Skip to content

Commit 959ace6

Browse files
rimi-itkrimi-itk
committed
Added actionlint
1 parent 115c1b4 commit 959ace6

File tree

4 files changed

+45
-19
lines changed

4 files changed

+45
-19
lines changed

.github/workflows/actions.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
name: Actions
2+
3+
on:
4+
pull_request:
5+
push:
6+
branches:
7+
- main
8+
- develop
9+
10+
jobs:
11+
# https://github.com/rhysd/actionlint/blob/v1.7.10/docs/usage.md#use-actionlint-on-github-actions
12+
actionlint:
13+
runs-on: ubuntu-latest
14+
steps:
15+
- uses: actions/checkout@v5
16+
- name: Check workflow files
17+
uses: docker://rhysd/actionlint:latest
18+
with:
19+
args: -color

.github/workflows/pr.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,13 +22,13 @@ jobs:
2222
- name: Validate local docker compose files
2323
run: |
2424
DC=$(COMPOSE_DOMAIN=test.itkdev.dk docker compose --file templates/${{ matrix.version }}/docker-compose.yml config --quiet 2>&1)
25-
[ -z "$DC" ] || { echo $DC; exit 1; }
25+
[ -z "$DC" ] || { echo "$DC"; exit 1; }
2626
2727
- name: Validate server docker compose files
2828
run: |
2929
DC=$(COMPOSE_SERVER_DOMAIN=test.itkdev.dk docker compose --file templates/${{ matrix.version }}/docker-compose.server.yml config --quiet 2>&1)
30-
[ -z "$DC" ] || { echo $DC; exit 1; }
30+
[ -z "$DC" ] || { echo "$DC"; exit 1; }
3131
DC=$(COMPOSE_SERVER_DOMAIN=test.itkdev.dk docker compose --file templates/${{ matrix.version }}/docker-compose.server.yml --file templates/${{ matrix.version }}/docker-compose.dev.yml config --quiet 2>&1)
32-
[ -z "$DC" ] || { echo $DC; exit 1; }
32+
[ -z "$DC" ] || { echo "$DC"; exit 1; }
3333
DC=$(COMPOSE_SERVER_DOMAIN=test.itkdev.dk docker compose --file templates/${{ matrix.version }}/docker-compose.server.yml --file templates/${{ matrix.version }}/docker-compose.redirect.yml config --quiet 2>&1)
34-
[ -z "$DC" ] || { echo $DC; exit 1; }
34+
[ -z "$DC" ] || { echo "$DC"; exit 1; }

.github/workflows/workflow-template.yaml

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,16 +3,18 @@ on: pull_request
33
name: Workflow templates
44

55
jobs:
6-
check-yaml:
6+
# https://github.com/rhysd/actionlint/blob/v1.7.10/docs/usage.md#use-actionlint-on-github-actions
7+
actionlint:
78
runs-on: ubuntu-latest
89
steps:
910
- uses: actions/checkout@v5
10-
11-
- run: |
12-
docker pull mikefarah/yq
13-
for f in $(find github/workflows/ -name '*.yaml'); do
14-
docker run --rm --volume "$PWD":/workdir mikefarah/yq "$f" > /dev/null
15-
done
11+
- name: Check workflow files
12+
# uses: docker://rhysd/actionlint:latest
13+
# with:
14+
# args: -color github/workflows/*.yaml github/workflows/*/*.yaml
15+
# @todo Can we make globbing work in `with.args`?
16+
run: |
17+
docker run --rm --volume "$PWD":/repo --workdir /repo rhysd/actionlint:latest -color github/workflows/*.yaml github/workflows/*/*.yaml
1618
1719
shellcheck:
1820
runs-on: ubuntu-latest

github/workflows/drupal/site.yaml

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -48,20 +48,23 @@ jobs:
4848
docker compose exec phpfpm composer install --no-interaction
4949
5050
- name: Install site
51+
# https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks
52+
env:
53+
HASH_SALT: ${{ github.head_ref }}
5154
run: |
5255
# Add some local settings.
53-
cat > web/sites/default/settings.local.php <<'EOF'
56+
cat > web/sites/default/settings.local.php <<EOF
5457
<?php
5558
56-
$settings['hash_salt'] = '${{ github.head_ref }}';
59+
\$settings['hash_salt'] = '$HASH_SALT';
5760
EOF
5861
5962
# Install the site from config
6063
docker compose exec phpfpm vendor/bin/drush site:install --existing-config --yes
6164
6265
- name: Show site URL
6366
run: |
64-
echo $(docker compose exec phpfpm vendor/bin/drush --uri=http://$(docker compose port nginx 8080) user:login)
67+
docker compose exec phpfpm vendor/bin/drush --uri="http://$(docker compose port nginx 8080)" user:login
6568
6669
update-site:
6770
# Check updating site only on pull request.
@@ -109,24 +112,26 @@ jobs:
109112
docker compose exec phpfpm composer install --no-interaction
110113
111114
- name: Install site
115+
env:
116+
HASH_SALT: ${{ github.head_ref }}
112117
run: |
113118
# Add some local settings.
114-
cat > web/sites/default/settings.local.php <<'EOF'
119+
cat > web/sites/default/settings.local.php <<EOF
115120
<?php
116121
117-
$settings['hash_salt'] = '${{ github.head_ref }}';
122+
\$settings['hash_salt'] = '$HASH_SALT';
118123
EOF
119124
120125
# Install the site from config
121126
docker compose exec phpfpm vendor/bin/drush site:install --existing-config --yes
122127
123128
- name: Show site URL
124129
run: |
125-
echo $(docker compose exec phpfpm vendor/bin/drush --uri=http://$(docker compose port nginx 8080) user:login)
130+
docker compose exec phpfpm vendor/bin/drush --uri="http://$(docker compose port nginx 8080)" user:login
126131
127132
- name: Clean up root stuff
128133
run: |
129-
sudo chown -Rv $USER:$USER vendor/ web/ private-files/ || true
134+
sudo chown -Rv "$USER:$USER" vendor/ web/ private-files/ || true
130135
sudo chmod -Rv a+w web/sites/default || true
131136
132137
# Update site using our updated code.
@@ -150,4 +155,4 @@ jobs:
150155
151156
- name: Show site URL
152157
run: |
153-
echo $(docker compose exec phpfpm vendor/bin/drush --uri=http://$(docker compose port nginx 8080) user:login)
158+
docker compose exec phpfpm vendor/bin/drush --uri="http://$(docker compose port nginx 8080)" user:login

0 commit comments

Comments
 (0)