-
Notifications
You must be signed in to change notification settings - Fork 3
81 lines (68 loc) · 2.6 KB
/
validate_robopages.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
name: Validate Contributions
on:
pull_request:
paths:
- '**.yml'
- '!.github/**'
branches:
- main
jobs:
validate:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
with:
fetch-depth: 0 # Fetch all history
ref: ${{ github.head_ref }} # Checkout the PR branch
- name: Set up Docker
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # 3.7.1
- name: Validate Contribution Files
id: robopages-validation
continue-on-error: true
run: |
validate_file() {
local file="$1"
if [[ ! "$file" =~ ^([a-zA-Z0-9_\-]+/)*[a-zA-Z0-9_\-]+\.yml$ ]]; then
echo "Invalid file path characters: $file"
return 1
fi
if [[ "$file" == *"../"* ]]; then
echo "Directory traversal attempt detected: $file"
return 1
fi
docker pull dreadnode/robopages:latest
# Run validation with Docker socket mounted
docker run --rm \
-v $(pwd):/workspace \
-v /var/run/docker.sock:/var/run/docker.sock \
-w /workspace \
--privileged \
dreadnode/robopages:latest validate --path "$(printf '%q' "$file")" --skip-docker
}
# Get changed files using GitHub's provided variables
changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | \
grep '\.yml$' | grep -v '^.github/' || true)
# Validate each changed file
for file in $changed_files; do
echo "Validating $file..."
validate_file "$file" || exit 1
done
- name: Post validation status
if: always()
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #7.0.1
with:
script: |
const validation_status = '${{ steps.robopages-validation.outcome }}' === 'success'
? '✅ Validation successful'
: '❌ Validation failed';
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
body: `## Validation Results\n${validation_status}\n\nPlease ensure your contribution follows the required format.`,
event: 'COMMENT'
});