Skip to content
Comprehensive Validation

Bump flask from 2.3.3 to 3.1.3 in /docker/services/idrac-manager in the pip group across 1 directory #49

Sign in to view logs

Bump flask from 2.3.3 to 3.1.3 in /docker/services/idrac-manager in the pip group across 1 directory

Bump flask from 2.3.3 to 3.1.3 in /docker/services/idrac-manager in the pip group across 1 directory #49

Workflow file for this run

.github/workflows/comprehensive-validation.yml at 91b8f33
---
name: Comprehensive Validation
"on":
pull_request:
paths:
- "**/*.yaml"
- "**/*.yml"
- "**/*.json"
- "**/*.sh"
- "**/*.py"
- "docker/**"
- "config/**"
push:
branches: [main, develop]
workflow_dispatch:
env:
PYTHON_VERSION: "3.x"
jobs:
yaml-lint:
name: YAML Validation
uses: ./.github/workflows/yamllint-reusable.yml
with:
python-version: "3.x"
json-validation:
name: JSON Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Validate JSON files
run: |
echo "Validating JSON files..."
find . -name "*.json" -type f | while read file; do
echo "Validating $file"
python3 -m json.tool "$file" > /dev/null || {
echo "❌ Invalid JSON: $file"
exit 1
}
done
echo "✅ All JSON files are valid"
shell-check:
name: Shell Script Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install ShellCheck
run: sudo apt-get update && sudo apt-get install -y shellcheck
- name: Run ShellCheck
run: |
echo "Checking shell scripts..."
find . -name "*.sh" -type f | while read file; do
echo "Checking $file"
shellcheck "$file" || echo "⚠️ ShellCheck issues in $file"
done
python-syntax:
name: Python Syntax Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Check Python syntax
run: |
echo "Checking Python syntax..."
find . -name "*.py" -type f | while read file; do
echo "Checking $file"
python3 -m py_compile "$file" || {
echo "❌ Syntax error in $file"
exit 1
}
done
echo "✅ All Python files have valid syntax"
docker-validation:
name: Docker Configuration Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Validate Docker Compose
run: |
if [ -f docker/docker-compose.yaml ]; then
echo "Validating Docker Compose configuration..."
docker-compose -f docker/docker-compose.yaml config --quiet
echo "✅ Docker Compose configuration is valid"
else
echo "⚠️ No Docker Compose file found"
fi
- name: Check Dockerfile syntax
run: |
find . -name "Dockerfile*" -type f | while read file; do
echo "Checking $file"
docker buildx build --dry-run -f "$file" . || \
echo "⚠️ Issues in $file"
done
security-scan:
name: Security Scanning
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
- name: Upload security scan results
if: always()
uses: actions/upload-artifact@v4
with:
name: security-scan-results
path: trivy-results.sarif
if-no-files-found: warn
configuration-validation:
name: Configuration Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install dependencies
run: |
pip install pyyaml jsonschema
- name: Run configuration validation
run: |
if [ -f scripts/validate-config.py ]; then
python3 scripts/validate-config.py
else
echo "⚠️ Configuration validation script not found"
fi
summary:
name: Validation Summary
runs-on: ubuntu-latest
needs:
- yaml-lint
- json-validation
- shell-check
- python-syntax
- docker-validation
- security-scan
- configuration-validation
if: always()
steps:
- name: Check validation results
run: |
echo "## Validation Summary" >> $GITHUB_STEP_SUMMARY
echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
# YAML Lint Status
if [[ "${{ needs.yaml-lint.result }}" == "success" ]]; then
echo "| YAML Lint | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| YAML Lint | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi
# JSON Validation Status
if [[ "${{ needs.json-validation.result }}" == "success" ]]; then
echo "| JSON Validation | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| JSON Validation | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi
# Shell Check Status
if [[ "${{ needs.shell-check.result }}" == "success" ]]; then
echo "| Shell Check | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| Shell Check | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi
# Python Syntax Status
if [[ "${{ needs.python-syntax.result }}" == "success" ]]; then
echo "| Python Syntax | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| Python Syntax | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi
# Docker Validation Status
if [[ "${{ needs.docker-validation.result }}" == "success" ]]; then
echo "| Docker Validation | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| Docker Validation | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi
# Security Scan Status
if [[ "${{ needs.security-scan.result }}" == "success" ]]; then
echo "| Security Scan | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| Security Scan | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi
# Configuration Validation Status
CONFIG_RESULT="${{ needs.configuration-validation.result }}"
if [[ "$CONFIG_RESULT" == "success" ]]; then
echo "| Configuration | ✅ Passed |" >> $GITHUB_STEP_SUMMARY
else
echo "| Configuration | ❌ Failed |" >> $GITHUB_STEP_SUMMARY
fi