[BRE-139] - Rollout workflow linter V2 (#341)

.github/workflows/linter_pr_trigger.yml

@@ -0,0 +1,11 @@
+name: Workflow Linter PR trigger
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/workflow-linter.yml
+
+jobs:
+  linter:
+    name: Lint
+    uses: ./.github/workflows/workflow-linter.yml

.github/workflows/test-lint-workflow.yml

@@ -11,6 +11,7 @@ on:
 
 jobs:
   test-lint-workflow:
+    name: Test Lint Workflow
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout Branch
@@ -22,6 +23,7 @@ jobs:
           WORKFLOW_LIST=$(ls .github/workflows | xargs -I {} echo -n ".github/workflows/{} ")
           echo "workflow-list=$WORKFLOW_LIST" >> $GITHUB_OUTPUT
 
-      - uses: ./lint-workflow
+      - name: Lint Workflow
+        uses: ./lint-workflow
         with:
           workflows: ${{ steps.workflow-list.outputs.workflow-list }}

.github/workflows/test-release-version-check.yml

@@ -13,7 +13,8 @@ on:
 
 jobs:
   test-version-check:
-    runs-on: ubuntu-latest
+    name: Test Version Check
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
@@ -60,7 +61,8 @@ jobs:
       xamarin-calver-success-status: ${{ steps.set-status.outputs.xamarin-calver-success }}
       xamarin-calver-fail-status: ${{ steps.set-status.outputs.xamarin-calver-fail }}
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Checkout Branch
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Version Check - ${{ matrix.name }}
         id: run-version-check
@@ -80,7 +82,8 @@ jobs:
 
 
   run-version-check-test:
-    runs-on: ubuntu-latest
+    name: Run Version Check Test
+    runs-on: ubuntu-22.04
     needs: [test-version-check]
     if: always()
     steps:

.github/workflows/test-report-deployment-status-to-slack.yml

@@ -14,7 +14,8 @@ jobs:
     name: Test Slack report
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Start
         uses: ./report-deployment-status-to-slack
@@ -68,7 +69,8 @@ jobs:
     name: Test Slack report with different DB migration scenerios
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: With DB migration true on main
         uses: ./report-deployment-status-to-slack

.github/workflows/test-report-upcoming-release-version.yml

@@ -10,7 +10,8 @@ jobs:
     name: Test report upcoming release version to Slack
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Report upcoming release version to Slack
         uses: ./report-upcoming-release-version

.github/workflows/test-version-bump.yml

@@ -9,9 +9,11 @@ on:
 
 jobs:
   test-version-bumps:
-    runs-on: ubuntu-latest
+    name: Test Version Bump
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Bump JSON Test
         id: test_json

.github/workflows/workflow-linter.yml

@@ -28,42 +28,21 @@ jobs:
           repository: ${{ steps.repo.outputs.repo }}
           fetch-depth: 0
 
-      - name: Get changed workflows
-        id: changed-workflows
-        run: |
-          MODIFIED_WORKFLOWS=$(git diff --name-only origin/${{ github.base_ref	}} | grep -E '.github/workflows/.*.(yml|yaml)' | tr '\n' ' ')
-          MODIFIED_EXISTING_WORKFLOWS=""
-          COUNT=0
-          for workflow in $MODIFIED_WORKFLOWS; do
-              if [ -f $workflow ]; then
-                  MODIFIED_EXISTING_WORKFLOWS+=" ${workflow}"
-                  COUNT=$((COUNT+1))
-              fi
-          done
-          echo "count=$COUNT" >> $GITHUB_OUTPUT
-          echo "modified-workflows=$MODIFIED_EXISTING_WORKFLOWS" >> $GITHUB_OUTPUT
-
-      - name: Lint
-        if: steps.changed-workflows.outputs.count != 0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        uses: bitwarden/gh-actions/lint-workflow@main
-        with:
-          workflows: ${{ steps.changed-workflows.outputs.modified-workflows }}
-
       - name: Get changed files
-        if: steps.changed-workflows.outputs.count != 0
-        id: changed-files
+        id: changed-workflows
         uses: tj-actions/changed-files@c3a1bb2c992d77180ae65be6ae6c166cf40f857c # v45.0.3
         with:
           files: .github/workflows/**
 
-      - name: Check for pinned versions
-        if: steps.changed-files.outputs.any_changed == 'true'
-        shell: bash
-        env:
-          FILE: ${{ steps.changed-files.outputs.all_changed_files }}
-        run: |
-          FILES=$(echo "${{ env.FILE }}")
-          curl -o $PWD/version-lint.sh https://raw.githubusercontent.com/bitwarden/gh-actions/main/.github/version-lint.sh
-          chmod +x $PWD/version-lint.sh && $PWD/version-lint.sh $FILES
+      - name: Set up Python 3.11
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        with:
+          python-version: "3.11"
+
+      - name: Install bwwl binary
+        if: steps.changed-workflows.outputs.all_changed_files_count != 0
+        run: python -m pip install --upgrade bitwarden_workflow_linter
+
+      - name: Lint
+        if: steps.changed-workflows.outputs.all_changed_files_count != 0
+        run: bwwl lint -f .github/workflows