Skip to content

chore(mise.toml): ignore check-extra-masked-returns of shellcheck in … #2287

chore(mise.toml): ignore check-extra-masked-returns of shellcheck in …

chore(mise.toml): ignore check-extra-masked-returns of shellcheck in … #2287

Workflow file for this run

name: Lint
on:
# do not use paths filter because it does not work well with required status checks
# ref: https://github.com/orgs/community/discussions/13690
push:
branches: main
pull_request:
workflow_dispatch:
schedule:
- cron: "0 0 * * SUN"
permissions: {}
defaults:
run:
shell: bash
jobs:
list-tasks:
# define unique id to add to status checks
name: lint-list-tasks
runs-on: ubuntu-24.04
timeout-minutes: 10
permissions:
contents: read # for checkout
outputs:
tasks: ${{ steps.list.outputs.tasks }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install mise
uses: jdx/mise-action@53d027c2e96fed8f955f5d95bff910a3e031cc58 # v2.1.6
with:
version: 2024.11.4
# backends are required to run mise list
# cspell:ignore binstall
install_args: bun node cargo-binstall
- name: Install package.json dependencies
run: mise run buni:root
- name: List mise tasks
id: list
run: |
tasks=$(bun run .github/workflows/scripts/list-mise-tasks.ts)
echo "tasks=${tasks}" >> "${GITHUB_OUTPUT}"
lint:
needs: list-tasks
runs-on: ubuntu-24.04
timeout-minutes: 10
permissions:
contents: read # for checkout
name: ${{ matrix.name }}
strategy:
fail-fast: false
matrix:
# use include not to be treated as multi-dimensional matrix
# ref: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations
include: ${{ fromJson(needs.list-tasks.outputs.tasks) }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install mise
uses: jdx/mise-action@53d027c2e96fed8f955f5d95bff910a3e031cc58 # v2.1.6
with:
version: 2024.11.4
install_args: ${{ matrix.tools }}
- name: Run ${{ matrix.name }}
run: mise run ${{ matrix.task }}
commitlint:
runs-on: ubuntu-24.04
timeout-minutes: 10
permissions:
contents: read # for checkout
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # fetch all history for commitlint
- name: Install mise
uses: jdx/mise-action@53d027c2e96fed8f955f5d95bff910a3e031cc58 # v2.1.6
with:
version: 2024.11.4
install_args: bun node
- name: Install package.json dependencies
run: mise run buni:root
- name: "commitlint (push: initial commit)"
id: commitlint-push-initial
# commit hash will be 000... if it doesn't exist
if: github.event_name == 'push' && github.event.before == '0000000000000000000000000000000000000000'
run: bun run commitlint --verbose --to ${{ github.event.after }}
- name: commitlint (push)
id: commitlint-push
if: github.event_name == 'push' && steps.commitlint-push-initial.outcome == 'skipped'
run: bun run commitlint --verbose --from ${{ github.event.before }} --to ${{ github.event.after }}
- name: commitlint (pull_request)
id: commitlint-pr
if: github.event_name == 'pull_request'
run: |
bun run commitlint --verbose --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }}
- name: commitlint (pull request title)
# continue even if the previous step fails
# do not use continue-on-error because it will result in a successful job
if: ${{ !cancelled() && (steps.commitlint-pr.outcome == 'success' || steps.commitlint-pr.outcome == 'failure') }}
# use intermediate environment variable to avoid injection attacks
# ref: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: echo "${PR_TITLE}" | bun run commitlint --verbose
- name: commitlint (last commit)
if: steps.commitlint-push-initial.outcome == 'skipped' && steps.commitlint-push.outcome == 'skipped' && steps.commitlint-pr.outcome == 'skipped'
run: bun run commitlint --verbose --from ${{ github.sha }}~1 --to ${{ github.sha }}
lint-status:
needs:
- lint
- commitlint
# only required for branch protection rules
if: ${{ !cancelled() && github.event_name == 'pull_request' }}
runs-on: ubuntu-24.04
timeout-minutes: 5
steps:
- name: Check the status of the jobs
run: |
if echo '${{ toJson(needs.*.result) }}' | jq --exit-status 'all(. == "success")' >/dev/null; then
echo 'All jobs are successful.'
exit 0
else
echo 'Some jobs are failed, cancelled, or skipped.'
exit 1
fi
actions-timeline:
needs:
- lint-status
if: ${{ !cancelled() }}
runs-on: ubuntu-24.04
timeout-minutes: 5
permissions:
actions: read
steps:
- name: actions-timeline
# cspell:ignore kesin
uses: Kesin11/actions-timeline@3046833d9aacfd7745c5264b7f3af851c3e2a619 # v2.2.1