php-fpm-exporter/.github/workflows/test_pr.yml

name: Test PR
on:
  pull_request_target:
  workflow_dispatch:

jobs:

  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:

    - name: Set up Go
      uses: actions/setup-go@v4.1.0
      with:
        go-version: 1.17
      id: go

    - name: Checkout
      uses: actions/checkout@v3
      with:
        fetch-depth: 0

    - name: golangci-lint
      uses: golangci/golangci-lint-action@v3.3.1
      with:
        version: v1.44

  test:
    name: Test
    runs-on: ubuntu-latest
    steps:

    - name: Setup Go
      uses: actions/setup-go@v4.1.0
      with:
        go-version: 1.17
      id: go

    - name: Checkout
      uses: actions/checkout@v3
      with:
        ref: "refs/pull/${{ github.event.number }}/merge"

    - name: Test
      run: go test -coverprofile cover.out ./...

    - name: SonarCloud Scan
      uses: sonarsource/sonarcloud-github-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

  image-scan:
    name: Image Scan
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v3
      with:
        fetch-depth: 0
        ref: "refs/pull/${{ github.event.number }}/merge"

    - name: Setup Go
      uses: actions/setup-go@v4.1.0
      with:
        go-version: 1.17
      id: go

    - name: Run GoReleaser
      uses: goreleaser/goreleaser-action@v4.3.0
      with:
        version: latest
        args: release --rm-dist --snapshot
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: Scan image
      uses: anchore/scan-action@v3.3.6
      id: scan
      with:
        image: "hipages/php-fpm_exporter:latest"
        acs-report-enable: true
        fail-build: false

    - name: Upload Anchore scan SARIF report
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: ${{ steps.scan.outputs.sarif }}