-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
129 lines (116 loc) · 3.53 KB
/
ubuntu-lint.yml
File metadata and controls
129 lines (116 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: ubuntu-lint
on:
pull_request:
push:
branches:
- master
concurrency:
group: ci-${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
python_linters:
name: Python linter ${{ matrix.command }}
runs-on: ubuntu-24.04
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
strategy:
fail-fast: false
matrix:
command:
- codespell
- yamllint
- zizmor
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
with:
python-version: "3.13"
activate-environment: true
- name: Install Dependencies
run: uv pip install -r .github/workflows/lint/pylock.toml
- name: Run codespell
run: codespell
if: matrix.command == 'codespell'
- name: Run YAMLlint
run: yamllint .
if: matrix.command == 'yamllint'
- name: Run zizmor 🌈
run: zizmor --format=sarif . > results.sarif
if: matrix.command == 'zizmor'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
if: matrix.command == 'zizmor'
with:
sarif_file: results.sarif
category: zizmor
ruby_linters:
name: Ruby linters
runs-on: ubuntu-24.04
strategy:
fail-fast: false
env:
RUBYOPT: -Ilib
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Setup ruby
uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0
with:
ruby-version: ruby
bundler: none
- name: Install Dependencies
run: bin/rake setup
- name: Run Ruby Lint
run: bin/rake rubocop
- name: Run Markdown Lint
run: bin/mdl -g . -r MD001,MD025
- name: Generate docs
run: bin/rake docs
check_misc:
name: Check misc on ${{ matrix.ruby.name }}
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
ruby:
- { name: ruby, value: 3.4.5 }
- { name: jruby, value: jruby-10.0.2.0 }
- { name: truffleruby, value: truffleruby-24.2.1 }
env:
RUBYOPT: -Ilib
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Setup ruby
uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0
with:
ruby-version: ${{ matrix.ruby.value }}
bundler: none
- name: Install & Check Dependencies
run: bin/rake dev:frozen_deps
- name: Misc checks
run: bin/rake man:check vendor:check version:check check_rubygems_integration
if: matrix.ruby.name != 'jruby'
timeout-minutes: 15
all-pass:
name: All ubuntu-lint jobs pass
if: always()
needs:
- python_linters
- ruby_linters
- check_misc
runs-on: ubuntu-latest
steps:
- name: check dependent jobs
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}