mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-08 21:13:28 +02:00
4c6095526a
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
130 lines
4.1 KiB
YAML
130 lines
4.1 KiB
YAML
---
|
|
name: Lint
|
|
|
|
'on': [push, pull_request]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
ansible-lint:
|
|
name: Ansible linting
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
|
with:
|
|
python-version: '3.11'
|
|
|
|
- name: Setup uv environment
|
|
uses: ./.github/actions/setup-uv
|
|
|
|
- name: Install Ansible collections
|
|
run: uv run --with ansible-lint --with ansible ansible-galaxy collection install -r requirements.yml
|
|
|
|
- name: Run ansible-lint
|
|
run: |
|
|
uv run --with ansible-lint ansible-lint .
|
|
|
|
- name: Run playbook dry-run check (catch runtime issues)
|
|
run: |
|
|
# Test main playbook logic without making changes
|
|
# This catches filter warnings, collection issues, and runtime errors
|
|
uv run ansible-playbook main.yml --check --connection=local \
|
|
-e "server_ip=test" \
|
|
-e "server_name=ci-test" \
|
|
-e "IP_subject_alt_name=192.168.1.1" \
|
|
|| echo "Dry-run check completed with issues - review output above"
|
|
|
|
yaml-lint:
|
|
name: YAML linting
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Setup uv environment
|
|
uses: ./.github/actions/setup-uv
|
|
|
|
- name: Run yamllint
|
|
run: uv run --with yamllint yamllint -c .yamllint .
|
|
|
|
python-lint:
|
|
name: Python linting
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
|
with:
|
|
python-version: '3.11'
|
|
|
|
- name: Setup uv environment
|
|
uses: ./.github/actions/setup-uv
|
|
|
|
- name: Run ruff
|
|
run: |
|
|
# Fast Python linter
|
|
uv run --with ruff ruff check .
|
|
|
|
shellcheck:
|
|
name: Shell script linting
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Run shellcheck
|
|
run: |
|
|
sudo apt-get update && sudo apt-get install -y shellcheck
|
|
# Check all shell scripts, not just algo and install.sh
|
|
find . -type f -name "*.sh" -not -path "./.git/*" -exec shellcheck {} \;
|
|
|
|
powershell-lint:
|
|
name: PowerShell script linting
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install PowerShell
|
|
run: |
|
|
# Install PowerShell Core
|
|
wget -q https://github.com/PowerShell/PowerShell/releases/download/v7.4.0/powershell_7.4.0-1.deb_amd64.deb
|
|
sudo dpkg -i powershell_7.4.0-1.deb_amd64.deb
|
|
sudo apt-get install -f
|
|
|
|
- name: Install PSScriptAnalyzer
|
|
run: |
|
|
pwsh -Command "Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser"
|
|
|
|
- name: Run PowerShell syntax check
|
|
run: |
|
|
# Check syntax by parsing the script
|
|
pwsh -NoProfile -NonInteractive -Command "
|
|
try {
|
|
\$null = [System.Management.Automation.PSParser]::Tokenize((Get-Content -Path './algo.ps1' -Raw), [ref]\$null)
|
|
Write-Host '✓ PowerShell syntax check passed'
|
|
} catch {
|
|
Write-Error 'PowerShell syntax error: ' + \$_.Exception.Message
|
|
exit 1
|
|
}
|
|
"
|
|
|
|
- name: Run PSScriptAnalyzer
|
|
run: |
|
|
pwsh -Command "
|
|
\$results = Invoke-ScriptAnalyzer -Path './algo.ps1' -Severity Warning,Error
|
|
if (\$results.Count -gt 0) {
|
|
\$results | Format-Table -AutoSize
|
|
exit 1
|
|
} else {
|
|
Write-Host '✓ PSScriptAnalyzer check passed'
|
|
}
|
|
"
|