.github/workflows/lint.yml from rubygems/rubygems.org

.github/workflows/lint.yml
Summary

Maintainability

Test Coverage

Issues
name: Lint
on:
  pull_request:
  push:
    branches:
      - master
permissions:
  contents: read

jobs:
  rubocop:
    name: Rubocop
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
      - uses: ruby/setup-ruby@1198b074305f9356bd56dd4b311757cc0dab2f1c # v1.175.1
        with:
          bundler-cache: true
      - name: Rubocop
        run: bundle exec rubocop
  brakeman:
    name: Brakeman
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
      - uses: ruby/setup-ruby@1198b074305f9356bd56dd4b311757cc0dab2f1c # v1.175.1
        with:
          bundler-cache: true
      - name: Brakeman
        run: bundle exec brakeman
  importmap:
    name: Importmap Verify
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
      - uses: ruby/setup-ruby@1198b074305f9356bd56dd4b311757cc0dab2f1c # v1.175.1
        with:
          bundler-cache: true
      - name: Importmap Verify
        run: bundle exec rake importmap:verify
  kubeconform:
    name: Kubeconform
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        kubernetes_version: ["1.29.1"]
        environment:
          - staging
          - production
    steps:
      - name: login to Github Packages
        run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
      - uses: ruby/setup-ruby@1198b074305f9356bd56dd4b311757cc0dab2f1c # v1.175.1
        with:
          bundler-cache: true
      - name: krane render
        run: |
          gem exec --silent krane render -f config/deploy/$ENVIRONMENT --bindings=environment=$ENVIRONMENT --current-sha=$REVISION > config/deploy/$ENVIRONMENT.rendered.yaml
        env:
          ENVIRONMENT: "${{ matrix.environment }}"
          REVISION: "${{ github.sha }}"
      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: "${{ matrix.environment }}.rendered.yaml"
          path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
      - name: kubeconform
        uses: docker://ghcr.io/yannh/kubeconform:v0.6.3
        with:
          entrypoint: "/kubeconform"
          args: "-strict -summary -output json --kubernetes-version ${{ matrix.kubernetes_version }} config/deploy/${{ matrix.environment }}.rendered.yaml"