ci: Add image scan, pr title and markdown link checks workflows (#336)

virtual-kubelet · Oct 13, 2022 · 8be45a2 · 8be45a2
1 parent a1a1e63
commit 8be45a2
Show file tree

Hide file tree

Showing 7 changed files with 114 additions and 7 deletions.
diff --git a/.github/PR_TEMPLATE.md b/.github/PR_TEMPLATE.md
@@ -0,0 +1,33 @@
+
+### Description of your changes
+
+<!--
+
+Briefly describe what this pull request does. We love pull requests that have a clear purpose. If yours fix an issue,
+please uncomment the below line to indicate which issue your PR fixes, for example
+"Fixes #500":
+
+-->
+
+Fixes #
+
+I have:
+
+- [ ] Run `make lint` locally.
+- [ ] Run `make test` locally.
+
+### How has this code been tested?
+
+<!--
+Before reviewers can be confident in the correctness of this pull request, it needs to tested and shown to be correct.
+Briefly describe the testing that has already been done or which is planned for this change.
+-->
+
+
+### Special notes for your reviewer
+
+<!--
+
+Be sure to direct your reviewers' attention to anything that needs special consideration.
+
+-->
diff --git a/.github/markdown-links-config.json b/.github/markdown-links-config.json
@@ -0,0 +1,11 @@
+{
+  "aliveStatusCodes": [
+    200,
+    203,
+    429,
+    0
+  ],
+  "timeout": "5s",
+  "retryCount": 5,
+  "fallbackRetryDelay": "30s"
+}
diff --git a/.github/pr-title-config.json b/.github/pr-title-config.json
@@ -0,0 +1,9 @@
+{
+  "LABEL": {
+    "name": "title-needs-formatting",
+    "color": "EEEEEE"
+  },
+  "CHECKS": {
+    "prefixes": [ "[WIP] ", "feat: ", "test: ", "fix: ", "docs: ", "style: ", "interface: ", "util: ", "chore: ", "ci: ", "perf: ", "refactor: ", "revert: " ]
+  }
+}
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -1,4 +1,4 @@
-name: create_release
+name: create release & publish the image
 on:
   create:
     # Publish semver tags as releases.
@@ -10,6 +10,7 @@ permissions:
 
 env:
   REGISTRY: ghcr.io
+  IMAGE_NAME: 'virtual-kubelet'
 
 jobs:
   create-release:
@@ -43,14 +44,14 @@ jobs:
       REGISTRY: ${{ needs.export-registry.outputs.registry }}
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           submodules: true
           fetch-depth: 0
-      - name: Login to ghcr.io
+      - name: Login to ${{ env.REGISTRY }}
         uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b
         with:
-          registry: ghcr.io
+          registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Set env
@@ -59,8 +60,22 @@ jobs:
         run: |
           ver=${{ env.RELEASE_VERSION}}
           echo "IMG_TAG=${ver#"v"}" >> $GITHUB_ENV
-      - name: Build image
+      - name: Build and push image
         run: |
           OUTPUT_TYPE=type=registry make docker-build-image
         env:
           VERSION: ${{ env.IMG_TAG }}
+
+      - name: Scan ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMG_TAG }}
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMG_TAG }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+          timeout: '5m0s'
+        env:
+          TRIVY_USERNAME: ${{ github.actor }}
+          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/markdown-link-check.yml b/.github/workflows/markdown-link-check.yml
@@ -0,0 +1,20 @@
+name: markdown link
+
+on:
+  pull_request:
+    paths:
+      - '**.md'
+      - "docs/**"
+
+jobs:
+  markdown-link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          # this will only show errors in the output
+          use-quiet-mode: 'yes'
+          # this will show detailed HTTP status for checked links
+          use-verbose-mode: 'yes'
+          config-file: '.github/markdown.links.config.json'
diff --git a/.github/workflows/pr-title-lint.yml b/.github/workflows/pr-title-lint.yml
@@ -0,0 +1,19 @@
+name: pr Title Checker
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - labeled
+      - unlabeled
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: thehanimo/pr-title-checker@v1.3.4
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          pass_on_octokit_error: true
+          configuration_path: ".github/pr-title-config.json"
diff --git a/README.md b/README.md
@@ -762,7 +762,7 @@ If you used Virtual Nodes, can follow the steps [here](https://docs.microsoft.co
 
 
 <!-- LINKS -->
-[kubectl-create]: https://kubernetes.io/docs/user-guide/kubectl/v1.6/#create
-[kubectl-get]: https://kubernetes.io/docs/user-guide/kubectl/v1.8/#get
+[kubectl-create]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#create
+[kubectl-get]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get
 [az-container-list]: https://docs.microsoft.com/cli/azure/container?view=azure-cli-latest#az_container_list
 [az-container-show]: https://docs.microsoft.com/cli/azure/container?view=azure-cli-latest#az_container_show