Skip to content
CI

Rename container hostname from buildkitsandbox to flashx #7

Sign in to view logs

Rename container hostname from buildkitsandbox to flashx

Rename container hostname from buildkitsandbox to flashx #7

Workflow file for this run

.github/workflows/ci.yml at 551de9d
name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
workflow_dispatch: # Allow manual triggering
permissions:
contents: read
security-events: write
jobs:
lint-shell:
name: Lint Shell Script
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
with:
scandir: '.'
format: gcc
severity: warning
lint-dockerfile:
name: Lint Dockerfile
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: flashx_dockerfile
failure-threshold: error
test-shell-script:
name: Test Shell Script (BATS)
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup BATS
uses: mig4/setup-bats@v1
with:
bats-version: 1.10.0
- name: Run BATS tests for run_flashx.sh
run: |
bats tests/test_run_flashx.bats
test-dockerfile:
name: Test Dockerfile (BATS)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup BATS
uses: mig4/setup-bats@v1
with:
bats-version: 1.10.0
- name: Run BATS tests for Dockerfile
run: |
bats tests/test_docker_build.bats
test-integration:
name: Integration Tests
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup BATS
uses: mig4/setup-bats@v1
with:
bats-version: 1.10.0
- name: Run integration tests
run: |
bats tests/test_integration.bats
docker-build-and-run:
name: Docker Build and Simulation Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
run: |
docker build -f flashx_dockerfile \
--build-arg USER_ID=$(id -u) \
--build-arg GROUP_ID=$(id -g) \
-t flashx:test \
.
- name: Verify flashuser owns the object directory
run: |
owner=$(docker run --rm flashx:test stat -c '%U' /home/flashuser/flashx/Flash-X/object)
echo "Object directory owner: $owner"
[ "$owner" = "flashuser" ]
- name: Run Sedov simulation
run: |
docker run --rm flashx:test bash -c "cd /home/flashuser/flashx/Flash-X/object && ./flashx"
security-scan:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner on repository
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
validation-summary:
name: Validation Summary
runs-on: ubuntu-latest
needs: [lint-shell, lint-dockerfile, test-shell-script, test-dockerfile, test-integration, docker-build-and-run]
if: always()
steps:
- name: Check all jobs status
run: |
echo "Lint Shell: ${{ needs.lint-shell.result }}"
echo "Lint Dockerfile: ${{ needs.lint-dockerfile.result }}"
echo "Test Shell Script: ${{ needs.test-shell-script.result }}"
echo "Test Dockerfile: ${{ needs.test-dockerfile.result }}"
echo "Integration Tests: ${{ needs.test-integration.result }}"
echo "Docker Build and Run: ${{ needs.docker-build-and-run.result }}"
if [ "${{ needs.lint-shell.result }}" != "success" ] || \
[ "${{ needs.lint-dockerfile.result }}" != "success" ] || \
[ "${{ needs.test-shell-script.result }}" != "success" ] || \
[ "${{ needs.test-dockerfile.result }}" != "success" ] || \
[ "${{ needs.test-integration.result }}" != "success" ]; then
echo "Some tests failed!"
exit 1
fi
echo "All validations passed!"