Skip to content
Tests

fix(inputs): Validate that always-comment recive acceptable values #370

Sign in to view logs

fix(inputs): Validate that always-comment recive acceptable values

fix(inputs): Validate that always-comment recive acceptable values #370

Workflow file for this run

.github/workflows/test.yml at 963e4c8
name: Tests
on: # rebuild any PRs and main branch changes
pull_request:
push:
branches:
- main
permissions:
contents: read
jobs:
build: # make sure build/ci work properly
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: npm install
- run: npm run all
test: # make sure the action works on a clean machine without building
runs-on: ubuntu-latest
env:
TEST_IMAGE: ghcr.io/joschi/dive:latest
WASTED_IMAGE: python:3.13-slim-bookworm
permissions:
# 'Params: always-comment with github-token' step to push a comment to PR
pull-requests: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Pre-setup
id: pre-setup
run: |
# Verify test image existence
docker pull ${{ env.TEST_IMAGE }} || {
echo "Test image ${{ env.TEST_IMAGE }} not found" >&2
exit 1
}
- name: 'Params: required only with no defaults'
if: always() && steps.pre-setup.outcome == 'success'
uses: ./
with:
image: ${{ env.TEST_IMAGE }}
- name: 'Params: config-file'
if: always() && steps.pre-setup.outcome == 'success'
uses: ./
with:
image: ${{ env.TEST_IMAGE }}
config-file: ${{ github.workspace }}/.github/.dive-ci.yaml
- name: 'Params: github-token'
if: always() && steps.pre-setup.outcome == 'success'
uses: ./
with:
image: ${{ env.TEST_IMAGE }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Params: dive-image-registry, dive-image-version'
if: always() && steps.pre-setup.outcome == 'success'
uses: ./
with:
image: ${{ env.TEST_IMAGE }}
dive-image-registry: ghcr.io/joschi/dive
dive-image-version: >-
0.14.0
- name: 'Params: highest-wasted-bytes, highest-user-wasted-ratio, lowest-efficiency-ratio'
if: always() && steps.pre-setup.outcome == 'success'
uses: ./
with:
image: ${{ env.WASTED_IMAGE }}
highest-wasted-bytes: 100MB
highest-user-wasted-ratio: 0.5
lowest-efficiency-ratio: 0.9
- name: >-
Params: highest-wasted-bytes, highest-user-wasted-ratio,
lowest-efficiency-ratio redefine config-file
if: always() && steps.pre-setup.outcome == 'success'
uses: ./
with:
image: ${{ env.WASTED_IMAGE }}
config-file: ${{ github.workspace }}/.github/.dive-ci.yaml
highest-wasted-bytes: 100MB
highest-user-wasted-ratio: 0.5
lowest-efficiency-ratio: 0.9
# Verifies that the action properly handles and reports errors
# when trying to analyze a non-existent Docker image
- name: '[Run] Negative test: Invalid image name'
id: invalid-image
if: always() && steps.pre-setup.outcome == 'success'
continue-on-error: true
uses: ./
with:
image: invalid/image:latest
- name: '[Verification] Negative test: Invalid image name'
if: always() && steps.pre-setup.outcome == 'success'
shell: bash
run: |
error_message="${{ steps.invalid-image.outputs.error }}"
expected_message="Scan failed (exit code: 1)."
if [[ ! "$error_message" =~ "$expected_message" ]]; then
echo "Expected error message to contain: $expected_message"
echo "Got: $error_message"
exit 1
fi
if [[ "${{ steps.invalid-image.outcome }}" != "failure" ]]; then
echo "Expected step to fail"
exit 1
fi
# Tests error handling when the specified dive configuration file doesn't exist
- name: '[Run] Negative test: Non-existent config file'
id: invalid-config
if: always() && steps.pre-setup.outcome == 'success'
continue-on-error: true
uses: ./
with:
image: ${{ env.TEST_IMAGE }}
config-file: /non/existent/path.yaml
- name: '[Verification] Negative test: Non-existent config file'
if: always() && steps.pre-setup.outcome == 'success'
shell: bash
run: |
error_message="${{ steps.invalid-config.outputs.error }}"
expected_message="Config file not found in the specified path '/non/existent/path.yaml'
github.workspace value is: '${{ github.workspace }}'"
if [[ ! "$error_message" =~ "$expected_message" ]]; then
echo "Expected error message to contain: $expected_message"
echo "Got: $error_message"
exit 1
fi
if [[ "${{ steps.invalid-config.outcome }}" != "failure" ]]; then
echo "Expected step to fail"
exit 1
fi
# Validates that the action correctly enforces the required image
# input parameter. Note, that it has no access to post a comment
- name: '[Run] Negative test: Missing required image parameter'
id: missing-required
if: always() && steps.pre-setup.outcome == 'success'
continue-on-error: true
uses: ./
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: '[Verification] Negative test: Missing required image parameter'
# It will not be able to create comment outside PR. result in main branch:
# Not Found - https://docs.github.com/rest
if: always() && steps.pre-setup.outcome == 'success' && github.ref !=
'refs/heads/main'
shell: bash
run: |
error_message="${{ steps.missing-required.outputs.error }}"
expected_message="Missing required parameter: image"
if [[ ! "$error_message" =~ "$expected_message" ]]; then
echo "Expected error message to contain: $expected_message"
echo "Got: $error_message"
exit 1
fi
if [[ "${{ steps.missing-required.outcome }}" != "failure" ]]; then
echo "Expected step to fail"
exit 1
fi
# Verifies that the action properly handles missing GitHub token when
# always-comment is true. Expected to fail as posting comments requires
# GitHub token authentication
- name: '[Run] Negative test: always-comment w/o github-token'
id: always-comment-missing-github-token
if: always() && steps.pre-setup.outcome == 'success'
continue-on-error: true
uses: ./
with:
image: ${{ env.TEST_IMAGE }}
always-comment: true
- name: '[Verification] Negative test: always-comment w/o github-token'
# It will not be able to create comment outside PR. result in main branch:
# Not Found - https://docs.github.com/rest
if: always() && steps.pre-setup.outcome == 'success' && github.ref !=
'refs/heads/main'
shell: bash
run: |
error_message="${{ steps.always-comment-missing-github-token.outputs.error }}"
expected_message='always-comment parameter requires github-token to be set.'
if [[ ! "$error_message" =~ "$expected_message" ]]; then
echo "Expected error message to contain: $expected_message"
echo "Got: $error_message"
exit 1
fi
if [[ "${{ steps.always-comment-missing-github-token.outcome }}" != "failure" ]]; then
echo "Expected step to fail"
exit 1
fi
# Runs at the end and only when all other tests pass, as it posts the
# results as a comment on the PR
- name: 'Params: always-comment with github-token'
# It will not be able to create comment outside PR. result in main branch:
# Not Found - https://docs.github.com/rest
if: github.ref != 'refs/heads/main'
uses: ./
with:
image: ${{ env.TEST_IMAGE }}
always-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: '[Verification] Params: always-comment with github-token'
if: github.ref != 'refs/heads/main'
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Get the PR number
pr_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
echo "PR number: $pr_number"
# Check if the comment exists and get the latest comment ID
comment_id=$(gh api "repos/${{ github.repository }}/issues/${pr_number}/comments" --jq \
'sort_by(.created_at) | reverse | .[0] | select(.body | contains("Dive Summary")) | .id')
echo "Comment ID: $comment_id"
if [ -z "$comment_id" ]; then
echo "Expected comment not found in PR"
exit 1
fi
# Delete the comment after verification
gh api -X DELETE "repos/${{ github.repository }}/issues/comments/${comment_id}"
echo "Comment deleted"