Skip to content

Merge pull request #4 from anolilab/renovate/lock-file-maintenance #11

Merge pull request #4 from anolilab/renovate/lock-file-maintenance

Merge pull request #4 from anolilab/renovate/lock-file-maintenance #11

Workflow file for this run

# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
name: "Lint"
on: # yamllint disable-line rule:truthy
push:
branches:
- "main"
# eslint-disable-next-line yml/no-empty-mapping-value
pull_request: # yamllint disable-line rule:empty-values
concurrency:
group: "ci-lint-${{ github.ref }}-1"
cancel-in-progress: true
permissions:
contents: "read" # to fetch code (actions/checkout)
jobs:
files-changed:
name: "Detect what files changed"
runs-on: "ubuntu-22.04"
timeout-minutes: 3
# Map a step output to a job output
outputs:
markdown_lintable: "${{ steps.changes.outputs.markdown_lintable }}"
yaml_lintable: "${{ steps.changes.outputs.yaml_lintable }}"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423" # v2.6.0
with:
egress-policy: "audit"
- name: "Git checkout"
uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
- name: "Check for file changes"
uses: "dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50" # v2.11.1
id: "changes"
with:
token: "${{ github.token }}"
filters: ".github/file-filters.yml"
yaml-lint:
if: "needs.files-changed.outputs.yaml_lintable == 'true'"
needs: "files-changed"
name: "Lint (yaml)"
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423" # v2.6.0
with:
egress-policy: "audit"
- name: "Git checkout"
uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1
with:
fetch-depth: 2
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
- name: "Lint YAML files"
uses: "ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c" # v3.1.1
with:
config_file: ".yamllint.yaml"
file_or_dir: "."
strict: true
markdown-lint:
if: "needs.files-changed.outputs.markdown_lintable == 'true'"
needs: "files-changed"
name: "Lint (markdown)"
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423" # v2.6.0
with:
egress-policy: "audit"
- name: "Git checkout"
uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1
with:
fetch-depth: 2
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
- uses: "pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598" # v2.4.0
with:
run_install: false
- name: "Use Node.js 20.x"
uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0
with:
node-version: "20.x"
cache: "pnpm"
- name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies"
run: "pnpm dlx audit-ci@^6 --config ./audit-ci.jsonc --report-type=summary"
- name: "Install packages"
run: "pnpm install --frozen-lockfile"
env:
SKIP_CHECK: "true"
- name: "lint"
run: "pnpm run lint:text"
continue-on-error: true
- name: "skipping markdown lint for now"
run: "exit 0"
# This check runs once all dependant jobs have passed
# It symbolizes that all required Frontend checks have succesfully passed (Or skipped)
# This check is the only required Github check
test-required-check:
needs: ["files-changed", "yaml-lint"] # TODO add "markdown-lint"
name: "Check Lint Run"
# This is necessary since a failed/skipped dependent job would cause this job to be skipped
if: "always()"
runs-on: "ubuntu-22.04"
steps:
# If any jobs we depend on fail, we will fail since this is a required check
# NOTE: A timeout is considered a failure
- name: "Harden Runner"
uses: "step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423" # v2.6.0
with:
egress-policy: "audit"
- name: "Check for failures"
if: "contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')"
run: |
echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1