From 561f9f04b225ac1fd8510a4ed66fd43509605796 Mon Sep 17 00:00:00 2001 From: Ivan Goncharov Date: Sat, 28 May 2022 20:42:51 +0300 Subject: [PATCH] Lint GitHub Actions Right now we pass NPM token in github action and plan to have automatic releases that is why it is critical to lint action files. I didn't find any JS-based solution and the only validator I could find is https://github.com/rhysd/actionlint --- .github/workflows/ci.yml | 5 +++++ .github/workflows/cmd-publish-pr-on-npm.yml | 2 ++ .github/workflows/cmd-run-benchmark.yml | 3 ++- .github/workflows/deploy-artifact-as-branch.yml | 4 ++++ .github/workflows/pull_request.yml | 2 +- 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e637eca2d..db57e628ea 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,6 +31,11 @@ jobs: - name: Spellcheck run: npm run check:spelling + - name: Lint GitHub Actions + uses: docker://rhysd/actionlint:latest + with: + args: -color + checkForCommonlyIgnoredFiles: name: Check for commonly ignored files runs-on: ubuntu-latest diff --git a/.github/workflows/cmd-publish-pr-on-npm.yml b/.github/workflows/cmd-publish-pr-on-npm.yml index 6c8b587436..12a0e513c1 100644 --- a/.github/workflows/cmd-publish-pr-on-npm.yml +++ b/.github/workflows/cmd-publish-pr-on-npm.yml @@ -3,10 +3,12 @@ on: workflow_call: inputs: pullRequestJSON: + description: String that contain JSON payload for `pull_request` event. required: true type: string secrets: NPM_CANARY_PR_PUBLISH_TOKEN: + description: NPM token to publish canary release. required: true jobs: build-npm-dist: diff --git a/.github/workflows/cmd-run-benchmark.yml b/.github/workflows/cmd-run-benchmark.yml index 12909d9351..6e3cc9cb9c 100644 --- a/.github/workflows/cmd-run-benchmark.yml +++ b/.github/workflows/cmd-run-benchmark.yml @@ -3,6 +3,7 @@ on: workflow_call: inputs: pullRequestJSON: + description: String that contain JSON payload for `pull_request` event. required: true type: string jobs: @@ -19,7 +20,7 @@ jobs: - name: Deepen cloned repo env: BASE_SHA: ${{ fromJSON(inputs.pullRequestJSON).base.sha }} - run: 'git fetch --depth=1 origin $BASE_SHA:refs/tags/BASE' + run: 'git fetch --depth=1 origin "$BASE_SHA:refs/tags/BASE"' - name: Setup Node.js uses: actions/setup-node@v2 diff --git a/.github/workflows/deploy-artifact-as-branch.yml b/.github/workflows/deploy-artifact-as-branch.yml index 4d11caa0f5..2dc71e7fcb 100644 --- a/.github/workflows/deploy-artifact-as-branch.yml +++ b/.github/workflows/deploy-artifact-as-branch.yml @@ -3,15 +3,19 @@ on: workflow_call: inputs: environment: + description: Environment to publish under required: true type: string artifact_name: + description: Artifact name required: true type: string target_branch: + description: Target branch required: true type: string commit_message: + description: Commit message required: true type: string jobs: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index d9ea7bb82b..d71e6fb4b9 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -16,7 +16,7 @@ jobs: - name: Deepen cloned repo env: BASE_SHA: ${{ github.event.pull_request.base.sha }} - run: 'git fetch --depth=1 origin $BASE_SHA:refs/tags/BASE' + run: 'git fetch --depth=1 origin "$BASE_SHA:refs/tags/BASE"' - name: Setup Node.js uses: actions/setup-node@v2