ci: add tests and lint for PRs (#2)

tembleking · web-flow · commit 0fba0e5ed38f · 2025-03-28T15:29:19.000+01:00
diff --git a/.envrc b/.envrc
@@ -2,4 +2,8 @@ has nix && use flake . -L
 watch_file *.nix
 dotenv_if_exists .env # You can create a .env file with your env vars for this project. You can also use .secrets if you are using act. See the line below.
 dotenv_if_exists .secrets # Used by [act](https://nektosact.com/) to load secrets into the pipelines
+strict_env
+
+env_vars_required SECURE_API_URL SECURE_API_TOKEN
+
 export RUST_BACKTRACE=1
diff --git a/.github/workflows/ci-pull-request.yml b/.github/workflows/ci-pull-request.yml
@@ -0,0 +1,61 @@
+name: CI - Pull Request
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run lint
+        run: |
+          just lint
+
+  pre-commit:
+    name: Pre-commit
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run pre-commit
+        run: |
+          pre-commit run -a
+
+  build-and-test:
+    name: Build and test
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Run tests
+        run: |
+          just test
+        env:
+          SECURE_API_URL: https://us2.app.sysdig.com
+          SECURE_API_TOKEN: ${{ secrets.SECURE_API_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -12,12 +12,3 @@ repos:
     - id: trailing-whitespace
     - id: end-of-file-fixer
     - id: check-yaml
-
-- repo: local
-  hooks:
-    - id: cargo-nextest
-      name: cargo nextest
-      entry: cargo nextest run
-      language: system
-      files: \.rs$
-      pass_filenames: false
diff --git a/Justfile b/Justfile
@@ -8,5 +8,9 @@ fix:
 fmt:
     cargo fmt
 
+lint:
+    cargo check
+    cargo clippy
+
 watch:
     cargo watch -x "nextest run"
diff --git a/flake.nix b/flake.nix
@@ -51,7 +51,6 @@
                 rust-analyzer
                 lldb
                 pre-commit
-                sysdig-cli-scanner
               ];
 
               inputsFrom = [ sysdig-lsp ];
diff --git a/src/infra/sysdig_image_scanner.rs b/src/infra/sysdig_image_scanner.rs
@@ -175,16 +175,23 @@ impl ImageScanner for SysdigImageScanner {
 #[cfg(test)]
 #[serial_test::file_serial]
 mod tests {
+    use lazy_static::lazy_static;
+
     use crate::app::ImageScanner;
 
     use super::{SysdigAPIToken, SysdigImageScanner};
 
+    lazy_static! {
+        static ref SYSDIG_SECURE_URL: String =
+            std::env::var("SECURE_API_URL").expect("SECURE_API_URL env var not set");
+        static ref SYSDIG_SECURE_TOKEN: SysdigAPIToken =
+            SysdigAPIToken(std::env::var("SECURE_API_TOKEN").expect("SECURE_API_TOKEN not set"));
+    }
+
     #[tokio::test]
     async fn it_retrieves_the_scanner_from_the_specified_version() {
-        let sysdig_url = "https://us2.app.sysdig.com".to_string();
-        let sysdig_secure_token = SysdigAPIToken(std::env::var("SECURE_API_TOKEN").unwrap());
-
-        let scanner = SysdigImageScanner::new(sysdig_url, sysdig_secure_token);
+        let scanner =
+            SysdigImageScanner::new(SYSDIG_SECURE_URL.clone(), SYSDIG_SECURE_TOKEN.clone());
 
         let report = scanner.scan("ubuntu:22.04").await.unwrap();
 
@@ -195,10 +202,8 @@ mod tests {
 
     #[tokio::test]
     async fn it_scans_the_ubuntu_image_correctly() {
-        let sysdig_url = "https://us2.app.sysdig.com".to_string();
-        let sysdig_secure_token = SysdigAPIToken(std::env::var("SECURE_API_TOKEN").unwrap());
-
-        let scanner = SysdigImageScanner::new(sysdig_url, sysdig_secure_token);
+        let scanner =
+            SysdigImageScanner::new(SYSDIG_SECURE_URL.clone(), SYSDIG_SECURE_TOKEN.clone());
 
         let report = scanner.scan_image("ubuntu:22.04").await.unwrap();
 
diff --git a/tests/test.rs b/tests/test.rs
@@ -41,7 +41,7 @@ impl TestClient {
             .initialize(InitializeParams {
                 initialization_options: Some(json!({"sysdig":
                     {
-                        "api_url": "https://us2.app.sysdig.com"
+                        "api_url": "some_api_url"
                     }
                 })),
                 ..Default::default()

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ impl TestClient {`
`41`	`41`	`.initialize(InitializeParams {`
`42`	`42`	`initialization_options: Some(json!({"sysdig":`
`43`	`43`	`{`
`44`		`- "api_url": "https://us2.app.sysdig.com"`
	`44`	`+ "api_url": "some_api_url"`
`45`	`45`	`}`
`46`	`46`	`})),`
`47`	`47`	`..Default::default()`