Skip to content

initial Apollo yml

initial Apollo yml #35

name: Validate Contributions
on:
pull_request:
paths:
- '**.yml'
- '!.github/**'
branches:
- main
jobs:
validate:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
with:
fetch-depth: 0 # Fetch all history
ref: ${{ github.head_ref }} # Checkout the PR branch
- name: Set up Docker
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # 3.7.1
- name: Validate Contribution Files
id: robopages-validation
continue-on-error: true
run: |
validate_file() {
local file="$1"
local tmp_file="/tmp/$(basename $file)"
if [[ ! "$file" =~ ^([a-zA-Z0-9_\-]+/)*[a-zA-Z0-9_\-]+\.yml$ ]]; then
echo "Invalid file path characters: $file"
return 1
fi
if [[ "$file" == *"../"* ]]; then
echo "Directory traversal attempt detected: $file"
return 1
fi
# Create copy and inject categories if missing
cp "$file" "$tmp_file"
if ! grep -q "categories:" "$tmp_file"; then
# Extract categories from path
categories=$(dirname "$file" | tr '/' '\n' | awk 'NF' | sed 's/^/ - /')
# Inject categories into YAML
echo -e "\ncategories:\n$categories" >> "$tmp_file"
fi
docker pull dreadnode/robopages:latest
# Run validation with Docker socket mounted using temp file
docker run --rm \
-v $(pwd):/workspace \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$tmp_file:/workspace/$(basename $file)" \
-w /workspace \
--privileged \
dreadnode/robopages:latest validate --path "$(basename $file)" --skip-docker
rm "$tmp_file"
}
# Get changed files using GitHub's provided variables
changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | \
grep '\.yml$' | grep -v '^.github/' || true)
# Validate each changed file
for file in $changed_files; do
echo "Validating $file..."
validate_file "$file" || exit 1
done
- name: Post validation status
if: always()
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #7.0.1
with:
script: |
const validation_status = '${{ steps.robopages-validation.outcome }}' === 'success' ? '✅ Validation successful' : '❌ Validation failed';
const runUrl = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`;
const timestamp = new Date().toISOString();
const body = [
`## Validation Results (${timestamp})`,
'',
validation_status,
'',
'Please ensure your contribution follows the required format.',
'',
`🔍 [View Full Validation Details](${runUrl})`,
'',
'---',
`Run ID: \`${process.env.GITHUB_RUN_ID}\``,
`Workflow: ${process.env.GITHUB_WORKFLOW}`
].join('\n');
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
body: body,
event: 'COMMENT'
});