Merge pull request #1547 from spidernet-io/fix-trivy #1620
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Auto Yaml Lint | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- '**.yml' | |
- '**.yaml' | |
pull_request: | |
branches: | |
- main | |
paths: | |
- '**.yml' | |
- '**.yaml' | |
# checkout all markdown | |
workflow_dispatch: | |
inputs: | |
ref: | |
description: 'check all yaml for branch, sha, tag' | |
required: true | |
default: main | |
jobs: | |
linkyaml: | |
runs-on: ubuntu-latest | |
name: Yaml Lint | |
steps: | |
- name: Checkout | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.inputs.tag }} | |
- name: Checkout | |
if: ${{ github.event_name != 'workflow_dispatch' }} | |
uses: actions/checkout@v4 | |
- name: github yaml format yq | |
env: | |
GITHUB_TOKEN: ${{ secrets.WELAN_PAT }} | |
JSON_DOC: ${{ toJSON(github) }} | |
run: | | |
set -x | |
echo "=================== install yq" | |
wget https://github.com/mikefarah/yq/releases/download/v4.30.7/yq_linux_amd64 | |
chmod +x yq_linux_amd64 | |
echo "=================== get pr number" | |
PR_NUMBER="" | |
if ${{ github.event_name == 'pull_request' }}; then | |
echo "trigger by pull_request" | |
PR_NUMBER=${{ github.event.number }} | |
[ -n "${PR_NUMBER}" ] || { echo "no PR number, ignore" ; exit 0 ; } | |
elif ${{ github.event_name == 'push' }}; then | |
echo "trigger by push" | |
echo "${JSON_DOC}" | |
PR_NUMBER=` grep -Eio "Merge pull request #[0-9]+ " <<< "${JSON_DOC}" | grep -Eo "[0-9]+" | uniq ` || true | |
[ -n "${PR_NUMBER}" ] || { echo "no PR number, ignore" ; exit 0 ; } | |
else | |
exit 1 | |
fi | |
echo "============= get changed chart========" | |
URL="https://api.github.com/repos/${{ github.repository }}/pulls/${PR_NUMBER}/files" | |
files_changed_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$URL") | |
echo "files_changed_data: $files_changed_data" | |
files_changed="$(echo $files_changed_data | jq -r '.[] | .filename')" | |
echo "files_changed: $files_changed" | |
echo "============= checking yaml file========" | |
for FILEPATH in $files_changed ; do | |
if grep -E "\.github/.*\.yaml" <<< "$FILEPATH" &>/dev/null || grep -E "\.github/.*\.yaml" <<< "$FILEPATH" &>/dev/null ; then | |
echo "------------ checking ${FILEPATH} " | |
if ! ./yq_linux_amd64 ${FILEPATH} &>/dev/null ; then | |
./yq_linux_amd64 ${FILEPATH} || true | |
echo "!!! error, $FILEPATH is not yaml format" | |
exit 1 | |
fi | |
fi | |
done | |
echo "--- all done" | |
- name: yaml-lint | |
id: yaml-lint | |
continue-on-error: true | |
uses: ibiqlik/action-yamllint@v3 | |
with: | |
file_or_dir: '.' | |
config_file: '.github/yamllint-conf.yml' | |
- name: Upload artifact digests | |
if: ${{ steps.yaml-lint.outcome == 'failure' }} | |
uses: actions/upload-artifact@v4.4.0 | |
with: | |
name: log | |
path: ${{ steps.yaml-lint.outputs.logfile }} | |
retention-days: 1 | |
- name: Result | |
if: ${{ steps.yaml-lint.outcome == 'failure' }} | |
run: | | |
exit 1 |