feat: example for ffufai #30
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Contributions | |
| on: | |
| pull_request: | |
| paths: | |
| - '**.yml' | |
| - '!.github/**' | |
| branches: | |
| - main | |
| jobs: | |
| validate: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 | |
| with: | |
| fetch-depth: 0 # Fetch all history | |
| ref: ${{ github.head_ref }} # Checkout the PR branch | |
| - name: Set up Docker | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # 3.7.1 | |
| - name: Validate Contribution Files | |
| id: robopages-validation | |
| continue-on-error: true | |
| run: | | |
| validate_file() { | |
| local file="$1" | |
| if [[ ! "$file" =~ ^([a-zA-Z0-9_\-]+/)*[a-zA-Z0-9_\-]+\.yml$ ]]; then | |
| echo "Invalid file path characters: $file" | |
| return 1 | |
| fi | |
| if [[ "$file" == *"../"* ]]; then | |
| echo "Directory traversal attempt detected: $file" | |
| return 1 | |
| fi | |
| docker pull dreadnode/robopages:latest | |
| # Run validation with Docker socket mounted | |
| docker run --rm \ | |
| -v $(pwd):/workspace \ | |
| -v /var/run/docker.sock:/var/run/docker.sock \ | |
| -w /workspace \ | |
| --privileged \ | |
| dreadnode/robopages:latest validate --path "$(printf '%q' "$file")" --skip-docker | |
| } | |
| # Get changed files using GitHub's provided variables | |
| changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | \ | |
| grep '\.yml$' | grep -v '^.github/' || true) | |
| # Validate each changed file | |
| for file in $changed_files; do | |
| echo "Validating $file..." | |
| validate_file "$file" || exit 1 | |
| done | |
| - name: Post validation status | |
| if: always() | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #7.0.1 | |
| with: | |
| script: | | |
| const validation_status = '${{ steps.robopages-validation.outcome }}' === 'success' ? '✅ Validation successful' : '❌ Validation failed'; | |
| const runUrl = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`; | |
| const timestamp = new Date().toISOString(); | |
| const body = [ | |
| `## Validation Results (${timestamp})`, | |
| '', | |
| validation_status, | |
| '', | |
| 'Please ensure your contribution follows the required format.', | |
| '', | |
| `🔍 [View Full Validation Details](${runUrl})`, | |
| '', | |
| '---', | |
| `Run ID: \`${process.env.GITHUB_RUN_ID}\``, | |
| `Workflow: ${process.env.GITHUB_WORKFLOW}` | |
| ].join('\n'); | |
| github.rest.pulls.createReview({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: context.issue.number, | |
| body: body, | |
| event: 'COMMENT' | |
| }); |