Skip to content

Merge pull request #1547 from spidernet-io/fix-trivy #1620

Merge pull request #1547 from spidernet-io/fix-trivy

Merge pull request #1547 from spidernet-io/fix-trivy #1620

Workflow file for this run

name: Auto Yaml Lint
on:
push:
branches:
- main
paths:
- '**.yml'
- '**.yaml'
pull_request:
branches:
- main
paths:
- '**.yml'
- '**.yaml'
# checkout all markdown
workflow_dispatch:
inputs:
ref:
description: 'check all yaml for branch, sha, tag'
required: true
default: main
jobs:
linkyaml:
runs-on: ubuntu-latest
name: Yaml Lint
steps:
- name: Checkout
if: ${{ github.event_name == 'workflow_dispatch' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.tag }}
- name: Checkout
if: ${{ github.event_name != 'workflow_dispatch' }}
uses: actions/checkout@v4
- name: github yaml format yq
env:
GITHUB_TOKEN: ${{ secrets.WELAN_PAT }}
JSON_DOC: ${{ toJSON(github) }}
run: |
set -x
echo "=================== install yq"
wget https://github.com/mikefarah/yq/releases/download/v4.30.7/yq_linux_amd64
chmod +x yq_linux_amd64
echo "=================== get pr number"
PR_NUMBER=""
if ${{ github.event_name == 'pull_request' }}; then
echo "trigger by pull_request"
PR_NUMBER=${{ github.event.number }}
[ -n "${PR_NUMBER}" ] || { echo "no PR number, ignore" ; exit 0 ; }
elif ${{ github.event_name == 'push' }}; then
echo "trigger by push"
echo "${JSON_DOC}"
PR_NUMBER=` grep -Eio "Merge pull request #[0-9]+ " <<< "${JSON_DOC}" | grep -Eo "[0-9]+" | uniq ` || true
[ -n "${PR_NUMBER}" ] || { echo "no PR number, ignore" ; exit 0 ; }
else
exit 1
fi
echo "============= get changed chart========"
URL="https://api.github.com/repos/${{ github.repository }}/pulls/${PR_NUMBER}/files"
files_changed_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$URL")
echo "files_changed_data: $files_changed_data"
files_changed="$(echo $files_changed_data | jq -r '.[] | .filename')"
echo "files_changed: $files_changed"
echo "============= checking yaml file========"
for FILEPATH in $files_changed ; do
if grep -E "\.github/.*\.yaml" <<< "$FILEPATH" &>/dev/null || grep -E "\.github/.*\.yaml" <<< "$FILEPATH" &>/dev/null ; then
echo "------------ checking ${FILEPATH} "
if ! ./yq_linux_amd64 ${FILEPATH} &>/dev/null ; then
./yq_linux_amd64 ${FILEPATH} || true
echo "!!! error, $FILEPATH is not yaml format"
exit 1
fi
fi
done
echo "--- all done"
- name: yaml-lint
id: yaml-lint
continue-on-error: true
uses: ibiqlik/action-yamllint@v3
with:
file_or_dir: '.'
config_file: '.github/yamllint-conf.yml'
- name: Upload artifact digests
if: ${{ steps.yaml-lint.outcome == 'failure' }}
uses: actions/upload-artifact@v4.4.0
with:
name: log
path: ${{ steps.yaml-lint.outputs.logfile }}
retention-days: 1
- name: Result
if: ${{ steps.yaml-lint.outcome == 'failure' }}
run: |
exit 1