chore(ci): add actionlint (#729)

nakamasato · Sep 21, 2023 · b27a177 · b27a177
1 parent e8dbbef
commit b27a177
Show file tree

Hide file tree

Showing 22 changed files with 80 additions and 67 deletions.
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -0,0 +1,18 @@
+name: actionlint
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - ".github/workflows/*"
+
+jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: actionlint
+        run: |
+          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+          ./actionlint -color
+        shell: bash
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
@@ -19,7 +19,7 @@ jobs:
         run: |
           PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
           echo "pr: $PR_NUMBER"
-          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
+          echo "PR_NUMBER=$PR_NUMBER" >> "$GITHUB_ENV"
       - name: Approve Pull Request
         uses: juliangruber/approve-pull-request-action@v2
         with:

diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml
@@ -11,15 +11,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Set assignees
-        env:
-          ASSIGNEES: ${{ github.actor }}
         run: |
-          assignee_count=$(cat ${{ github.event_path }} | jq '.pull_request.assignees | length')
-          if [[ 0 == $assignee_count ]]; then
-            assignees=$(echo "\"${ASSIGNEES// /}\"" | jq 'split(",")')
+          assignee_count=$(echo "${{ github.event_path }}" | jq '.pull_request.assignees | length')
+          if [[ 0 == "$assignee_count" ]]; then
             curl -X POST \
                  -H "Content-Type: application/json" \
                  -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-                 -d "{ \"assignees\": $assignees }" \
-                 https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/assignees
+                 -d "{ \"assignees\": [\"${{ github.actor }}\"] }" \
+                 "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/assignees"
           fi
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -24,7 +24,7 @@ jobs:
         run: |
           PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
           echo "pr: $PR_NUMBER"
-          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
+          echo "PR_NUMBER=$PR_NUMBER" >> "$GITHUB_ENV"
       - name: Approve Pull Request
         uses: juliangruber/approve-pull-request-action@v2
         with:

diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Set env
-      run: echo "RELEASE_VERSION=$(echo ${GITHUB_REF:10})" >> $GITHUB_ENV
+      run: echo "RELEASE_VERSION=${GITHUB_REF:10}" >> "$GITHUB_ENV"
     - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
       with:
         token: ${{ secrets.REPO_GITHUB_TOKEN }}

diff --git a/.github/workflows/auto-release-when-pr-is-merged.yml b/.github/workflows/auto-release-when-pr-is-merged.yml
@@ -16,7 +16,7 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: prepare release tag
-        run: echo "release_tag=v$(date '+%Y%m%d_%H%M%S')" >> $GITHUB_ENV
+        run: echo "release_tag=v$(date '+%Y%m%d_%H%M%S')" >> "$GITHUB_ENV"
       - uses: actions/github-script@v6
         with:
           script: |
@@ -81,7 +81,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          sh $PUBLISH_RELEASE_SCRIPT
+          sh "$PUBLISH_RELEASE_SCRIPT"
 
           release_tag=$(gh release view --json tagName | jq -r .tagName)
           release_url=$(gh release view --json url | jq -r .url)

diff --git a/.github/workflows/check-actions-name.yml b/.github/workflows/check-actions-name.yml
@@ -8,4 +8,4 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
-      - run: for f in `ls .github/workflows/*yml`; do name=$(yq e '.name' $f); ls .github/workflows/${name}.yml; done
+      - run: for f in .github/workflows/*yml; do name=$(yq e '.name' "$f"); ls ".github/workflows/${name}.yml"; done
diff --git a/.github/workflows/check-operator-sdk-release.yml b/.github/workflows/check-operator-sdk-release.yml
@@ -19,16 +19,16 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           latest_version=$(curl --silent "https://api.github.com/repos/operator-framework/operator-sdk/releases" | jq -r '.[].tag_name' | head -10 | sort -r | head -1)
-          current_minor_version=$(echo ${VERSION} | sed 's/.*\(v[0-9]\+.[0-9]\+\).*/\1/')
-          latest_minor_version=$(echo ${latest_version} | sed 's/.*\(v[0-9]\+.[0-9]\+\).*/\1/')
+          current_minor_version="${VERSION%.*}"
+          latest_minor_version="${latest_version%.*}"
           echo "current_minor_version: $current_minor_version, latest_minor_version: $latest_minor_version"
           if [ "$current_minor_version" = "$latest_minor_version" ]; then
             echo "latest (current: $VERSION, latest: $latest_version)"
           else
             echo 'new release exists'
             title="Upgrade operator-sdk to $latest_version"
             issue_cnt=$(gh issue list --search "$title" --json 'id' | jq length)
-            if [ $issue_cnt -gt 0 ];then
+            if [ "$issue_cnt" -gt 0 ];then
               echo "issue already exists"
             else
               gh issue create --title "$title" --body "operator-sdk $latest_version has been released." --assignee nakamasato

diff --git a/.github/workflows/conditional-auto-approve.yml b/.github/workflows/conditional-auto-approve.yml
@@ -37,13 +37,13 @@ jobs:
           URL: ${{ github.event.pull_request.comments_url }}
         working-directory: .github/actions
         run: |
-          echo "{\"body\": \"$(cat $PR_COMMENT_CONTENT_TMP_FILE)\"}"
+          echo "{\"body\": \"$(cat "$PR_COMMENT_CONTENT_TMP_FILE")\"}"
           status_code=$(curl -o /dev/null -w '%{http_code}\n' -s -X POST \
               -H "Authorization: token ${GITHUB_TOKEN}" \
-              -d "{\"body\": \"$(cat $PR_COMMENT_CONTENT_TMP_FILE)\"}" \
-              ${URL})
-          echo $status_code
-          if [[ $status_code != 201 ]];then
+              -d "{\"body\": \"$(cat "$PR_COMMENT_CONTENT_TMP_FILE")\"}" \
+              "${URL}")
+          echo "$status_code"
+          if [[ "$status_code" != 201 ]];then
               echo "failed to post with comment:"
               exit 1
           fi
@@ -53,7 +53,7 @@ jobs:
         run: |
           PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
           echo "pr: $PR_NUMBER"
-          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
+          echo "PR_NUMBER=$PR_NUMBER" >> "$GITHUB_ENV"
 
       - name: Approve Pull Request
         if: ${{ steps.check-change-and-create-comment.outputs.AUTO_APPROVE == '1' }}

diff --git a/.github/workflows/context.yml b/.github/workflows/context.yml
@@ -22,7 +22,7 @@ jobs:
       - name: github.event.action
         run: |
           echo "- github.event.action : ${{ github.event.action }}"
-          echo "- github.event.action : ${{ github.event.action }}" >> $GITHUB_STEP_SUMMARY
+          echo "- github.event.action : ${{ github.event.action }}" >> "$GITHUB_STEP_SUMMARY"
 
   label:
     runs-on: ubuntu-latest
@@ -33,19 +33,19 @@ jobs:
         id: skip
         name: ignore unrelavant labels
         run: |
-          echo "SKIP=TRUE" >> $GITHUB_ENV
-          echo "- github.event.action : ${{ github.event.action }}" >> $GITHUB_STEP_SUMMARY
-          echo "- github.event.label.name : ${{ github.event.label.name }}" >> $GITHUB_STEP_SUMMARY
+          echo "SKIP=TRUE" >> "$GITHUB_ENV"
+          echo "- github.event.action : ${{ github.event.action }}" >> "$GITHUB_STEP_SUMMARY"
+          echo "- github.event.label.name : ${{ github.event.label.name }}" >> "$GITHUB_STEP_SUMMARY"
 
       - name: Dump GitHub context
         if: ${{ env.SKIP != 'TRUE' }}
         env:
           GITHUB_CONTEXT: ${{ toJson(github) }}
         run: |
           echo "$GITHUB_CONTEXT"
-          echo "- github.event.action : ${{ github.event.action }}" >> $GITHUB_STEP_SUMMARY
+          echo "- github.event.action : ${{ github.event.action }}" >> "$GITHUB_STEP_SUMMARY"
 
       - if: ${{ contains( github.event.pull_request.labels.*.name, 'test') }}
         name: check if a pr has test label
         run: |
-          echo "- github.event.pull_request.labels has 'test'" >> $GITHUB_STEP_SUMMARY
+          echo "- github.event.pull_request.labels has 'test'" >> "$GITHUB_STEP_SUMMARY"
diff --git a/.github/workflows/default-commands.yml b/.github/workflows/default-commands.yml
@@ -29,10 +29,10 @@ jobs:
         run: date --date='-7 days ago' '+%Y-%m-%d'
 
       - name: cal
-        run: cal $(date +"%m %Y") | awk 'NF {DAYS = $NF}; END {print DAYS}'
+        run: cal "$(date +"%m %Y")" | awk 'NF {DAYS = $NF}; END {print DAYS}'
 
       - name: bc
-        run: printf "%.2f" $(echo "scale=2;3/2" | bc)
+        run: printf "%.2f" "$(echo "scale=2;3/2" | bc)"
 
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 # to get the context
 
@@ -42,4 +42,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: gh pr comment $PR_NUMBER --body "Hi from GitHub CLI"
+        run: gh pr comment "$PR_NUMBER" --body "Hi from GitHub CLI"
diff --git a/.github/workflows/envvar.yml b/.github/workflows/envvar.yml
@@ -18,7 +18,7 @@ jobs:
       - name: Set env ${{ env.NAMESPACE }}
         id: first-job
         run: |
-          echo "TEST=TEST_VALUE" >> $GITHUB_ENV
+          echo "TEST=TEST_VALUE" >> "$GITHUB_ENV"
           echo "TEST=TEST_VALUE" >> "$GITHUB_OUTPUT"
 
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
@@ -33,8 +33,7 @@ jobs:
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
       - name: Get env
         run: |
-          echo ${{ env.TEST }}
-          echo ${{ steps.first-job.outputs.TEST }}
-          echo $GITHUB_REF
-          PR_NUMBER=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }')
+          echo "${{ env.TEST }}"
+          echo "$GITHUB_REF"
+          PR_NUMBER=$(echo "$GITHUB_REF" | awk 'BEGIN { FS = "/" } ; { print $3 }')
           echo "PR: $PR_NUMBER"
diff --git a/.github/workflows/failure.yml b/.github/workflows/failure.yml
@@ -39,10 +39,10 @@ jobs:
         run: echo succeed
 
       - name: post process regardless of sucess or failure
-        run: echo ${{ steps.fail_step.outcome }} # success
+        run: echo ${{ steps.succeed_step.outcome }} # success
 
       - name: make it fail when the first step failed
-        if: steps.fail_step.outcome == 'failure'
+        if: steps.succeed_step.outcome == 'failure'
         run: exit 1
 
   fail-with-post-process-for-failure:
@@ -65,7 +65,7 @@ jobs:
 
       - if: failure()
         name: post process only called when the first step fails
-        run: echo ${{ steps.fail_step.outcome }}
+        run: echo ${{ steps.succeed_step.outcome }}
 
   succeed:
     runs-on: ubuntu-latest
@@ -76,5 +76,5 @@ jobs:
 
       - run: echo ${{ steps.suceed_step.outcome }} # success
 
-      - if: steps.fail_step.outcome == 'failure'
+      - if: steps.suceed_step.outcome == 'failure'
         run: exit 1
diff --git a/.github/workflows/k8s-ci.yml b/.github/workflows/k8s-ci.yml
@@ -54,8 +54,8 @@ jobs:
           CONTAINER_NAME: nginx
           IMAGE_FULL_NAME: ${{ needs.build-and-push-image.outputs.tags }} # pull_request -> pr-{pull-request-num}
         run: |
-          yq e -i "(.spec.template.spec.containers[]|select(.name == \"${CONTAINER_NAME}\").image)|=\"${IMAGE_FULL_NAME}\"" ${YAML_PATH}
-          cat ${YAML_PATH}
+          yq e -i "(.spec.template.spec.containers[]|select(.name == \"${CONTAINER_NAME}\").image)|=\"${IMAGE_FULL_NAME}\"" "${YAML_PATH}"
+          cat "${YAML_PATH}"
       - name: Create PR
         uses: peter-evans/create-pull-request@v5
         with:

diff --git a/.github/workflows/matrix-from-previous-job-output-2.yml b/.github/workflows/matrix-from-previous-job-output-2.yml
@@ -25,9 +25,9 @@ jobs:
               - 'static/prod/**'
       - id: matrix
         run: |
-          echo "dev: ${{ steps.changed-files-yaml.outputs.dev_any_changed }}" >> $GITHUB_STEP_SUMMARY
-          echo "prod: ${{ steps.changed-files-yaml.outputs.prod_any_changed }}" >> $GITHUB_STEP_SUMMARY
-          echo "CHANGED_ENVS=$(echo "[{\"env\": \"dev\", \"changed\": ${{ steps.changed-files-yaml.outputs.dev_any_changed }}}, {\"env\":\"prod\", \"changed\": ${{ steps.changed-files-yaml.outputs.prod_any_changed }} }]" | jq -c 'map(select( .changed ).env)')" >> $GITHUB_OUTPUT
+          echo "dev: ${{ steps.changed-files-yaml.outputs.dev_any_changed }}" >> "$GITHUB_STEP_SUMMARY"
+          echo "prod: ${{ steps.changed-files-yaml.outputs.prod_any_changed }}" >> "$GITHUB_STEP_SUMMARY"
+          echo "CHANGED_ENVS=$(echo "[{\"env\": \"dev\", \"changed\": ${{ steps.changed-files-yaml.outputs.dev_any_changed }}}, {\"env\":\"prod\", \"changed\": ${{ steps.changed-files-yaml.outputs.prod_any_changed }} }]" | jq -c 'map(select( .changed ).env)')" >> "$GITHUB_OUTPUT"
 
   execute:
     if: needs.setup.outputs.CHANGED_ENVS != '[]'

diff --git a/.github/workflows/matrix-from-previous-job-output.yml b/.github/workflows/matrix-from-previous-job-output.yml
@@ -12,9 +12,9 @@ jobs:
       - id: set-matrix
         run: |
           if [[ "${{ github.event_name }}" = "pull_request" ]]; then
-            echo "matrix=[\"pull_request1\", \"pull_request2\"]" >> $GITHUB_OUTPUT
+            echo "matrix=[\"pull_request1\", \"pull_request2\"]" >> "$GITHUB_OUTPUT"
           elif [[ "${{ github.event_name }}" = "push" ]]; then
-            echo "matrix=[\"push1\", \"push2\"]" >> $GITHUB_OUTPUT
+            echo "matrix=[\"push1\", \"push2\"]" >> "$GITHUB_OUTPUT"
           fi
   execute:
     strategy:

diff --git a/.github/workflows/print-workflow-dispatch-inputs.yaml b/.github/workflows/print-workflow-dispatch-inputs.yaml
@@ -17,9 +17,11 @@ jobs:
     steps:
       - name: write message
         run: |
-          echo "::notice:: inputs ${{ inputs }}"
+          echo "::notice:: inputs ${{ inputs.environment }} ${{ inputs.logLevel }}"
       - name: job summary
         run: |
-          echo "### inputs" >> $GITHUB_STEP_SUMMARY
-          echo "- environment: ${{ inputs.environment }}" >> $GITHUB_STEP_SUMMARY
-          echo "- logLevel: ${{ inputs.logLevel }}" >> $GITHUB_STEP_SUMMARY
+          {
+            echo "### inputs"
+            echo "- environment: ${{ inputs.environment }}"
+            echo "- logLevel: ${{ inputs.logLevel }}"
+          } >> "$GITHUB_STEP_SUMMARY"
diff --git a/.github/workflows/pull-request-and-push-to-main.yml b/.github/workflows/pull-request-and-push-to-main.yml
@@ -18,9 +18,9 @@ jobs:
         id: set-conf
         run: |
           if [[ "${{ github.event_name }}" = "pull_request" ]]; then
-            echo "ENV=dev" >> $GITHUB_OUTPUT
+            echo "ENV=dev" >> "$GITHUB_OUTPUT"
           else
-            echo "ENV=prod" >> $GITHUB_OUTPUT
+            echo "ENV=prod" >> "$GITHUB_OUTPUT"
           fi
 
       - name: Process
@@ -36,13 +36,13 @@ jobs:
         if: github.event_name == 'pull_request'
         id: set-conf-dev
         run: |
-          echo "ENV=dev" >> $GITHUB_OUTPUT
+          echo "ENV=dev" >> "$GITHUB_OUTPUT"
 
       - name: Set upload config
         if: github.event_name == 'push'
         id: set-conf-prod
         run: |
-          echo "ENV=prod" >> $GITHUB_OUTPUT
+          echo "ENV=prod" >> "$GITHUB_OUTPUT"
 
       - name: Process
         run: |

diff --git a/.github/workflows/released.yml b/.github/workflows/released.yml
@@ -17,9 +17,9 @@ jobs:
 
       - name: Set env
         run: |
-          echo ${GITHUB_REF:10} | grep -cE '^v[0-9]+.[0-9]+.[0-9]+$'
-          echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV
+          echo "${GITHUB_REF:10}" | grep -cE '^v[0-9]+.[0-9]+.[0-9]+$'
+          echo "RELEASE_VERSION=${GITHUB_REF:10}" >> "$GITHUB_ENV"
 
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
       - name: create a file
-        run: echo "$(date)"
+        run: date
diff --git a/.github/workflows/tag.yaml b/.github/workflows/tag.yaml
@@ -12,4 +12,4 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: create a file
-        run: echo "$(date)"
+        run: date
diff --git a/.github/workflows/workflow-dispatch-with-environment.yml b/.github/workflows/workflow-dispatch-with-environment.yml
@@ -19,11 +19,11 @@ jobs:
     steps:
       - name: job summary
         run: |
-          echo "### inputs" >> $GITHUB_STEP_SUMMARY
-          echo "- logLevel: ${{ inputs.logLevel }}" >> $GITHUB_STEP_SUMMARY
+          echo "### inputs" >> "$GITHUB_STEP_SUMMARY"
+          echo "- logLevel: ${{ inputs.logLevel }}" >> "$GITHUB_STEP_SUMMARY"
   run:
     needs: [print-inputs]
     runs-on: ubuntu-latest
     environment: production
     steps:
-      - run: echo ${{ inputs.logLevel }}
+      - run: echo "${{ inputs.logLevel }}"
diff --git a/.github/workflows/workflow-dispatch.yaml b/.github/workflows/workflow-dispatch.yaml
@@ -17,9 +17,6 @@ on:
         type: environment
         required: true
         default: development
-        options:
-        - production
-        - development
 jobs:
   print-inputs-from-remote-workflow:
     uses: nakamasato/github-actions-practice/.github/workflows/print-workflow-dispatch-inputs.yaml@main
@@ -39,5 +36,5 @@ jobs:
     environment: ${{ inputs.environment }}
     steps:
       - run: |
-          echo "### condition" >> $GITHUB_STEP_SUMMARY
-          echo "- branch: ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY
+          echo "### condition" >> "$GITHUB_STEP_SUMMARY"
+          echo "- branch: ${{ github.ref_name }}" >> "$GITHUB_STEP_SUMMARY"