Skip to content

Fix PR #70 review comments: pin action SHA, reject whitespace-only names #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Copilot wants to merge 5 commits into from
Closed

Fix PR #70 review comments: pin action SHA, reject whitespace-only names #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5b7f97d
ci: add format/lint jobs and align PR checks across all repos
devops-thiago Mar 3, 2026
766439d
ci: address PR review comments from Copilot and Cursor
devops-thiago Mar 3, 2026
6938624
Initial plan
Copilot Mar 3, 2026
ffed429
Merge branch 'ci/add-format-lint-pr-checks' of https://github.com/dev…
Copilot Mar 3, 2026
82ee13c
fix: address PR #70 review comments - pin docker action SHA, fix whit…
Copilot Mar 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .editorconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,10 @@ dotnet_style_prefer_conditional_expression_over_return = true:silent
# C# preferences
csharp_prefer_braces = true:warning
csharp_prefer_simple_using_statement = true:suggestion
csharp_style_namespace_declarations = file_scoped:warning
csharp_using_directive_placement = outside_namespace:warning
dotnet_sort_system_directives_first = true
dotnet_separate_import_directive_groups = false
csharp_style_deconstructed_variable_declaration = true:suggestion
csharp_prefer_simple_default_expression = true:suggestion
csharp_style_pattern_matching_over_is_with_cast_check = true:suggestion
Expand Down
49 changes: 48 additions & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,53 @@ jobs:
run: dotnet sonarscanner end /d:sonar.token="$SONAR_TOKEN"

docker-build:
runs-on: ubuntu-latest
needs: [build, test, code-quality]
if: github.event_name == 'pull_request'
permissions:
contents: read
security-events: write

steps:
- name: Checkout code
uses: actions/checkout@v6

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build Docker image for PR validation
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
with:
context: .
push: false
tags: otel-core-example:pr-${{ github.event.pull_request.number }}
load: true
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Verify Docker image was built
run: |
echo "Listing Docker images:"
docker images
echo "Checking if our image exists:"
docker inspect otel-core-example:pr-${{ github.event.pull_request.number }}

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: otel-core-example:pr-${{ github.event.pull_request.number }}
format: 'sarif'
output: 'trivy-results.sarif'
env:
TRIVY_SKIP_VERSION_CHECK: true

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4
if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository }}
with:
sarif_file: 'trivy-results.sarif'

docker-publish:
runs-on: ubuntu-latest
needs: [build, test, code-quality]
if: github.ref == 'refs/heads/main'
Expand Down Expand Up @@ -393,7 +440,7 @@ jobs:

deploy:
runs-on: ubuntu-latest
needs: [docker-build]
needs: [docker-publish]
if: github.ref == 'refs/heads/main'
permissions:
contents: read
Expand Down
Loading