diff --git a/.github/workflows/build-engine-package.yml b/.github/workflows/build-engine-package.yml index 68607e59d..145fff42b 100644 --- a/.github/workflows/build-engine-package.yml +++ b/.github/workflows/build-engine-package.yml @@ -151,6 +151,9 @@ jobs: run: | set -eux + # CUDA Toolkit へのパスを OS 非依存へ整形する + # NOTE: ダブルクォートでバックスラッシュを囲むと tr が可搬性関連の warning を出す + # shellcheck disable=SC1003 CUDA_ROOT=$( echo "${{ steps.cuda-toolkit.outputs.CUDA_PATH }}" | tr '\\' '/' ) mkdir -p download/cuda/bin @@ -297,7 +300,7 @@ jobs: # Download pyopenjtalk dictionary # try 5 times, sleep 5 seconds before retry - for i in $(seq 5); do + for _ in $(seq 5); do EXIT_CODE=0 python3 -c "import pyopenjtalk; pyopenjtalk._lazy_init()" || EXIT_CODE=$? @@ -526,6 +529,8 @@ jobs: set -eux # ONNX Runtime providers + # NOTE: `$ORIGIN` は RPATH の特殊トークンであるため、bash 変数扱いされないために適切なエスケープが必要。 + # shellcheck disable=SC2016 patchelf --set-rpath '$ORIGIN' "$(pwd)/download/onnxruntime/lib"/libonnxruntime_providers_*.so mv download/onnxruntime/lib/libonnxruntime_*.so dist/run/ @@ -605,13 +610,13 @@ jobs: (cd "${{ matrix.target }}" && 7z -r -v1900M a "../compressed.zip") # Rename to artifact.001.vvppp, artifact.002.vvppp, ... - for FILE in $(ls "compressed.zip."*); do + for FILE in compressed.zip.*; do NUMBER=${FILE##*.} # 001 mv "${FILE}" "${{ steps.vars.outputs.package_name }}.${NUMBER}.vvppp" done # Rename to artifact.vvpp if there are only artifact.001.vvppp - if [ "$(ls ${{ steps.vars.outputs.package_name }}.*.vvppp | wc -l)" == 1 ]; then + if [ "$(find ${{ steps.vars.outputs.package_name }}.*.vvppp -maxdepth 1 | wc -l)" == 1 ]; then mv ${{ steps.vars.outputs.package_name }}.001.vvppp ${{ steps.vars.outputs.package_name }}.vvpp fi diff --git a/.github/workflows/test-engine-package.yml b/.github/workflows/test-engine-package.yml index 47b7b3f49..63e5b445d 100644 --- a/.github/workflows/test-engine-package.yml +++ b/.github/workflows/test-engine-package.yml @@ -72,7 +72,7 @@ jobs: run: | mkdir -p download curl -L -o "download/list.txt" "${{ steps.vars.outputs.release_url }}/${{ steps.vars.outputs.package_name }}.7z.txt" - cat "download/list.txt" | xargs -I '%' curl -L -o "download/%" "${{ steps.vars.outputs.release_url }}/%" + Check Python dependency security run: safety check -r requirements.txt -r requirements-dev.txt -r requirements-test.txt -r requirements-license.txt -o bare - - name: Notify Discord of security testing result + - name: Notify Discord of security testing result uses: sarisia/actions-status-discord@v1 if: always() with: @@ -41,6 +41,6 @@ jobs: username: GitHub Actions title: "依存パッケージ脆弱性診断の結果" status: ${{ job.status }} - color: ${{ job.status == 'success' && 0x00FF00 || 0xFF0000 }} + color: ${{ job.status == 'success' && '0x00FF00' || '0xFF0000' }} url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 36ddc3741..7502fb61c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -76,7 +76,7 @@ jobs: if: ${{ startsWith(matrix.os, 'ubuntu-') }} uses: crate-ci/typos@v1.12.12 - shellcheck: + lint-builders: runs-on: ubuntu-20.04 steps: - name: Check out the repository @@ -89,3 +89,9 @@ jobs: - name: Check shell files run: git ls-files | grep -E '\.(ba)?sh' | xargs shellcheck + + - name: Check workflow files + run: | + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) + ./actionlint + shell: bash