wstg/.github/workflows/md-lint-check.yml at master · kingthorin/wstg · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Markdown Lint Check

on:
  pull_request:
    branches:
    - master
    paths:
    - '**.md'
    - '!.github/**'

jobs:
  lint:
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
    - name: Checkout PR
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
      with:
        ref: ${{ github.event.pull_request.head.sha }}
        fetch-depth: 0
    - name: Checkout Base
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
      with:
        repository: OWASP/wstg
        ref: master
        path: base
    - name: Save PR Number
      env:
        PR_NUMBER: ${{ github.event.number }}
      run: echo $PR_NUMBER > pr_number
    - name: Setup Node
      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
      with:
        node-version: 24
    - name: Cache npm Global
      uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
      with:
        path: ~/.npm
        key: ${{ runner.os }}-npm-global-markdownlint-cli2
    - name: Install Dependencies
      run: npm install -g markdownlint-cli2
    - name: Get Changed Files
      # Use base/head SHAs from the PR event for fork-safe, PR-accurate changed-file detection.
      # github.base_ref resolves differently for forks, while base.sha/head.sha are always correct.
      id: files
      uses: ./.github/actions/get-changed-files
      with:
        base_sha: ${{ github.event.pull_request.base.sha }}
        head_sha: ${{ github.event.pull_request.head.sha }}
        base_repo: ${{ github.event.pull_request.base.repo.full_name }}
        repo_path: .
    - name: Run Linter
      env:
        FILES: '${{ steps.files.outputs.files_updated }}'
      shell: bash
      run: |
        set -euo pipefail

        # Initialize lint file (will remain empty if there are no issues)
        : > lint.txt

        readarray -t files_arr <<< "$FILES"
        for FILE in "${files_arr[@]}"; do
          [ -z "$FILE" ] && continue
          if [ -f "$FILE" ]; then
            OUTPUT="$(markdownlint-cli2 "$FILE" --config base/.github/configs/.markdownlint.json 2>&1)" || STATUS=$?
            if [ "${STATUS:-0}" -eq 0 ]; then
              # File passed linting, continue to next file
              continue
            elif [ "${STATUS:-0}" -eq 1 ]; then
              printf '%s\n' "$OUTPUT" | tee -a lint.txt
            else
              printf 'markdownlint failed for "%s" with exit code %s\n%s\n' "$FILE" "${STATUS:-0}" "$OUTPUT" >&2
              exit "${STATUS:-0}"
            fi
          fi
        done
        if [ -s lint.txt ]; then
          exit 1
        fi
    - name: Show Linting Issues
      if: failure()
      run: |
        cat lint.txt
        sed -i 's/```/triple-backtick/g' lint.txt
    - name: Create Artifact for Comment
      if: failure()
      run: |
        # Parse and format the lint output for better readability
        python3 base/.github/workflows/scripts/format_lint_output.py > artifact.txt
    - name: Upload List of Issues
      if: failure()
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: artifact
        path: |
          artifact.txt
          pr_number
    - name: Upload PR Number on Success
      if: success()
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: artifact
        path: pr_number