Update go to 1.25 and add bats tests #7
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR updates the Go version from 1.23 to 1.25 and introduces comprehensive BATS (Bash Automated Testing System) tests to validate the envplate Docker image functionality. The changes also update the envplate version and modify the CI workflow to run tests during the build process.
Key changes:
- Updates Go version to 1.25 and pins envplate to a specific commit for reproducible builds
- Adds comprehensive BATS test suite covering core envplate functionality including variable substitution, backup creation, and exec mode
- Modifies CI workflow to run BATS tests and enables pushing images for all events
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| Dockerfile | Updates Go version to 1.25 and pins envplate to specific commit |
| envplate.bats | Adds comprehensive test suite covering envplate functionality |
| .github/workflows/build_and_publish.yml | Adds BATS testing to CI pipeline and enables image pushing for all events |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| - | ||
| name: Login to DockerHub | ||
| if: github.event_name != 'pull_request' | ||
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 |
There was a problem hiding this comment.
Removing the conditional check for pull requests means Docker registry credentials will be exposed during PR builds from forks, which poses a security risk. The original condition 'if: github.event_name != 'pull_request'' should be restored to prevent credential exposure in untrusted contexts.
Copilot uses AI. Check for mistakes.
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
| - | ||
| name: Login to GHCR |
There was a problem hiding this comment.
Removing the conditional check for pull requests means GHCR registry credentials will be exposed during PR builds from forks, which poses a security risk. The original condition 'if: github.event_name != 'pull_request'' should be restored to prevent credential exposure in untrusted contexts.
| name: Login to GHCR | |
| name: Login to GHCR | |
| if: github.event_name != 'pull_request' |
Copilot uses AI. Check for mistakes.
| context: . | ||
| platforms: linux/amd64,linux/arm64 | ||
| push: ${{ github.event_name != 'pull_request' }} | ||
| push: true |
There was a problem hiding this comment.
Unconditionally pushing images for all events including pull requests can lead to unwanted image publications and potential security issues. Consider restoring the original condition 'push: ${{ github.event_name != 'pull_request' }}' to prevent pushing images from PR builds.
| push: true | |
| push: ${{ github.event_name != 'pull_request' }} |
Copilot uses AI. Check for mistakes.
This PR updates the version of Go used to build the image to 1.25
It also adds a range of very basic functionality tests to the image build process