-
Notifications
You must be signed in to change notification settings - Fork 0
171 lines (140 loc) · 5.35 KB
/
lint.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
name: Lint
on:
# do not use paths filter because it does not work well with required status checks
# ref: https://github.com/orgs/community/discussions/13690
push:
branches: main
pull_request:
workflow_dispatch:
schedule:
- cron: "0 0 * * SUN"
permissions: {}
defaults:
run:
shell: bash
jobs:
list-tasks:
# define unique id to add to status checks
name: lint-list-tasks
runs-on: ubuntu-24.04
timeout-minutes: 10
permissions:
contents: read # for checkout
outputs:
tasks: ${{ steps.list.outputs.tasks }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install mise
uses: jdx/mise-action@53d027c2e96fed8f955f5d95bff910a3e031cc58 # v2.1.6
with:
version: 2024.11.2
# backends are required to run mise list
# cspell:ignore binstall
install_args: bun node cargo-binstall
experimental: true
- name: Install package.json dependencies
run: mise run buni:root
- name: List mise tasks
id: list
run: |
tasks=$(bun run .github/workflows/scripts/list-mise-tasks.ts)
echo "tasks=${tasks}" >> "${GITHUB_OUTPUT}"
lint:
needs: list-tasks
runs-on: ubuntu-24.04
timeout-minutes: 10
permissions:
contents: read # for checkout
name: ${{ matrix.name }}
strategy:
fail-fast: false
matrix:
# use include not to be treated as multi-dimensional matrix
# ref: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations
include: ${{ fromJson(needs.list-tasks.outputs.tasks) }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install mise
uses: jdx/mise-action@53d027c2e96fed8f955f5d95bff910a3e031cc58 # v2.1.6
with:
version: 2024.11.2
install_args: ${{ matrix.tools }}
experimental: true
- name: Run ${{ matrix.name }}
run: mise run ${{ matrix.task }}
commitlint:
runs-on: ubuntu-24.04
timeout-minutes: 10
permissions:
contents: read # for checkout
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # fetch all history for commitlint
- name: Install mise
uses: jdx/mise-action@53d027c2e96fed8f955f5d95bff910a3e031cc58 # v2.1.6
with:
version: 2024.11.2
install_args: bun node
experimental: true
- name: Install package.json dependencies
run: mise run buni:root
- name: "commitlint (push: initial commit)"
id: commitlint-push-initial
# commit hash will be 000... if it doesn't exist
if: github.event_name == 'push' && github.event.before == '0000000000000000000000000000000000000000'
run: bun run commitlint --verbose --to ${{ github.event.after }}
- name: commitlint (push)
id: commitlint-push
if: github.event_name == 'push' && steps.commitlint-push-initial.outcome == 'skipped'
run: bun run commitlint --verbose --from ${{ github.event.before }} --to ${{ github.event.after }}
- name: commitlint (pull_request)
id: commitlint-pr
if: github.event_name == 'pull_request'
run: |
bun run commitlint --verbose --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }}
- name: commitlint (pull request title)
# continue even if the previous step fails
# do not use continue-on-error because it will result in a successful job
if: ${{ !cancelled() && (steps.commitlint-pr.outcome == 'success' || steps.commitlint-pr.outcome == 'failure') }}
# use intermediate environment variable to avoid injection attacks
# ref: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: echo "${PR_TITLE}" | bun run commitlint --verbose
- name: commitlint (last commit)
if: steps.commitlint-push-initial.outcome == 'skipped' && steps.commitlint-push.outcome == 'skipped' && steps.commitlint-pr.outcome == 'skipped'
run: bun run commitlint --verbose --from ${{ github.sha }}~1 --to ${{ github.sha }}
lint-status:
needs:
- lint
- commitlint
# only required for branch protection rules
if: ${{ !cancelled() && github.event_name == 'pull_request' }}
runs-on: ubuntu-24.04
timeout-minutes: 5
steps:
- name: Check the status of the jobs
run: |
if echo '${{ toJson(needs.*.result) }}' | jq --exit-status 'all(. == "success")' >/dev/null; then
echo 'All jobs are successful.'
exit 0
else
echo 'Some jobs are failed, cancelled, or skipped.'
exit 1
fi
actions-timeline:
needs:
- lint-status
if: ${{ !cancelled() }}
runs-on: ubuntu-24.04
timeout-minutes: 5
permissions:
actions: read
steps:
- name: actions-timeline
# cspell:ignore kesin
uses: Kesin11/actions-timeline@3046833d9aacfd7745c5264b7f3af851c3e2a619 # v2.2.1