Skip to content
Lint Infra

Lint Infra #6

Sign in to view logs

Lint Infra

Lint Infra #6

Workflow file for this run

.github/workflows/lint-infra.yml at f3f48aa
name: Lint Infra
permissions:
contents: read
on:
pull_request:
branches: [main]
paths:
- .github/workflows/**
- .github/actions/**
- .github/scripts/**/*.sh
- scripts/**/*.sh
- "**/Containerfile"
push:
branches: [main]
paths:
- .github/workflows/**
- .github/actions/**
- .github/scripts/**/*.sh
- scripts/**/*.sh
- "**/Containerfile"
merge_group:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
changes:
name: File Detection
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: read
outputs:
workflows: ${{ steps.detect.outputs.workflows_any_changed }}
docker: ${{ steps.detect.outputs.docker_any_changed }}
shell: ${{ steps.detect.outputs.shell_any_changed }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Detect infra-related changes
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47
id: detect
with:
files_yaml: |
workflows:
- .github/workflows/**
- .github/actions/**
docker:
- "**/Containerfile"
shell:
- .github/scripts/**/*.sh
- scripts/**/*.sh
actionlint:
name: Actionlint
runs-on: ubuntu-latest
needs: [changes]
if: needs.changes.outputs.workflows == 'true' || github.event_name == 'merge_group'
timeout-minutes: 5
permissions:
contents: read
steps:
- name: Harden runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Run actionlint
uses: reviewdog/action-actionlint@0d952c597ef8459f634d7145b0b044a9699e5e43 # v1.71.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
fail_level: error
actionlint_flags: -shellcheck=""
hadolint:
name: Hadolint
runs-on: ubuntu-latest
needs: [changes]
if: needs.changes.outputs.docker == 'true' || github.event_name == 'merge_group'
timeout-minutes: 5
permissions:
contents: read
steps:
- name: Harden runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Run hadolint
uses: reviewdog/action-hadolint@921946a7ebaaf08ac72607bad67209f4e52b5407 # v1.50.5
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
fail_level: error
hadolint_ignore: DL3008 DL3009
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
needs: [changes]
if: needs.changes.outputs.shell == 'true' || github.event_name == 'merge_group'
timeout-minutes: 5
permissions:
contents: read
steps:
- name: Harden runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Run shellcheck
uses: reviewdog/action-shellcheck@4c07458293ac342d477251099501a718ae5ef86e # v1.32
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
fail_level: error
path: .
pattern: "*.sh"
- name: Run shfmt
uses: reviewdog/action-shfmt@d8f080930b9be5847b4f97e9f4122b81a82aaeac # v1.0.4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
fail_level: error
shfmt_flags: -ln bash -i 2 -ci -bn -sr -s