diff --git a/.github/workflows/recipe-security-scanner.yml b/.github/workflows/recipe-security-scanner.yml index 9f004ea1a17..7531ba41723 100644 --- a/.github/workflows/recipe-security-scanner.yml +++ b/.github/workflows/recipe-security-scanner.yml @@ -64,25 +64,25 @@ jobs: if: steps.recipe_changes.outputs.recipe_files_changed == 'true' run: sudo apt-get update && sudo apt-get install -y jq - - name: Find changed recipe files in PR + - name: Find recipe files in PR (new or modified) id: find_recipes if: steps.recipe_changes.outputs.recipe_files_changed == 'true' run: | set -e - echo "Looking for changed recipe files in PR..." + echo "Looking for recipe files in PR (new or modified)..." - # Get the list of changed files in this PR + # Get the list of changed/new files in this PR if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.action }}" = "synchronize" ]; then # For synchronize events, check files changed since the previous commit - echo "📝 Synchronize event - checking files changed since previous commit" + echo "📝 Synchronize event - checking files changed/added since previous commit" CHANGED_FILES=$(git diff --name-only ${{ github.event.before }}..${{ github.event.after }}) else - # For opened/reopened, check all files in the PR - echo "📝 PR opened/reopened - checking all files in PR" + # For opened/reopened, check all files in the PR (new and modified) + echo "📝 PR opened/reopened - checking all new/modified files in PR" CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD) fi - # Filter for recipe files only that were changed + # Filter for recipe files only that were changed or added RECIPE_FILES=$(echo "$CHANGED_FILES" | grep "^documentation/src/pages/recipes/data/recipes/" | grep -E "\.(yaml|yml)$" || true) if [ -z "$RECIPE_FILES" ]; then diff --git a/.github/workflows/validate-recipe-pr.yml b/.github/workflows/validate-recipe-pr.yml index 47265a94ef6..b80cf4b37af 100644 --- a/.github/workflows/validate-recipe-pr.yml +++ b/.github/workflows/validate-recipe-pr.yml @@ -43,43 +43,59 @@ jobs: keyring: false EOF - - name: Check if recipe files changed in this PR + - name: Check if recipe files changed in this push id: recipe_changes run: | set -e - echo "🔍 Checking if recipe files were modified in this PR..." + echo "🔍 Checking if recipe files were modified in this push..." - # Get the list of changed files in this PR - CHANGED_FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}..HEAD) + # Get the list of changed files in this specific push + if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.action }}" = "synchronize" ]; then + # For synchronize events, check files changed since the previous commit + echo "📝 Synchronize event - checking files changed since previous commit" + CHANGED_FILES=$(git diff --name-only ${{ github.event.before }}..${{ github.event.after }}) + else + # For opened/reopened, check all files in the PR + echo "📝 PR opened/reopened - checking all files in PR" + CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD) + fi - echo "All changed files in PR:" + echo "Changed files in this push:" echo "$CHANGED_FILES" echo "" # Check if any recipe files were changed - if echo "$CHANGED_FILES" | grep -q "^documentation/src/pages/recipes/data/recipes/.*\.(yaml|yml)$"; then + if echo "$CHANGED_FILES" | grep -q "^documentation/src/pages/recipes/data/recipes/"; then echo "recipe_files_changed=true" >> "$GITHUB_OUTPUT" - echo "✅ Recipe files were modified in this PR - proceeding with validation" + echo "✅ Recipe files were modified in this push - proceeding with validation" else echo "recipe_files_changed=false" >> "$GITHUB_OUTPUT" - echo "ℹī¸ No recipe files were modified in this PR - skipping validation" + echo "ℹī¸ No recipe files were modified in this push - skipping validation" fi - - name: Find changed recipe files in PR + - name: Find recipe files in PR (new or modified) id: find_changed_recipes if: steps.recipe_changes.outputs.recipe_files_changed == 'true' run: | - echo "🔍 Finding recipe files changed in this PR..." + set -e + echo "Looking for recipe files in PR (new or modified)..." - # Get the list of changed files in this PR - CHANGED_FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}..HEAD) + # Get the list of changed/new files in this PR + if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.action }}" = "synchronize" ]; then + # For synchronize events, check files changed since the previous commit + echo "📝 Synchronize event - checking files changed/added since previous commit" + CHANGED_FILES=$(git diff --name-only ${{ github.event.before }}..${{ github.event.after }}) + else + # For opened/reopened, check all files in the PR (new and modified) + echo "📝 PR opened/reopened - checking all new/modified files in PR" + CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD) + fi - # Filter for recipe files only + # Filter for recipe files only that were changed or added RECIPE_FILES=$(echo "$CHANGED_FILES" | grep "^documentation/src/pages/recipes/data/recipes/" | grep -E "\.(yaml|yml)$" || true) if [ -z "$RECIPE_FILES" ]; then - echo "❌ No recipe files found in the PR changes!" - echo "📁 Please add your recipe to: documentation/src/pages/recipes/data/recipes/" + echo "No changed recipe files found in PR" echo "validation_status=no_files" >> $GITHUB_OUTPUT exit 1 fi @@ -94,6 +110,7 @@ jobs: id: validate if: steps.recipe_changes.outputs.recipe_files_changed == 'true' run: | + set -e # Read the list of changed recipe files RECIPE_FILES=$(cat /tmp/changed_recipe_files.txt) @@ -103,18 +120,19 @@ jobs: # First pass: Basic YAML validation while IFS= read -r RECIPE_FILE; do if [ -f "$RECIPE_FILE" ]; then - echo "🔍 Validating: $RECIPE_FILE" + BASE_RECIPE_FILENAME=$(basename "$RECIPE_FILE") + echo "🔍 Validating: $BASE_RECIPE_FILENAME" if OUTPUT=$(goose recipe validate "$RECIPE_FILE" 2>&1); then - echo "✅ Valid: $RECIPE_FILE" - VALIDATION_OUTPUT="${VALIDATION_OUTPUT}✅ $RECIPE_FILE: VALID\n" + echo "✅ Valid: $BASE_RECIPE_FILENAME" + VALIDATION_OUTPUT="${VALIDATION_OUTPUT}✅ $BASE_RECIPE_FILENAME: VALID\n" else - echo "❌ Invalid: $RECIPE_FILE" + echo "❌ Invalid: $BASE_RECIPE_FILENAME" echo "$OUTPUT" - VALIDATION_OUTPUT="${VALIDATION_OUTPUT}❌ $RECIPE_FILE: INVALID\n\`\`\`\n$OUTPUT\n\`\`\`\n" + VALIDATION_OUTPUT="${VALIDATION_OUTPUT}❌ $BASE_RECIPE_FILENAME: INVALID\n\`\`\`\n$OUTPUT\n\`\`\`\n" ALL_VALID=false fi fi - done <<< "$RECIPE_FILES" + done < /tmp/changed_recipe_files.txt # Second pass: Check for duplicate filenames if [ "$ALL_VALID" = true ]; then @@ -159,7 +177,7 @@ jobs: echo "✅ Filename '$FILENAME' validation complete" fi - done <<< "$RECIPE_FILES" + done < /tmp/changed_recipe_files.txt fi # Save validation output for use in comment