Skip to content

feat(queries): implementation of regal for linting rego files #13297

feat(queries): implementation of regal for linting rego files

feat(queries): implementation of regal for linting rego files #13297

name: go-ci-integration
on:
pull_request:
branches: [master]
jobs:
integration-tests:
name: integration-tests
runs-on: ubuntu-latest
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
with:
cancel_others: false
paths_ignore: '["docs/**", "**/**.md", "examples"]'
- name: Check out code into the Go module directory
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: Cache Docker layers
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
restore-keys: |
${{ runner.os }}-buildx-${{ github.ref }}
- name: Get short SHA
run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
- name: Build
id: docker_build
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
with:
load: true
context: ./
file: ./Dockerfile
builder: ${{ steps.buildx.outputs.name }}
push: false
tags: kics:${{ github.sha }}
build-args: |
VERSION=${GITHUB_SHA_SHORT}
COMMIT=${GITHUB_SHA}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: Run docker image and generate results.json
run: |
docker run --user $(id -u):$(id -g) -v ${PWD}/assets/queries:/path \
kics:${{ github.sha }} scan \
--silent \
--disable-full-descriptions \
--ignore-on-exit "results" \
--log-level DEBUG \
--log-path "/path/info.log" \
-p "/path" \
-o "/path/"
- name: Archive test logs
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
if: always()
with:
name: integration-logs-${{ github.event.pull_request.head.sha }}
path: assets/queries/info.log
- name: Display results
run: |
cat ${PWD}/assets/queries/results.json
- name: Archive test results
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with:
name: integration-results-${{ github.event.pull_request.head.sha }}
path: assets/queries/results.json
- name: Assert results.json
run: |
set -eo pipefail
COUNT=$(jq '.queries_total' ${PWD}/assets/queries/results.json)
echo "Assert queries_total > 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -gt 0
COUNT=$(jq '.total_counter' ${PWD}/assets/queries/results.json)
echo "Assert total_counter > 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -gt 0
COUNT=$(jq '.files_scanned' ${PWD}/assets/queries/results.json)
echo "Assert files_scanned > 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -gt 0
COUNT=$(jq '.queries_failed_to_execute' ${PWD}/assets/queries/results.json)
echo "Assert queries_failed_to_execute == 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -eq 0
COUNT=$(jq '.files_failed_to_scan' ${PWD}/assets/queries/results.json)
echo "Assert files_failed_to_scan == 0 in results.json :: ${COUNT}"
echo $COUNT | xargs -i{} test {} -eq 0