From 417349b501b6a74502d7044a6b611d7cfe4c0eb2 Mon Sep 17 00:00:00 2001 From: Phil Gee Date: Wed, 24 Jan 2024 15:02:32 +0000 Subject: [PATCH 1/2] AEA-3622 Added actionlint to hooks and linting. --- .devcontainer/Dockerfile | 5 ++--- .pre-commit-config.yaml | 9 +++++++++ Makefile | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 449b26b..faee198 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -31,12 +31,11 @@ ENV PATH="$PATH:/home/vscode/.asdf/bin/" RUN asdf plugin add python; \ asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \ asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \ - asdf plugin-add direnv; \ - asdf plugin-add golang https://github.com/kennyp/asdf-golang.git; \ + asdf plugin add direnv; \ + asdf plugin add golang https://github.com/kennyp/asdf-golang.git; \ asdf plugin add golangci-lint https://github.com/hypnoglow/asdf-golangci-lint.git; \ asdf plugin add actionlint; - WORKDIR /workspaces/electronic-prescription-service-get-secrets ADD .tool-versions /workspaces/electronic-prescription-service-get-secrets/.tool-versions ADD .tool-versions /home/vscode/.tool-versions diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index de01d3c..ba9c374 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,5 +31,14 @@ repos: files: ^src pass_filenames: false + - id: lint-githubactions + name: Lint github actions + entry: make + args: ["lint-githubactions"] + language: system + files: ^.github + types_or: [yaml] + pass_filenames: false + fail_fast: true default_stages: [commit] diff --git a/Makefile b/Makefile index e3277a4..be04d79 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ lint-go: lint-githubactions: actionlint -lint: lint-go +lint: lint-go lint-githubactions clean: rm -rf ./lib From 4fce6be1c4481be8b77bff6ff294009420732c54 Mon Sep 17 00:00:00 2001 From: Phil Gee Date: Wed, 24 Jan 2024 15:06:08 +0000 Subject: [PATCH 2/2] AEA-3622 Actionlint issues fixed. --- .github/workflows/dependabot_auto_approve_and_merge.yml | 8 ++++---- .github/workflows/pr-link.yml | 8 ++++++-- .github/workflows/release.yml | 6 +++--- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/.github/workflows/dependabot_auto_approve_and_merge.yml b/.github/workflows/dependabot_auto_approve_and_merge.yml index 9e4b62f..4e5763c 100644 --- a/.github/workflows/dependabot_auto_approve_and_merge.yml +++ b/.github/workflows/dependabot_auto_approve_and_merge.yml @@ -23,21 +23,21 @@ jobs: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Approve patch and minor updates if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}} - run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**" + run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**" env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - name: Approve major updates of development dependencies if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}} - run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**" + run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**" env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - name: Comment on major updates of non-development dependencies if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}} run: | - gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**" - gh pr edit $PR_URL --add-label "requires-manual-qa" + gh pr comment "$PR_URL" --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**" + gh pr edit "$PR_URL" --add-label "requires-manual-qa" env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index ef9284c..fd741af 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -5,14 +5,18 @@ on: jobs: link-ticket: runs-on: ubuntu-latest + env: + REF: ${{ github.event.pull_request.head.ref }} steps: - name: Check ticket name conforms to requirements - run: echo ${{ github.event.pull_request.head.ref }} | grep -i -E -q "(aea-[0-9]+)|(apm-[0-9]+)|(apmspii-[0-9]+)|(adz-[0-9]+)|(amb-[0-9]+)|(dependabot\/)" + run: echo "$REF" | grep -i -E -q "(aea-[0-9]+)|(apm-[0-9]+)|(apmspii-[0-9]+)|(adz-[0-9]+)|(amb-[0-9]+)|(dependabot\/)" continue-on-error: true - name: Grab ticket name if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - run: echo ::set-env name=TICKET_NAME::$(echo ${{ github.event.pull_request.head.ref }} | grep -i -o '\(aea-[0-9]\+\)\|\(apm-[0-9]\+\)\|\(apmspii-[0-9]\+\)\|\(adz-[0-9]\+\)|\(amb-[0-9]\+\)' | tr '[:lower:]' '[:upper:]') + run: | + # shellcheck disable=SC2046 + echo name=TICKET_NAME::$(echo "$REF" | grep -i -o '\(aea-[0-9]\+\)\|\(apm-[0-9]\+\)\|\(apmspii-[0-9]\+\)\|\(adz-[0-9]\+\)|\(amb-[0-9]\+\)' | tr '[:lower:]' '[:upper:]') >> "$GITHUB_ENV" continue-on-error: true env: ACTIONS_ALLOW_UNSECURE_COMMANDS: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2d1d8de..3d4fc5f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,11 +53,11 @@ jobs: make install-python - name: Set SPEC_VERSION env var for merges to main - run: echo "SPEC_VERSION=$(poetry run python scripts/calculate_version.py)" >> $GITHUB_ENV + run: echo "SPEC_VERSION=$(poetry run python scripts/calculate_version.py)" >> "$GITHUB_ENV" if: github.ref == 'refs/heads/main' - name: Set SPEC_VERSION env var for tags - run: echo "SPEC_VERSION=${{ github.ref_name }}" >> $GITHUB_ENV + run: echo "SPEC_VERSION=${{ github.ref_name }}" >> "$GITHUB_ENV" if: github.ref != 'refs/heads/main' - name: Download build artifact @@ -88,4 +88,4 @@ jobs: - name: output SPEC_VERSION id: output_spec_version - run: echo SPEC_VERSION=${{ env.SPEC_VERSION }} >> $GITHUB_OUTPUT + run: echo SPEC_VERSION=${{ env.SPEC_VERSION }} >> "$GITHUB_OUTPUT"