setup(ci): setup file paths validation #13
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "New changes validation" | |
| on: | |
| pull_request: # yamllint disable-line rule:empty-values | |
| permissions: | |
| contents: "read" | |
| packages: "read" | |
| env: | |
| REGISTRY: "ghcr.io" | |
| IMAGE_NAME: "articola-tools/markdown-linter" | |
| jobs: | |
| find-changed-files: | |
| runs-on: "ubuntu-latest" | |
| outputs: | |
| is_yaml_changed: "${{ steps.filter.outputs.yaml }}" | |
| is_dockerfile_changed: "${{ steps.filter.outputs.dockerfile }}" | |
| is_markdown_linter_image_changed: "${{ steps.filter.outputs.markdown-linter-image }}" | |
| is_markdown_changed: "${{ steps.filter.outputs.markdown }}" | |
| changed_or_added_files: "${{ steps.filter.outputs.changed-or-added-files }}" | |
| changed_or_added_files_list: "${{ steps.filter.outputs.changed-or-added-files_files }}" | |
| permissions: | |
| pull-requests: "read" | |
| steps: | |
| - name: "Checkout ${{ github.event.repository.name }}" | |
| uses: "actions/checkout@v4" | |
| with: | |
| fetch-depth: 1 | |
| - name: "Find changed files" | |
| uses: "dorny/paths-filter@v3" | |
| id: "filter" | |
| with: | |
| list-files: "shell" | |
| filters: | | |
| yaml: | |
| - "**/*.yaml" | |
| - "**/*.yml" | |
| dockerfile: | |
| - "**/Dockerfile" | |
| markdown-linter-image: | |
| - "**/Dockerfile" | |
| - "**/.dockerignore" | |
| - "**/.mdl_style.rb" | |
| - "**/.mdlrc" | |
| markdown: | |
| - "**/*.md" | |
| changed-or-added-files: | |
| - added|modified: '**' | |
| validate-markdown-linter-image: | |
| runs-on: "ubuntu-latest" | |
| needs: "find-changed-files" | |
| if: "${{ needs.find-changed-files.outputs.is_markdown_linter_image_changed == 'true' }}" | |
| # NOTE: building and running Docker image of Markdown linter take around 1 minute. | |
| # If this job takes more than 5 minutes, it means that something is wrong. | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Checkout ${{ github.event.repository.name }}" | |
| uses: "actions/checkout@v4" | |
| - name: "Set up Docker Buildx" | |
| uses: "docker/setup-buildx-action@v3" | |
| - name: "Login to Docker registry" | |
| uses: "docker/login-action@v3" | |
| with: | |
| registry: "${{ env.REGISTRY }}" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: "Build Markdown linter Docker image" | |
| uses: "docker/build-push-action@v6" | |
| with: | |
| # NOTE: setup of `context` is needed to force builder to use the `.dockerignore` file. | |
| context: "." | |
| push: false | |
| load: true | |
| # NOTE: using another name to don't allow docker to download image from the internet in the next step. | |
| tags: "local/markdown-linter-pr:latest" | |
| cache-from: "type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" | |
| cache-to: "type=inline" | |
| - name: "Test correctly formatted Markdown" | |
| run: "docker run --rm -v ${{ github.workspace }}/tests/correct_markdown:/linter_workdir/repo | |
| local/markdown-linter-pr:latest" | |
| - name: "Test incorrectly formatted Markdown" | |
| run: "docker run --rm -v ${{ github.workspace }}/tests/incorrect_markdown:/linter_workdir/repo | |
| local/markdown-linter-pr:latest && { echo 'Incorrectly formatted Markdown test must fail!' >&2; exit 1; } | |
| || exit 0" | |
| # HACK: remove `tests` directory before linting repo directory because there is no way to easily ignore folder | |
| # from mdl CLI. | |
| - name: "Remove `tests` directory" | |
| run: "rm -rf ${{ github.workspace }}/tests" | |
| - name: "Lint repo directory" | |
| run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo local/markdown-linter-pr:latest" | |
| - name: "Run Dockerfile security scanner" | |
| run: "docker run --rm --group-add $(getent group docker | cut -d: -f3) | |
| -v /var/run/docker.sock:/var/run/docker.sock | |
| ghcr.io/articola-tools/dockerfile-security-scanner local/markdown-linter-pr:latest" | |
| validate-dockerfile-changes: | |
| runs-on: "ubuntu-latest" | |
| needs: "find-changed-files" | |
| if: "${{ needs.find-changed-files.outputs.is_dockerfile_changed == 'true' }}" | |
| # NOTE: validating Dockerfile changes takes around 1 minute. | |
| # If this job takes more than 5 minutes, it means that something is wrong. | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Checkout ${{ github.event.repository.name }}" | |
| uses: "actions/checkout@v4" | |
| - name: "Login to Docker registry" | |
| uses: "docker/login-action@v3" | |
| with: | |
| registry: "${{ env.REGISTRY }}" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: "Run Dockerfile linter" | |
| run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo | |
| ${{ env.REGISTRY }}/articola-tools/dockerfile-linter:latest" | |
| validate-yaml-changes: | |
| runs-on: "ubuntu-latest" | |
| needs: "find-changed-files" | |
| if: "${{ needs.find-changed-files.outputs.is_yaml_changed == 'true' }}" | |
| # NOTE: validating YAML changes takes around 1 minute. | |
| # If this job takes more than 5 minutes, it means that something is wrong. | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Checkout ${{ github.event.repository.name }}" | |
| uses: "actions/checkout@v4" | |
| - name: "Login to Docker registry" | |
| uses: "docker/login-action@v3" | |
| with: | |
| registry: "${{ env.REGISTRY }}" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: "Run YAML linter" | |
| run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo | |
| ${{ env.REGISTRY }}/articola-tools/yaml-linter:latest" | |
| validate-markdown-changes: | |
| runs-on: "ubuntu-latest" | |
| needs: "find-changed-files" | |
| # NOTE: do not run this job when `is_markdown_linter_image_changed` is true, because this job validates Markdown | |
| # changes with the latest released markdown-linter image, and new changes in markdown-linter image can introduce | |
| # false positives for this job (since changes in markdown-linter can change Markdown rules). | |
| if: "${{ needs.find-changed-files.outputs.is_markdown_changed == 'true' | |
| && needs.find-changed-files.outputs.is_markdown_linter_image_changed == 'false' }}" | |
| # NOTE: validating Markdown changes takes around 1 minute. | |
| # If this job takes more than 5 minutes, it means that something is wrong. | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Checkout ${{ github.event.repository.name }}" | |
| uses: "actions/checkout@v4" | |
| - name: "Login to Docker registry" | |
| uses: "docker/login-action@v3" | |
| with: | |
| registry: "${{ env.REGISTRY }}" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| # HACK: remove `tests` directory before linting repo directory because there is no way to easily ignore folder | |
| # from mdl CLI. | |
| - name: "Remove `tests` directory" | |
| run: "rm -rf ${{ github.workspace }}/tests" | |
| - name: "Run Markdown linter" | |
| run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" | |
| validate-file-paths: | |
| runs-on: "ubuntu-latest" | |
| needs: "find-changed-files" | |
| if: "${{ needs.find-changed-files.outputs.changed_or_added_files == 'true' }}" | |
| # NOTE: validating file paths takes around 1 minute. | |
| # If this job takes more than 5 minutes, it means that something is wrong. | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Validate file paths" | |
| run: | | |
| for path in ${{ needs.find-changed-files.outputs.changed_or_added_files_list }}; do | |
| # NOTE: ignore `.idea` folder because it's generated. Ignore files with special names. | |
| if [[ "$path" != .idea* && "$path" != *Dockerfile && "$path" != *README.md && "$path" != *LICENSE ]]; then | |
| docker run --rm ${{ env.REGISTRY }}/articola-tools/file-path-validator \ | |
| --naming-convention snake_case --path-to-validate "$path"; | |
| fi | |
| done |