From da15e3978690de484df454459296ce0eb82a6647 Mon Sep 17 00:00:00 2001 From: MatteoPologruto Date: Wed, 12 Jul 2023 12:47:02 +0200 Subject: [PATCH] Add CI workflow to validate GitHub Actions workflows On every push or pull request that affects the repository's GitHub Actions workflows, and periodically, validate them against the JSON schema. --- .github/workflows/check-workflows-task.yml | 50 ++++++++++++++++ README.md | 1 + Taskfile.yml | 69 ++++++++++++++++++++++ 3 files changed, 120 insertions(+) create mode 100644 .github/workflows/check-workflows-task.yml diff --git a/.github/workflows/check-workflows-task.yml b/.github/workflows/check-workflows-task.yml new file mode 100644 index 0000000..3a873bf --- /dev/null +++ b/.github/workflows/check-workflows-task.yml @@ -0,0 +1,50 @@ +# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-workflows-task.md +name: Check Workflows + +env: + # See: https://github.com/actions/setup-node/#readme + NODE_VERSION: 16.x + +# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows +on: + push: + paths: + - ".github/workflows/*.ya?ml" + - "package.json" + - "package-lock.json" + - "Taskfile.ya?ml" + pull_request: + paths: + - ".github/workflows/*.ya?ml" + - "package.json" + - "package-lock.json" + - "Taskfile.ya?ml" + schedule: + # Run every Tuesday at 8 AM UTC to catch breakage resulting from changes to the JSON schema. + - cron: "0 8 * * TUE" + workflow_dispatch: + repository_dispatch: + +jobs: + validate: + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: ${{ env.NODE_VERSION }} + + - name: Install Task + uses: arduino/setup-task@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + version: 3.x + + - name: Validate workflows + run: task --silent ci:validate diff --git a/README.md b/README.md index 12f1301..ee5df29 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,7 @@ [![Sync Labels status](https://github.com/arduino/fwuploader-plugin-helper/actions/workflows/sync-labels.yml/badge.svg)](https://github.com/arduino/fwuploader-plugin-helper/actions/workflows/sync-labels.yml) [![Check Go Dependencies status](https://github.com/arduino/fwuploader-plugin-helper/actions/workflows/check-go-dependencies-task.yml/badge.svg)](https://github.com/arduino/fwuploader-plugin-helper/actions/workflows/check-go-dependencies-task.yml) [![Check Taskfiles status](https://github.com/arduino/fwuploader-plugin-helper/actions/workflows/check-taskfiles.yml/badge.svg)](https://github.com/arduino/fwuploader-plugin-helper/actions/workflows/check-taskfiles.yml) +[![Check Workflows status](https://github.com/arduino/fwuploader-plugin-helper/actions/workflows/check-workflows-task.yml/badge.svg)](https://github.com/arduino/fwuploader-plugin-helper/actions/workflows/check-workflows-task.yml) diff --git a/Taskfile.yml b/Taskfile.yml index 6093dfd..d3fc3d3 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -15,6 +15,34 @@ vars: LDFLAGS: tasks: + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/check-workflows-task/Taskfile.yml + ci:validate: + desc: Validate GitHub Actions workflows against their JSON schema + vars: + # Source: https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/github-workflow.json + WORKFLOW_SCHEMA_URL: https://json.schemastore.org/github-workflow + WORKFLOW_SCHEMA_PATH: + sh: task utility:mktemp-file TEMPLATE="workflow-schema-XXXXXXXXXX.json" + WORKFLOWS_DATA_PATH: "./.github/workflows/*.{yml,yaml}" + deps: + - task: npm:install-deps + cmds: + - | + wget \ + --quiet \ + --output-document="{{.WORKFLOW_SCHEMA_PATH}}" \ + {{.WORKFLOW_SCHEMA_URL}} + - | + npx \ + --package=ajv-cli \ + --package=ajv-formats \ + ajv validate \ + --all-errors \ + --strict=false \ + -c ajv-formats \ + -s "{{.WORKFLOW_SCHEMA_PATH}}" \ + -d "{{.WORKFLOWS_DATA_PATH}}" + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/check-dependencies-task/Taskfile.yml general:cache-dep-licenses: desc: Cache dependency license metadata @@ -89,3 +117,44 @@ tasks: dir: "{{default .DEFAULT_GO_MODULE_PATH .GO_MODULE_PATH}}" cmds: - go vet {{default .DEFAULT_GO_PACKAGES .GO_PACKAGES}} + + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/npm-task/Taskfile.yml + npm:install-deps: + desc: Install dependencies managed by npm + cmds: + - npm install + + # Make a temporary file named according to the passed TEMPLATE variable and print the path passed to stdout + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/windows-task/Taskfile.yml + utility:mktemp-file: + vars: + RAW_PATH: + sh: mktemp --tmpdir "{{.TEMPLATE}}" + cmds: + - task: utility:normalize-path + vars: + RAW_PATH: "{{.RAW_PATH}}" + + # Make a temporary folder named according to the passed TEMPLATE variable and print the path passed to stdout + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/windows-task/Taskfile.yml + utility:mktemp-folder: + vars: + RAW_PATH: + sh: mktemp --directory --tmpdir "{{.TEMPLATE}}" + cmds: + - task: utility:normalize-path + vars: + RAW_PATH: "{{.RAW_PATH}}" + + # Print a normalized version of the path passed via the RAW_PATH variable to stdout + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/windows-task/Taskfile.yml + utility:normalize-path: + cmds: + - | + if [[ "{{.OS}}" == "Windows_NT" ]] && which cygpath &>/dev/null; then + # Even though the shell handles POSIX format absolute paths as expected, external applications do not. + # So paths passed to such applications must first be converted to Windows format. + cygpath -w "{{.RAW_PATH}}" + else + echo "{{.RAW_PATH}}" + fi