ci(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 in /.github/workflows #589
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
--- | |
# Terraform Provider testing workflow. | |
name: 🧪 Test | |
# This GitHub action runs your tests for each pull request. | |
# Optionally, you can turn it on using a schedule for regular testing. | |
on: | |
pull_request: | |
branches: | |
- main | |
types: | |
- opened | |
- synchronize | |
schedule: | |
- cron: "0 2 * * *" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ format('{0}-{1}-{2}-{3}-{4}', github.workflow, github.event_name, github.ref, github.base_ref || null, github.head_ref || null) }} | |
cancel-in-progress: true | |
env: | |
FABRIC_TESTACC_SKIP_NO_SPN: true | |
FABRIC_TESTACC_WELLKNOWN: ${{ vars.FABRIC_TESTACC_WELLKNOWN_NEW }} | |
FABRIC_TIMEOUT: 20m | |
permissions: | |
id-token: write | |
contents: read | |
pull-requests: read | |
jobs: | |
changes: | |
name: 🔂 Check Changes | |
runs-on: ubuntu-24.04 | |
outputs: | |
src: ${{ steps.filter.outputs.src }} | |
steps: | |
- name: ⤵️ Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: 🔂 Check for changes | |
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
id: filter | |
with: | |
filters: | | |
src: | |
- '**.go' | |
- 'go.mod' | |
- 'go.sum' | |
- '.github/workflows/test.yml' | |
test-auth-spn: | |
name: 🔐 Test Auth (SPN ${{ matrix.method }}) | |
needs: changes | |
if: needs.changes.outputs.src == 'true' | |
environment: | |
name: development | |
runs-on: ubuntu-24.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
method: [oidc, certificate, secret] | |
steps: | |
- name: ⤵️ Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: 🚧 Setup Go | |
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
with: | |
go-version-file: go.mod | |
cache: true | |
- name: 🚧 Setup Task | |
uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
with: | |
repo-token: ${{ github.token }} | |
- name: ⚙️ Configure TF dev overrides | |
run: .devcontainer/features/tfprovider-local-dev/install.sh | |
env: | |
PROVIDERNAME: microsoft/fabric | |
- name: 🚧 Setup Terraform | |
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
with: | |
terraform_wrapper: false | |
- name: 🔨 Setup Test tools | |
run: task test:tools | |
- name: 🧪 Run acceptance tests (OIDC) | |
if: matrix.method == 'oidc' | |
run: task testacc -- WorkspaceResource_CRUD ./internal/services/workspace | |
env: | |
FABRIC_USE_OIDC: true | |
FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_OIDC_CLIENT_ID }} | |
- name: 🧪 Run acceptance tests (Certificate) | |
if: matrix.method == 'certificate' | |
run: task testacc -- WorkspaceResource_CRUD ./internal/services/workspace | |
env: | |
FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_CERT_CLIENT_ID }} | |
FABRIC_CLIENT_CERTIFICATE: ${{ secrets.TESTACC_SPN_CERT_CLIENT_CERTIFICATE }} | |
FABRIC_CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.TESTACC_SPN_CERT_CLIENT_CERTIFICATE_PASSWORD }} | |
- name: 🧪 Run acceptance tests (Secret) | |
if: matrix.method == 'secret' | |
run: task testacc -- WorkspaceResource_CRUD ./internal/services/workspace | |
env: | |
FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_SECRET_CLIENT_ID }} | |
FABRIC_CLIENT_SECRET: ${{ secrets.TESTACC_SPN_SECRET_CLIENT_SECRET }} | |
# test-auth-msi: | |
# name: 🔐 Test Auth (MSI ${{ matrix.method }}) | |
# needs: changes | |
# if: needs.changes.outputs.src == 'true' | |
# environment: | |
# name: development | |
# runs-on: [self-hosted, containerjob] | |
# strategy: | |
# fail-fast: false | |
# matrix: | |
# method: [system, user] | |
# steps: | |
# - name: ⤵️ Checkout | |
# uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
# - name: ✔️ Check for changes | |
# uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
# id: changes_check | |
# with: | |
# filters: | | |
# src: | |
# - '**.go' | |
# - 'go.mod' | |
# - 'go.sum' | |
# - name: 🚧 Setup Go | |
# uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
# with: | |
# go-version-file: go.mod | |
# cache: true | |
# - name: 🚧 Setup Task | |
# uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
# with: | |
# repo-token: ${{ github.token }} | |
# - name: ⚙️ Configure TF dev overrides | |
# run: .devcontainer/features/tfprovider-local-dev/install.sh | |
# env: | |
# PROVIDERNAME: microsoft/fabric | |
# - name: 🚧 Setup Terraform | |
# uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
# with: | |
# terraform_wrapper: false | |
# - name: 🔨 Setup Test tools | |
# run: task test:tools | |
# - name: 🧪 Run acceptance tests (User Assigned) | |
# if: matrix.method == 'user' | |
# run: task testacc -- WorkspaceResource_CRUD | |
# env: | |
# FABRIC_USE_MSI: true | |
# FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
# FABRIC_CLIENT_ID: ${{ secrets.TESTACC_MSI_CLIENT_ID }} | |
# - name: 🧪 Run acceptance tests (System Assigned) | |
# if: matrix.method == 'system' | |
# run: task testacc -- WorkspaceResource_CRUD | |
# env: | |
# FABRIC_USE_MSI: true | |
# FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
checkbuild: | |
name: 🏗️ Check Build | |
needs: changes | |
if: needs.changes.outputs.src == 'true' | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 30 | |
permissions: | |
contents: read | |
pull-requests: read | |
steps: | |
- name: ⤵️ Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: 🚧 Setup Go | |
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
with: | |
go-version-file: go.mod | |
cache: true | |
- name: 🚧 Setup Task | |
uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
with: | |
repo-token: ${{ github.token }} | |
- name: 🔀 Get dependencies | |
run: task deps | |
- name: 🔀 Check for differences | |
run: | | |
git diff --exit-code -- go.mod go.sum || \ | |
(echo; echo "Unexpected difference in go.mod/go.sum files. Run 'task deps' command or revert any go.mod/go.sum changes and commit."; git diff --exit-code) | |
- name: ✔️ Run GoVulnCheck | |
run: | | |
task install:govulncheck | |
task govulncheck | |
- name: ✔️ Run Go linters | |
uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0 | |
with: | |
version: latest | |
only-new-issues: true | |
skip-cache: true | |
skip-save-cache: true | |
args: --out-format=github-actions | |
- name: 🚧 Setup Terraform | |
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
with: | |
terraform_wrapper: false | |
- name: ✔️ Run tfproviderlintx | |
run: | | |
task install:tfproviderlintx | |
task tfproviderlintx | |
- name: ✔️ Run Terraform linters | |
run: | | |
task lint:tf-tools | |
task lint:tf | |
- name: 🔀 Check for differences | |
run: | | |
git diff --compact-summary --exit-code || \ | |
(echo; echo "Unexpected difference in code. Run 'task lint' command and commit."; git diff --exit-code) | |
- name: ✔️ Validate GoReleaser config | |
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0 | |
with: | |
version: "~> v2" | |
args: check --verbose | |
- name: 🏗️ Build snapshot binaries | |
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0 | |
with: | |
version: "~> v2" | |
args: build --snapshot --clean --verbose | |
checkdocs: | |
name: 📃 Check Docs | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: read | |
steps: | |
- name: ⤵️ Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: 🚧 Setup Go | |
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
with: | |
go-version-file: go.mod | |
cache: true | |
- name: 🚧 Setup Task | |
uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
with: | |
repo-token: ${{ github.token }} | |
- name: 🔨 Setup tools | |
run: | | |
task install:tfplugindocs | |
task install:markdownlint | |
task install:copywrite | |
- name: ✔️ Run Files linters | |
run: task lint:files | |
- name: 🔀 Check for differences | |
run: | | |
git diff --compact-summary --exit-code || \ | |
(echo; echo "Unexpected difference. Run 'task lint:files' command and commit."; git diff --exit-code) | |
- name: 📃 Generate docs | |
run: task docs | |
- name: 🔀 Check for differences | |
run: | | |
git diff --compact-summary --exit-code || \ | |
(echo; echo "Unexpected difference in directories after code generation. Run 'task docs' command and commit."; git diff --exit-code) | |
# Run tests in a matrix with Terraform CLI versions | |
test: | |
name: 🧪 Run Tests (${{ matrix.cli }} ${{ matrix.version }}) | |
needs: changes | |
if: needs.changes.outputs.src == 'true' | |
environment: | |
name: development | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 30 | |
permissions: | |
contents: read | |
actions: read | |
checks: write | |
pull-requests: write | |
id-token: write | |
strategy: | |
fail-fast: false | |
matrix: | |
cli: [terraform, tofu] | |
version: ["1.7", "1.8", "1.9", "1.10"] | |
exclude: | |
- cli: terraform | |
version: "1.7" | |
- cli: tofu | |
version: "1.10" | |
steps: | |
- name: ⤵️ Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: 🚧 Setup Go | |
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
with: | |
go-version-file: go.mod | |
cache: true | |
- name: 🚧 Setup Terraform | |
if: matrix.cli == 'terraform' | |
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
with: | |
terraform_version: ${{ matrix.version }} | |
terraform_wrapper: false | |
- name: ⚙️ Configure Terraform | |
if: matrix.cli == 'terraform' | |
run: | | |
terraform -version | |
- name: 🚧 Setup OpenTofu | |
uses: opentofu/setup-opentofu@592200bd4b9bbf4772ace78f887668b1aee8f716 # v1.0.5 | |
if: matrix.cli == 'tofu' | |
with: | |
tofu_version: ${{ matrix.version }} | |
tofu_wrapper: false | |
- name: ⚙️ Configure OpenTofu | |
if: matrix.cli == 'tofu' | |
run: | | |
echo "TERRAFORM_CLI=$(which tofu)" >> $GITHUB_ENV | |
echo "REGISTRY_HOST=registry.opentofu.org" >> $GITHUB_ENV | |
echo "TF_ACC_TERRAFORM_PATH=$(which tofu)" >> $GITHUB_ENV | |
echo "TF_ACC_PROVIDER_HOST=registry.opentofu.org" >> $GITHUB_ENV | |
tofu -version | |
- name: ⚙️ Set CLI version | |
run: | | |
version=$(echo "${{ matrix.version }}" | sed 's/\./_/g') | |
echo "CLI_VERSION=$version" >> $GITHUB_ENV | |
- name: 🚧 Setup Task | |
uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 | |
with: | |
repo-token: ${{ github.token }} | |
- name: 🔀 Download Go dependencies | |
run: task deps:download | |
- name: 🔨 Setup Test tools | |
run: task test:tools | |
- name: 🧪 Run tests | |
if: matrix.cli == 'terraform' | |
run: task test | |
timeout-minutes: 30 | |
env: | |
# TF_LOG: DEBUG | |
FABRIC_USE_OIDC: true | |
FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_TF_CLIENT_ID }} | |
- name: 🧪 Run tests | |
if: matrix.cli == 'tofu' | |
run: task test | |
timeout-minutes: 30 | |
env: | |
FABRIC_USE_OIDC: true | |
FABRIC_TENANT_ID: ${{ secrets.TESTACC_TENANT_ID }} | |
FABRIC_CLIENT_ID: ${{ secrets.TESTACC_SPN_OT_CLIENT_ID }} | |
- name: 📤 Upload test results | |
if: always() | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
with: | |
name: ${{ format('{0}-{1}-test-results', matrix.cli, env.CLI_VERSION) }} | |
path: testresults.xml | |
if-no-files-found: warn | |
overwrite: true | |
- name: 📤 Upload coverage results | |
if: always() | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
with: | |
name: ${{ format('{0}-{1}-test-coverage-results', matrix.cli, env.CLI_VERSION) }} | |
path: | | |
coverage.html | |
coverage.json | |
coverage.out | |
coverage.txt | |
coverage.xml | |
if-no-files-found: warn | |
overwrite: true | |
- name: 📢 Publish test results | |
if: always() | |
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1 | |
with: | |
name: 📜 Test results (${{ matrix.cli }} ${{ matrix.version }}) | |
reporter: jest-junit | |
path: testresults.xml | |
- name: ⚙️ Get Coverage summary | |
if: always() | |
uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # v1.3.0 | |
with: | |
filename: coverage.xml | |
badge: true | |
fail_below_min: true | |
format: markdown | |
hide_branch_rate: false | |
hide_complexity: false | |
indicators: true | |
output: both | |
thresholds: "40 60" | |
- name: 📤 Upload Coverage summary | |
if: always() | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
with: | |
name: ${{ format('{0}-{1}-test-coverage-summary', matrix.cli, env.CLI_VERSION) }} | |
path: | | |
code-coverage-results.md | |
if-no-files-found: warn | |
overwrite: true | |
coverage-summary: | |
name: 📔 Coverage Summary | |
needs: | |
- test | |
- changes | |
if: always() && needs.changes.outputs.src == 'true' | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: read | |
issues: write | |
pull-requests: write | |
id-token: write | |
steps: | |
- name: 📥 Download | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
pattern: terraform-1_10-test-coverage* | |
merge-multiple: true | |
- name: 📝 Publish | |
run: cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY | |
- name: 📤 Upload results to Codecov | |
uses: codecov/codecov-action@0da7aa657d958d32c117fc47e1f977e7524753c7 # v5.3.0 | |
with: | |
use_oidc: true | |
files: ./coverage.out | |
- name: 🔎 Find comment | |
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' | |
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 | |
id: fc | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-author: github-actions[bot] | |
body-includes: Minimum allowed line rate is | |
- name: 📝 Create comment | |
if: steps.fc.outputs.comment-id == '' && (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') | |
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
body-path: code-coverage-results.md | |
- name: 📝 Update comment | |
if: steps.fc.outputs.comment-id != '' && (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') | |
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 | |
with: | |
comment-id: ${{ steps.fc.outputs.comment-id }} | |
body-path: code-coverage-results.md | |
edit-mode: replace | |
# Returns success if all matrix jobs in test are successful - otherwise, it returns a failure. | |
# Use this as a PR status check for GitHub Policy Service instead of individual matrix entry checks. | |
check-test-matrix: | |
if: always() | |
name: 🧪 Check Tests | |
needs: test | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: ✅ OK | |
if: ${{ !(contains(needs.*.result, 'failure')) }} | |
run: exit 0 | |
- name: 🛑 Failure | |
if: ${{ contains(needs.*.result, 'failure') }} | |
run: exit 1 |