github/pre-commit-opentofu
1
0
Fork 1
mirror of https://github.com/tofuutils/pre-commit-opentofu.git synced 2025-10-15 17:38:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

chore: Add docker image tests - container-structure-test-config and dive-ci (#365)

Browse source
This commit is contained in:
Maksym Vlasov 2022-04-16 19:06:58 +03:00 committed by GitHub
commit 4874cfe42e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 95 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

58
.github/.container-structure-test-config.yaml vendored Normal file
View file

@ -0,0 +1,58 @@
schemaVersion: '2.0.0'
commandTests:
- name: "pre-commit"
command: "pre-commit"
args: ["-V"]
expectedOutput: ["^pre-commit ([0-9]+\\.){2}[0-9]+\\n$"]
- name: "terraform"
command: "terraform"
args: ["-version"]
expectedOutput: ["^Terraform v([0-9]+\\.){2}[0-9]+\\non linux_amd64\\n$"]
- name: "checkov"
command: "checkov"
args: ["--version"]
expectedOutput: ["^([0-9]+\\.){2}[0-9]+\\n$"]
- name: "infracost"
command: "infracost"
args: ["--version"]
expectedOutput: ["^Infracost v([0-9]+\\.){2}[0-9]+\\n$"]
- name: "terraform-docs"
command: "terraform-docs"
args: ["--version"]
expectedOutput: ["^terraform-docs version v([0-9]+\\.){2}[0-9]+ [a-z0-9]+ linux/amd64\\n$"]
- name: "terragrunt"
command: "terragrunt"
args: ["--version"]
expectedOutput: ["^terragrunt version v([0-9]+\\.){2}[0-9]+\\n$"]
- name: "terrascan"
command: "terrascan"
args: [ "version" ]
expectedOutput: [ "^version: v([0-9]+\\.){2}[0-9]+\\n$" ]
- name: "tflint"
command: "tflint"
args: [ "--version" ]
expectedOutput: [ "TFLint version ([0-9]+\\.){2}[0-9]+\\n$" ]
- name: "tfsec"
command: "tfsec"
args: [ "--version" ]
expectedOutput: [ "([0-9]+\\.){2}[0-9]+\\n$" ]
- name: "tfupdate"
command: "tfupdate"
args: [ "--version" ]
expectedOutput: [ "([0-9]+\\.){2}[0-9]+\\n$" ]
fileExistenceTests:
- name: 'terrascan init'
path: '/root/.terrascan/pkg/policies/opa/rego/github/github_repository/privateRepoEnabled.rego'
shouldExist: true
uid: 0
gid: 0

13
.github/.dive-ci.yaml vendored Normal file
View file

@ -0,0 +1,13 @@
rules:
# If the efficiency is measured below X%, mark as failed.
# Expressed as a ratio between 0-1.
lowestEfficiency: 0.99
# If the amount of wasted space is at least X or larger than X, mark as failed.
# Expressed in B, KB, MB, and GB.
highestWastedBytes: 12MB
# If the amount of wasted space makes up for X% or more of the image, mark as failed.
# Note: the base image layer is NOT included in the total image size.
# Expressed as a ratio between 0-1; fails if the threshold is met or crossed.
highestUserWastedPercent: 0.02

9
.github/CONTRIBUTING.md vendored
View file

@ -118,10 +118,11 @@ You can use [this PR](https://github.com/antonbabenko/pre-commit-terraform/pull/
* `docker build -t pre-commit --build-arg INSTALL_ALL=true .` * `docker build -t pre-commit --build-arg INSTALL_ALL=true .`
* `docker build -t pre-commit --build-arg <NEW_HOOK>_VERSION=latest .` * `docker build -t pre-commit --build-arg <NEW_HOOK>_VERSION=latest .`
* `docker build -t pre-commit --build-arg <NEW_HOOK>_VERSION=<1.2.3> .` * `docker build -t pre-commit --build-arg <NEW_HOOK>_VERSION=<1.2.3> .`
2. Add new hook to [`.pre-commit-hooks.yaml`](../.pre-commit-hooks.yaml) 2. Add Docker structure tests to [`.github/.container-structure-test-config.yaml`](.container-structure-test-config.yaml)
3. Create hook file. Don't forget to make it executable via `chmod +x /path/to/hook/file`. 3. Add new hook to [`.pre-commit-hooks.yaml`](../.pre-commit-hooks.yaml)
4. Test hook. How to do it is described in [Run and debug hooks locally](#run-and-debug-hooks-locally) section. 4. Create hook file. Don't forget to make it executable via `chmod +x /path/to/hook/file`.
5. Test hook one more time. 5. Test hook. How to do it is described in [Run and debug hooks locally](#run-and-debug-hooks-locally) section.
6. Test hook one more time.
1. Push commit with hook file to GitHub 1. Push commit with hook file to GitHub
2. Grab SHA hash of the commit 2. Grab SHA hash of the commit
3. Test hook using `.pre-commit-config.yaml`: 3. Test hook using `.pre-commit-config.yaml`:

21
.github/workflows/build-image-test.yaml vendored
View file

@ -2,10 +2,12 @@ name: "Build Dockerfile if changed and run smoke tests"
on: [pull_request] on: [pull_request]
env:
IMAGE_TAG: pr-test
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Test changed-files
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
with: with:
@ -28,4 +30,19 @@ jobs:
platforms: linux/amd64 platforms: linux/amd64
push: false push: false
tags: | tags: |
ghcr.io/${{ github.repository }}:pr-test ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
- name: Run structure tests
if: steps.changed-files-specific.outputs.any_changed == 'true'
uses: plexsystems/container-structure-test-action@v0.1.0
with:
image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
config: .github/.container-structure-test-config.yaml
- name: Dive - check image for waste files
if: steps.changed-files-specific.outputs.any_changed == 'true'
uses: MaxymVlasov/dive-action@v0.1.0
with:
image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
config-file: ${{ github.workspace }}/.github/.dive-ci.yaml
github-token: ${{ secrets.GITHUB_TOKEN }}