-
Notifications
You must be signed in to change notification settings - Fork 15
148 lines (121 loc) · 4.83 KB
/
lint-shared-workflows.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
on:
push:
branches:
- main
pull_request:
types:
- edited
- opened
- ready_for_review
- synchronize
merge_group:
name: Lint shared-workflows
permissions:
contents: read
actions: write
jobs:
lint:
name: Lint all shared workflows
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Lint with Prettier
uses: creyD/prettier_action@31355f8eef017f8aeba2e0bc09d8502b13dbbad1 # v4.3
with:
dry: true
prettier_options: "--check ."
# Lint .github/workflows/*
- name: Lint workflow files
uses: raven-actions/actionlint@01fce4f43a270a612932cb1c64d40505a029f821 # v2.0.0
- name: Run ShellCheck on scripts
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
# A separate job so we can run in the `yq` container
lint-action-yaml:
name: Lint action YAMLs
runs-on: ubuntu-latest
container:
image: mikefarah/yq:4.44.5@sha256:76963651c5b2450b40f912ef65083e60b31f2d27bd123fe71c3c0acd49aa9e72
# https://github.com/actions/checkout/issues/956
options: --user root
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install dependencies
run: |
# tar is needed to save/restore the schema cache
apk add --no-cache curl github-cli tar
- name: Restore github-action.json schema
id: restore-schema
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
github-action.json
github-action.json-etag
key: github-action-schema
# Doesn't matter if we save/restore the schema from different OSes
enableCrossOsArchive: true
- name: Download github-action.json schema
id: download-schema
# Download failures are non-fatal if we have a cache hit, because we can
# use the cached schema
continue-on-error: ${{ steps.restore-schema.outputs.cache-hit == 'true' }}
run: |
response_code=$(curl \
--write-out '%{response_code}' \
--verbose \
--retry 5 \
--remote-time \
--remote-name \
--time-cond github-action.json \
--etag-save github-action.json-etag \
--etag-compare github-action.json-etag \
https://json.schemastore.org/github-action.json);
curl_exit_code="${?}";
if [[ "${curl_exit_code}" -ne 0 ]]; then
exit "${curl_exit_code}";
fi
# If the schema has changed (200 vs. 304 if it's not changed), we need
# to update the cache.
echo "schema-changed=$([ "${response_code}" -eq 200 ] && echo true || echo false)" >> "${GITHUB_OUTPUT}"
# Caches can't be overwritten, so we need to delete the previous cache if
# the schema has changed
- name: Delete Previous Cache
if: steps.restore-schema.outputs.cache-hit == 'true' && steps.download-schema.outputs.schema-changed == 'true'
run: |
gh extension install actions/gh-actions-cache
gh actions-cache delete --repo "${{ github.repository }}" "github-action-schema" --confirm
env:
GH_TOKEN: ${{ github.token }}
- name: Save github-action.json schema to cache
uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
if: steps.download-schema.outputs.schema-changed == 'true'
with:
path: |
github-action.json
github-action.json-etag
key: github-action-schema
# Doesn't matter if we save/restore the schema from different OSes
enableCrossOsArchive: true
- name: Convert action YAMLS to JSON
id: convert-action-yaml-to-json
run: |
set -ex
find . -name 'action.yaml' -o -name 'action.yml' | while read -r file; do
JSON_FILE="${file%.*}.json"
yq eval -o=j "$file" > "${JSON_FILE}"
# Save converted filenames to a file
echo "${JSON_FILE}" >> converted-files.txt
done
echo "Converted: $(tr '\n' ' ' < converted-files.txt)"
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#example-of-a-multiline-string
{
echo 'converted-files<<EOF'
cat converted-files.txt
echo 'EOF'
} >> "${GITHUB_OUTPUT}"
- name: Validate action definitions
uses: ScratchAddons/validate-json-action@8f71e0683221310e32661c1b1634399858bde75f
with:
schema: github-action.json
jsons: ${{ steps.convert-action-yaml-to-json.outputs.converted-files }}