feat(galaxy-collection): update galaxy-collection #471
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# yamllint disable rule:line-length | |
name: Lint all | |
# yamllint disable-line rule:truthy | |
on: | |
pull_request: | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
with: | |
fetch-depth: 1 | |
- name: Determine what files types have changed | |
id: changed-files-yaml | |
uses: tj-actions/changed-files@c65cd883420fd2eb864698a825fc4162dd94482c # v44 | |
with: | |
files_yaml: | | |
actions: | |
- .github/workflows/** | |
- .shellcheckrc | |
renovate: | |
- .github/renovate.json | |
- .github/renovate/** | |
terraform: | |
- '**.tf' | |
- '**/.terraform-version' | |
- '**/.terraform.lock.hcl' | |
- '.tflint.hcl' | |
docker: | |
- '**/Dockerfile' | |
- '.hadolint.yaml' | |
- name: Setup poetry | |
run: pipx install poetry==$POETRY_VERSION | |
env: | |
# renovate: datasource=pypi depName=poetry | |
POETRY_VERSION: "1.8.3" | |
- name: Set up python | |
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 | |
with: | |
python-version: '3.12' | |
cache: 'poetry' | |
- name: Set up node | |
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 | |
with: | |
node-version-file: '.node-version' | |
cache: 'npm' | |
cache-dependency-path: 'package-lock.json' | |
- name: Setup tflint | |
uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4 | |
- name: Cache pre-commit hooks | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
with: | |
path: ~/.cache/pre-commit/ | |
key: pre-commit|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} | |
- name: Install python requirements | |
run: | | |
poetry --version | |
poetry install --no-interaction | |
poetry env info | |
- name: Install node packages | |
run: npm ci --no-fund --no-audit | |
- name: Install pre-commit hooks | |
run: poetry run pre-commit install --install-hooks --hook-type pre-commit | |
- name: check-added-large-files | |
run: poetry run pre-commit run --all-files --color=always check-added-large-files | |
- name: check-executables-have-shebangs | |
if: success() || failure() | |
run: poetry run pre-commit run --all-files --color=always check-executables-have-shebangs | |
- name: check-json | |
if: success() || failure() | |
run: poetry run pre-commit run --all-files --color=always check-json | |
- name: detect-private-key | |
if: success() || failure() | |
run: poetry run pre-commit run --all-files --color=always detect-private-key | |
- name: end-of-file-fixer | |
if: success() || failure() | |
run: poetry run pre-commit run --all-files --color=always end-of-file-fixer | |
- name: forbid-new-submodules | |
if: success() || failure() | |
run: poetry run pre-commit run --all-files --color=always forbid-new-submodules | |
- name: mixed-line-ending | |
if: success() || failure() | |
run: poetry run pre-commit run --all-files --color=always mixed-line-ending | |
- name: trailing-whitespace | |
if: success() || failure() | |
run: poetry run pre-commit run --all-files --color=always trailing-whitespace | |
- name: shellcheck | |
if: success() || failure() | |
run: poetry run pre-commit run --all-files --color=always shellcheck | |
- name: terraform-fmt | |
if: (success() || failure()) && (steps.changed-files-yaml.outputs.terraform_any_changed == 'true' || github.event_name == 'workflow_dispatch') | |
run: poetry run pre-commit run --all-files --color=always terraform-fmt | |
- name: terraform-validate | |
if: (success() || failure()) && (steps.changed-files-yaml.outputs.terraform_any_changed == 'true' || github.event_name == 'workflow_dispatch') | |
run: poetry run pre-commit run --all-files --color=always terraform-validate | |
- name: tflint | |
if: (success() || failure()) && (steps.changed-files-yaml.outputs.terraform_any_changed == 'true' || github.event_name == 'workflow_dispatch') | |
run: poetry run pre-commit run --all-files --color=always tflint | |
- name: hadolint | |
if: (success() || failure()) && (steps.changed-files-yaml.outputs.docker_any_changed == 'true' || github.event_name == 'workflow_dispatch') | |
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | |
with: | |
dockerfile: "Dockerfile" | |
recursive: true | |
failure-threshold: warning | |
config: .hadolint.yaml | |
- name: yamllint | |
if: success() || failure() | |
run: poetry run yamllint -c .yamllint --strict --format github . | |
- name: actionlint | |
if: (success() || failure()) && (steps.changed-files-yaml.outputs.actions_any_changed == 'true' || github.event_name == 'workflow_dispatch') | |
shell: bash | |
run: | | |
[[ "$RUNNER_ARCH" == "ARM64" ]] && export PKG_ARCH=arm64 || export PKG_ARCH=amd64 | |
wget --quiet -c https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_${PKG_ARCH}.tar.gz -O /tmp/actionlint.tar.gz | |
tar -xzf /tmp/actionlint.tar.gz -C /tmp | |
sudo install -o root -g root -m 0755 /tmp/actionlint /usr/local/sbin/actionlint | |
set -x | |
actionlint -shellcheck "shellcheck -c .shellcheckrc" | |
env: | |
# renovate: datasource=github-releases depName=rhysd/actionlint | |
ACTIONLINT_VERSION: "1.7.1" | |
- name: commitlint | |
if: (success() || failure()) && (github.event_name == 'pull_request') | |
run: npx commitlint --color --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }} --to ${{ github.event.pull_request.head.sha }} --verbose | |
- name: validate-renovate-config | |
if: (success() || failure()) && (steps.changed-files-yaml.outputs.renovate_any_changed == 'true' || github.event_name == 'workflow_dispatch') | |
shell: bash | |
# yamllint disable-line rule:indentation | |
run: | | |
npm install --no-fund --no-audit renovate | |
echo "Validating renovate main configuration..." | |
echo ".github/renovate.json:" | |
npx --yes --package renovate -- renovate-config-validator .github/renovate.json | pr -t -o 4 | |
echo | |
echo "Validating renovate sub configuration..." | |
for rc in $(find .github/renovate -type f -name '*.json' | sort); do | |
echo "${rc}:" | |
npx --yes --package renovate -- renovate-config-validator ${rc} | pr -t -o 4 | |
done |