mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
8eb738e66a
To avoid burning Azure credits, we move the runners back down to the free tier. Now that caching is properly set up, this should incur only a minor increase in CI time.
101 lines
3.5 KiB
YAML
101 lines
3.5 KiB
YAML
name: Static Analysis
|
|
on:
|
|
workflow_call:
|
|
pull_request:
|
|
types: [edited]
|
|
|
|
jobs:
|
|
pr-lint:
|
|
if: github.event_name == 'pull_request'
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
permissions:
|
|
pull-requests: read
|
|
steps:
|
|
- name: Enforce PR title length <= 64
|
|
# Don't run for Dependabot PRs
|
|
if: ${{ !contains(github.event.pull_request.head.label, 'dependabot') }}
|
|
env:
|
|
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
|
|
REPOSITORY_NAME: ${{ github.repository }}
|
|
run: |
|
|
PR_TITLE=$(gh pr view "$PULL_REQUEST_NUMBER" --repo "$REPOSITORY_NAME" --json title -q '.title')
|
|
|
|
pr_title_length=${#PR_TITLE}
|
|
|
|
# 64 instead of 72 because GitHub adds the PR number to the title
|
|
if [ "$pr_title_length" -gt 64 ]; then
|
|
echo "PR title too long. Please keep it under 64 characters."
|
|
exit 1
|
|
fi
|
|
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 #v5.5.3
|
|
|
|
version-check:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Check version is up to date
|
|
run: |
|
|
./scripts/bump-versions.sh
|
|
if [ -z "$(git status --porcelain)" ]; then
|
|
# Working directory clean
|
|
echo "Version manifests up to date"
|
|
else
|
|
# Uncommitted changes
|
|
echo "'scripts/bump-versions.sh' found outdated files! Showing diff"
|
|
git diff
|
|
exit 1
|
|
fi
|
|
|
|
link-check:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1
|
|
with:
|
|
fail: true
|
|
args: --offline --verbose --no-progress **/*.md
|
|
|
|
actionlint:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: raven-actions/actionlint@3a24062651993d40fed1019b58ac6fbdfbf276cc # v2.0.1
|
|
|
|
global-linter:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
|
with:
|
|
python-version: "3.11"
|
|
- uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
|
|
name: Restore Python Cache
|
|
id: cache
|
|
with:
|
|
path: ~/.cache/pip
|
|
key: ubuntu-22.04-${{ runner.arch }}-pip-${{ hashFiles('.github/requirements.txt') }}
|
|
- name: Install Python Dependencies
|
|
run: |
|
|
pip install -r .github/requirements.txt
|
|
- uses: ./.github/actions/setup-node
|
|
with:
|
|
npmjs-token: ${{ secrets.NPMJS_TOKEN }}
|
|
lockfile-dir: ./.github
|
|
- name: Install dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y shfmt
|
|
pnpm i --frozen-lockfile --dir ./.github
|
|
- name: Run pre-commit
|
|
run: |
|
|
pre-commit install --config .github/pre-commit-config.yaml
|
|
SKIP=no-commit-to-branch pre-commit run --all-files --config .github/pre-commit-config.yaml
|
|
- uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
|
|
if: ${{ steps.cache.outputs.cache-hit != 'true'}}
|
|
name: Save Python Cache
|
|
with:
|
|
path: ~/.cache/pip
|
|
key: ${{ steps.cache.outputs.cache-primary-key }}
|