From 7a7e4b975ac1342344785a8914a45d57ed880c3a Mon Sep 17 00:00:00 2001 From: BJ Hargrave Date: Thu, 2 May 2024 11:27:33 -0400 Subject: [PATCH] Add github workflows for schema repo We lint markdown, schema files, and workflows. Dependabot is added to manage the dependencies. Signed-off-by: BJ Hargrave --- .github/dependabot.yml | 17 ++++++ .github/scripts/requirements.txt | 3 + .github/workflows/actionlint.yml | 49 +++++++++++++++ .github/workflows/docs.yml | 47 ++++++++++++++ .github/workflows/lint.yml | 71 ++++++++++++++++++++++ .github/workflows/matchers/actionlint.json | 17 ++++++ .markdownlint-cli2.yaml | 17 ++++++ 7 files changed, 221 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/scripts/requirements.txt create mode 100644 .github/workflows/actionlint.yml create mode 100644 .github/workflows/docs.yml create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/matchers/actionlint.json create mode 100644 .markdownlint-cli2.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..139e42d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: Apache-2.0 + +# GitHub Dependabot configuration file +version: 2 +updates: + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + + # Maintain dependencies for Python scripts + - package-ecosystem: "pip" + directory: "/.github/scripts" + schedule: + interval: "daily" diff --git a/.github/scripts/requirements.txt b/.github/scripts/requirements.txt new file mode 100644 index 0000000..1e6548c --- /dev/null +++ b/.github/scripts/requirements.txt @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: Apache-2.0 + +check-jsonschema>=0.28.2 diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml new file mode 100644 index 0000000..9399a50 --- /dev/null +++ b/.github/workflows/actionlint.yml @@ -0,0 +1,49 @@ +# SPDX-License-Identifier: Apache-2.0 + +name: Lint GitHub Actions workflows +on: + push: + branches: + - "main" + paths: + - '.github/workflows/*.ya?ml' + pull_request: + branches: + - "main" + paths: + - '.github/workflows/*.ya?ml' + +env: + LC_ALL: en_US.UTF-8 + +defaults: + run: + shell: bash + +permissions: + contents: read + +jobs: + actionlint: + runs-on: ubuntu-latest + steps: + - name: "Harden Runner" + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: "Checkout" + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + with: + fetch-depth: 0 + submodules: true + + - name: "Download actionlint" + id: get_actionlint + run: | + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/2d26fef7e97b8ab345791f5ade3252da47d083e3/scripts/download-actionlint.bash) + + - name: "Check workflow files" + run: | + echo "::add-matcher::.github/workflows/matchers/actionlint.json" + ${{ steps.get_actionlint.outputs.executable }} -color diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 0000000..58edd46 --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,47 @@ +# SPDX-License-Identifier: Apache-2.0 + +name: Lint Markdown documents + +on: + push: + branches: + - "main" + paths: + - '**/*.md' + - '.markdownlint-cli2.yaml' + - '.github/workflows/docs.yml' # This workflow + pull_request: + branches: + - "main" + paths: + - '**/*.md' + - '.markdownlint-cli2.yaml' + - '.github/workflows/docs.yml' # This workflow + +env: + LC_ALL: en_US.UTF-8 + +defaults: + run: + shell: bash + +permissions: + contents: read + +jobs: + markdown-lint: + runs-on: ubuntu-latest + steps: + - name: "Harden Runner" + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: "Checkout" + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + with: + fetch-depth: 0 + submodules: true + - name: "Check Markdown documents" + uses: DavidAnson/markdownlint-cli2-action@b4c9feab76d8025d1e83c653fa3990936df0e6c8 # v16.0.0 + with: + globs: '**/*.md' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..df0c0ea --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,71 @@ +# SPDX-License-Identifier: Apache-2.0 + +name: Lint Schema + +on: + workflow_dispatch: + push: + branches: + - main + paths: + - 'v*/**/*.json' + - '.github/workflows/lint.yml' # This workflow + - '.github/scripts/**' # Scripts used by this workflow + + pull_request: + branches: + - main + paths: + - 'v*/**/*.json' + - '.github/workflows/lint.yml' # This workflow + - '.github/scripts/**' # Scripts used by this workflow + +env: + LC_ALL: en_US.UTF-8 + +defaults: + run: + shell: bash + +permissions: + contents: read + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: "Harden Runner" + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: "Checkout" + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + with: + fetch-depth: 0 + + - name: "Setup Python" + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: "3.11" + + - name: "Install Python Packages" + run: | + pip install -r .github/scripts/requirements.txt + + - name: "Find changed schema files" + id: changed-files + uses: tj-actions/changed-files@0874344d6ebbaa00a27da73276ae7162fadcaf69 # v44.3.0 + with: + files: | + v*/**/*.json + + - name: "Check changed schema file contents" + if: steps.changed-files.outputs.any_changed == 'true' + run: | + check-jsonschema --verbose --schemafile https://json-schema.org/draft/2020-12/schema ${{ steps.changed-files.outputs.all_changed_files }} + + - name: "Check all schema file contents" + if: steps.changed-files.outputs.any_changed != 'true' + run: | + check-jsonschema --verbose --schemafile https://json-schema.org/draft/2020-12/schema $(find v* -name "*.json") diff --git a/.github/workflows/matchers/actionlint.json b/.github/workflows/matchers/actionlint.json new file mode 100644 index 0000000..4613e16 --- /dev/null +++ b/.github/workflows/matchers/actionlint.json @@ -0,0 +1,17 @@ +{ + "problemMatcher": [ + { + "owner": "actionlint", + "pattern": [ + { + "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$", + "file": 1, + "line": 2, + "column": 3, + "message": 4, + "code": 5 + } + ] + } + ] +} diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml new file mode 100644 index 0000000..8955b31 --- /dev/null +++ b/.markdownlint-cli2.yaml @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: Apache-2.0 + +config: + line-length: false + no-emphasis-as-header: false + first-line-heading: false + code-block-style: false + no-duplicate-header: false + single-trailing-newline: false + no-bare-urls: false +globs: + - "**/*.md" +ignores: + - ".github/**" + - ".tox/**" + - "venv/**" + - ".venv/**"