Skip to content
Sanity Checks

fix: Docker scanner workflow #21

Sign in to view logs

fix: Docker scanner workflow

fix: Docker scanner workflow #21

Workflow file for this run

.github/workflows/sanity-check.yaml at 485629c
name: Sanity Checks
on:
pull_request:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Build the application image
run: docker build -t clouddrove/devops:0.0.${{ github.run_number }} -f .docker/Dockerfile .
- name: Bring container up and running
run: docker run --name devops -d clouddrove/devops:0.0.${{ github.run_number }}
- name: Wait for container to boot up
run: sleep 10
- name: Sanity check
run: |
mismatches=""
# Terraform
LATEST_TERRAFORM_VERSION=$(curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r .current_version)
INSTALLED_TERRAFORM_VERSION=$(docker exec devops terraform version -json | jq -r .terraform_version)
if [ "$LATEST_TERRAFORM_VERSION" != "$INSTALLED_TERRAFORM_VERSION" ]; then
mismatches="$mismatches\nTerraform version mismatch: expected $LATEST_TERRAFORM_VERSION, got $INSTALLED_TERRAFORM_VERSION"
fi
# Azure CLI
LATEST_AZURE_VERSION=$(curl -s https://api.github.com/repos/Azure/azure-cli/releases/latest | jq -r .tag_name | cut -d '-' -f 3)
INSTALLED_AZURE_VERSION=$(docker exec devops az version | jq -r '."azure-cli"')
if [ "$LATEST_AZURE_VERSION" != "$INSTALLED_AZURE_VERSION" ]; then
mismatches="$mismatches\nAzure CLI version mismatch: expected $LATEST_AZURE_VERSION, got $INSTALLED_AZURE_VERSION"
fi
# AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update
LATEST_AWS_VERSION=$(aws --version 2>&1 | awk '{print $1}' | cut -d/ -f2)
INSTALLED_AWS_VERSION=$(docker exec devops aws --version 2>&1 | awk '{print $1}' | cut -d/ -f2)
if [ "$LATEST_AWS_VERSION" != "$INSTALLED_AWS_VERSION" ]; then
mismatches="$mismatches\nAWS CLI version mismatch: expected $LATEST_AWS_VERSION, got $INSTALLED_AWS_VERSION"
fi
# Kubectl
LATEST_KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt | cut -c 2-)
INSTALLED_KUBECTL_VERSION=$(docker exec devops kubectl version --client -o json | jq -r '.clientVersion.gitVersion' | cut -c 2-)
if [ "$LATEST_KUBECTL_VERSION" != "$INSTALLED_KUBECTL_VERSION" ]; then
mismatches="$mismatches\nKubectl version mismatch: expected $LATEST_KUBECTL_VERSION, got $INSTALLED_KUBECTL_VERSION"
fi
# Helm
LATEST_HELM_VERSION=$(curl -s https://api.github.com/repos/helm/helm/releases/latest | jq -r .tag_name | cut -c 2-)
INSTALLED_HELM_VERSION=$(docker exec devops helm version --template="{{ .Version }}" | cut -c 2-)
if [ "$LATEST_HELM_VERSION" != "$INSTALLED_HELM_VERSION" ]; then
mismatches="$mismatches\nHelm version mismatch: expected $LATEST_HELM_VERSION, got $INSTALLED_HELM_VERSION"
fi
# Google Cloud SDK (gcloud)
curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz
tar -xf google-cloud-cli-linux-x86_64.tar.gz
./google-cloud-sdk/install.sh --quiet
export PATH=$PATH:$PWD/google-cloud-sdk/bin
LATEST_GCLOUD_VERSION=$(gcloud --version | grep -oP '(?<=Google Cloud SDK )\S+')
INSTALLED_GCLOUD_VERSION=$(docker exec devops gcloud --version | grep -oP '(?<=Google Cloud SDK )\S+')
echo "Google Cloud SDK versions - Latest: $LATEST_GCLOUD_VERSION, Installed: $INSTALLED_GCLOUD_VERSION"
if [ "$LATEST_GCLOUD_VERSION" != "$INSTALLED_GCLOUD_VERSION" ]; then
mismatches="$mismatches\nGoogle Cloud SDK version mismatch: expected $LATEST_GCLOUD_VERSION, got $INSTALLED_GCLOUD_VERSION"
fi
# Print mismatches and fail if any
if [ -n "$mismatches" ]; then
echo -e "Version mismatches found:$mismatches"
exit 1
fi