog_ prefix from action inputs * Use action-local version of reviewdog and tflint * Use just level * Fix Lint label * Fix typo
reviewdog · May 17, 2021 · 418993f · 418993f
1 parent dc57a81
commit 418993f
Show file tree

Hide file tree

Showing 12 changed files with 260 additions and 129 deletions.
diff --git a/.github/workflows/depup.yml b/.github/workflows/depup.yml
@@ -16,7 +16,7 @@ jobs:
       - uses: haya14busa/action-depup@v1
         id: depup
         with:
-          file: Dockerfile
+          file: action.yml
           version_name: REVIEWDOG_VERSION
           repo: reviewdog/reviewdog
 
@@ -33,4 +33,4 @@ jobs:
             This PR is auto generated by [depup workflow](https://github.com/${{ github.repository }}/actions?query=workflow%3Adepup).
           branch: depup/reviewdog
           base: master
-          labels: "bump:minor"
+          labels: "bump:minor"
diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml
diff --git a/.github/workflows/reviewdog.yml → .github/workflows/lint.yml b/.github/workflows/reviewdog.yml → .github/workflows/lint.yml
@@ -1,4 +1,4 @@
-name: reviewdog
+name: Lint
 
 on:
   push:
@@ -7,8 +7,7 @@ on:
   pull_request:
 
 jobs:
-  shellcheck:
-    name: runner / shellcheck
+  Shellcheck:
     runs-on: ubuntu-latest
 
     steps:
@@ -27,28 +26,7 @@ jobs:
           reporter: ${{ steps.reporter.outputs.value }}
           level: warning
 
-  hadolint:
-    name: runner / hadolint
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: haya14busa/action-cond@v1
-        id: reporter
-        with:
-          cond: ${{ github.event_name == 'pull_request' }}
-          if_true: "github-pr-review"
-          if_false: "github-check"
-
-      - uses: reviewdog/action-hadolint@v1
-        with:
-          github_token: ${{ secrets.github_token }}
-          reporter: ${{ steps.reporter.outputs.value }}
-          level: warning
-
-  misspell:
-    name: runner / misspell
+  Misspell:
     runs-on: ubuntu-latest
 
     steps:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,7 +10,7 @@ on:
 jobs:
   release:
     runs-on: ubuntu-latest
-    
+
     steps:
       - uses: actions/checkout@v2
 

diff --git a/.github/workflows/test.yml → .github/workflows/tests.yml b/.github/workflows/test.yml → .github/workflows/tests.yml
@@ -1,14 +1,18 @@
-name: Test
+name: Tests
 
 on:
   push:
     branches:
       - master
   pull_request:
 
+defaults:
+  run:
+    shell: bash
+
 jobs:
   test-check:
-    name: runner / tfsec (github-check)
+    name: tfsec (github-check)
     runs-on: ubuntu-latest
 
     steps:
@@ -30,14 +34,14 @@ jobs:
           tfsec_return="${{ steps.test.outputs.tfsec-return-code }}"
           reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
 
-          if [ "$tfsec_return" -eq 1 ]; then
+          if [[ "$tfsec_return" -eq 1 ]]; then
             echo "tfsec correctly returned failure ${tfsec_return}"
           else
             echo "tfsec returned ${tfsec_return}, expected '1'. Failing..."
             exit 1
           fi
 
-          if [ "$reviewdog_return" -eq 0 ]; then
+          if [[ "$reviewdog_return" -eq 0 ]]; then
             echo "reviewdog correctly returned success: ${reviewdog_return}"
           else
             echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
@@ -46,7 +50,7 @@ jobs:
 
   test-pr-check:
     if: github.event_name == 'pull_request'
-    name: runner / tfsec (github-pr-check)
+    name: tfsec (github-pr-check)
     runs-on: ubuntu-latest
 
     steps:
@@ -68,14 +72,14 @@ jobs:
           tfsec_return="${{ steps.test.outputs.tfsec-return-code }}"
           reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
 
-          if [ "$tfsec_return" -eq 1 ]; then
+          if [[ "$tfsec_return" -eq 1 ]]; then
             echo "tfsec correctly returned failure ${tfsec_return}"
           else
             echo "tfsec returned ${tfsec_return}, expected '1'. Failing..."
             exit 1
           fi
 
-          if [ "$reviewdog_return" -eq 0 ]; then
+          if [[ "$reviewdog_return" -eq 0 ]]; then
             echo "reviewdog correctly returned success: ${reviewdog_return}"
           else
             echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
@@ -84,7 +88,7 @@ jobs:
 
   test-pr-review:
     if: github.event_name == 'pull_request'
-    name: runner / tfsec (github-pr-review)
+    name: tfsec (github-pr-review)
     runs-on: ubuntu-latest
 
     steps:
@@ -108,15 +112,55 @@ jobs:
           tfsec_return="${{ steps.test.outputs.tfsec-return-code }}"
           reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
 
-          if [ "$tfsec_return" -eq 1 ]; then
+          if [[ "$tfsec_return" -eq 1 ]]; then
+            echo "tfsec correctly returned failure ${tfsec_return}"
+          else
+            echo "tfsec returned ${tfsec_return}, expected '1'. Failing..."
+            exit 1
+          fi
+
+          if [[ "$reviewdog_return" -eq 0 ]]; then
+            echo "reviewdog correctly returned success: ${reviewdog_return}"
+          else
+            echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
+            exit 1
+          fi
+
+  test-operating-systems:
+    strategy:
+       matrix:
+         platform: [ubuntu-latest, macos-latest, windows-latest]
+    name: tfsec (${{ matrix.platform }})
+    runs-on: ${{ matrix.platform }}
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: ./
+        continue-on-error: true
+        id: test
+        with:
+          github_token: ${{ secrets.github_token }}
+          reporter: github-check
+          level: info
+          working_directory: testdata
+
+      # The check is expected to fail on the test data
+      - name: Check return codes
+        if: success() || failure ()
+        run: |
+          tfsec_return="${{ steps.test.outputs.tfsec-return-code }}"
+          reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
+
+          if [[ "$tfsec_return" -eq 1 ]]; then
             echo "tfsec correctly returned failure ${tfsec_return}"
           else
             echo "tfsec returned ${tfsec_return}, expected '1'. Failing..."
             exit 1
           fi
 
-          if [ "$reviewdog_return" -eq 0 ]; then
-            echo "reviewdog correctly returned failure: ${reviewdog_return}"
+          if [[ "$reviewdog_return" -eq 0 ]]; then
+            echo "reviewdog correctly returned success: ${reviewdog_return}"
           else
             echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
             exit 1

diff --git a/Dockerfile b/Dockerfile
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # GitHub Action: Run tfsec with reviewdog
 
-[![Test](https://github.com/reviewdog/action-tfsec/workflows/Test/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%3ATest)
-[![reviewdog](https://github.com/reviewdog/action-tfsec/workflows/reviewdog/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%3Areviewdog)
+[![Tests](https://github.com/reviewdog/action-tfsec/workflows/Tests/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%3ATests)
+[![Lint](https://github.com/reviewdog/action-tfsec/workflows/Lint/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%Lint)
 [![depup](https://github.com/reviewdog/action-tfsec/workflows/depup/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%3Adepup)
 [![release](https://github.com/reviewdog/action-tfsec/workflows/release/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%3Arelease)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/reviewdog/action-tfsec?logo=github&sort=semver)](https://github.com/reviewdog/action-tfsec/releases)
@@ -33,6 +33,11 @@ the Pull Request Conversation:
 
 **Required**. Must be in form of `github_token: ${{ secrets.github_token }}`.
 
+### `working_directory`
+
+Optional. Directory to run the action on, from the repo root.
+The default is `.` ( root of the repository).
+
 ### `level`
 
 Optional. Report level for reviewdog [`info`,`warning`,`error`].
@@ -50,22 +55,22 @@ Optional. Filtering for the reviewdog command [`added`,`diff_context`,`file`,`no
 
 The default is `added`.
 
-See [reviewdog doccumentation for filter mode](https://github.com/reviewdog/reviewdog/tree/master#filter-mode) for details.
+See [reviewdog documentation for filter mode](https://github.com/reviewdog/reviewdog/tree/master#filter-mode) for details.
 
 ### `fail_on_error`
 
 Optional. Exit code for reviewdog when errors are found [`true`,`false`].
 
 The default is `false`.
 
-See [reviewdog doccumentation for exit codes](https://github.com/reviewdog/reviewdog/tree/master#exit-codes) for details.
+See [reviewdog documentation for exit codes](https://github.com/reviewdog/reviewdog/tree/master#exit-codes) for details.
 
-### `working_directory`
+### `flags`
 
-Optional. Directory to run the action on, from the repo root.
-The default is `.` ( root of the repository).
+Optional. Additional reviewdog flags. Useful for debugging errors, when it can be set to `-tee`.
+The default is ``.
 
-### `flags`
+### `tfsec_flags`
 
 Optional. List of arguments to send to tfsec.
 For the output to be parsable by reviewdog [`--format=checkstyle` is enforced](./entrypoint.sh).
@@ -89,35 +94,38 @@ on: [pull_request]
 jobs:
   tfsec:
     name: runner / tfsec
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest # Windows and macOS are also supported
 
     steps:
       - name: Clone repo
-        uses: actions/checkout@master
+        uses: actions/checkout@v2
 
-      - name: tfsec
+      - name: Run tfsec with reviewdog output on the PR
         uses: reviewdog/action-tfsec@master
         with:
           github_token: ${{ secrets.github_token }}
-          working_directory: "testdata" # Change working directory
-          reporter: github-pr-review # Change reporter
-          fail_on_error: "true" # Fail action if errors are found
-          filter_mode: "nofilter" # Check all files, not just the diff
-          flags: "" # Optional
+          working_directory: my_directory # Change working directory
+          level: info # Get more output from reviewdog
+          reporter: github-pr-review # Change reviewdog reporter
+          filter_mode: nofilter # Check all files, not just the diff
+          fail_on_error: true # Fail action if errors are found
+          flags: -tee # Add debug flag to reviewdog
+          tfsec_flags: "" # Optional
 ```
 
 ## Development
 
 ### Release
 
 #### [haya14busa/action-bumpr](https://github.com/haya14busa/action-bumpr)
+
 You can bump version on merging Pull Requests with specific labels (bump:major,bump:minor,bump:patch).
 Pushing tag manually by yourself also work.
 
 #### [haya14busa/action-update-semver](https://github.com/haya14busa/action-update-semver)
 
 This action updates major/minor release tags on a tag push. e.g. Update v1 and v1.2 tag when released v1.2.3.
-ref: https://help.github.com/en/articles/about-actions#versioning-your-action
+ref: <https://help.github.com/en/articles/about-actions#versioning-your-action>
 
 ### Lint - reviewdog integration
 
@@ -131,5 +139,6 @@ Supported linters:
 - [reviewdog/action-misspell](https://github.com/reviewdog/action-misspell)
 
 ### Dependencies Update Automation
+
 This repository uses [haya14busa/action-depup](https://github.com/haya14busa/action-depup) to update
 reviewdog version.
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,7 +10,7 @@ on: @@
     jobs:
       release:
         runs-on: ubuntu-latest
         steps:
           - uses: actions/checkout@v2
@@ Expand Down @@