GitHub-Actions/.github/workflows/validateActions.yml at 863677e848a813f41faf0b17d4e45c12a82c272e · Expensify/GitHub-Actions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: Validate Github Actions and Workflows

on:
  pull_request:
    types: [opened, synchronize]
    branches-ignore: [staging, production]
    paths: ['.github/**']

jobs:
  validateSchemas:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repos
        id: repo
        uses: Expensify/GitHub-Actions/checkoutRepoAndGitHubActions@main

      # v4.3.0
      - name: Setup Node
        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e

      # Install node to get the ajv-cli
      - name: Install node modules
        run: npm i -g ajv-cli@5.0.0

      - name: Validate action and workflow schemas
        run: GitHub-Actions/.github/scripts/validateWorkflowSchemas.sh
        env:
          REPO_ROOT: ${{ steps.repo.outputs.NAME }}

  actionlint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repos
        id: repo
        uses: Expensify/GitHub-Actions/checkoutRepoAndGitHubActions@main

      - name: Lint workflows with actionlint
        run: GitHub-Actions/.github/scripts/actionlint.sh
        env:
          REPO_ROOT: ${{ steps.repo.outputs.NAME }}

  validateImmutableActionRefs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repos
        id: repo
        uses: Expensify/GitHub-Actions/checkoutRepoAndGitHubActions@main

      - name: Validate actions refs are immutable
        run: GitHub-Actions/.github/scripts/validateImmutableActionRefs.sh
        env:
          REPO_ROOT: ${{ steps.repo.outputs.NAME }}