Add image for 'actionlint'

actionlint does static analysis of GitHub Action workflow files. By having our own image we can be sure the binary doesn't get changed out from under us.
ponylang · Aug 10, 2023 · 6cb01af · 6cb01af
1 parent 5feb1f7
commit 6cb01af
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 9 deletions.
diff --git a/.github/workflows/linux-builder-update.yml b/.github/workflows/linux-builder-update.yml
@@ -13,7 +13,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Docker login
-        run: "docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD"
+        run: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
@@ -40,7 +40,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Docker login
-        run: "docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD"
+        run: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
@@ -67,7 +67,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Docker login
-        run: "docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD"
+        run: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
@@ -94,7 +94,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Docker login
-        run: "docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD"
+        run: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
@@ -121,7 +121,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Docker login
-        run: "docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD"
+        run: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
@@ -148,7 +148,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Docker login
-        run: "docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD"
+        run: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
@@ -175,7 +175,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Docker login
-        run: "docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD"
+        run: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
@@ -202,7 +202,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Docker login
-        run: "docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD"
+        run: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -2,7 +2,21 @@ name: PR
 
 on: pull_request
 
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Check workflow files
+        uses: docker://ponylang/shared-docker-ci-actionlint:20230810
+        with:
+          args: -color
+
   superlinter:
     name: Lint bash, docker, markdown, and yaml
     runs-on: ubuntu-latest
@@ -18,6 +32,14 @@ jobs:
           VALIDATE_MD: true
           VALIDATE_YAML: true
 
+  validate-actionlint-image-builds:
+    name: Validate release Docker image builds
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Docker build
+        run: "docker build --pull --file=actionlint/Dockerfile ."
+
   validate-release-a-library-image-builds:
     name: Validate release-a-library Docker image builds
     runs-on: ubuntu-latest

diff --git a/.github/workflows/release-a-library-update.yml b/.github/workflows/release-a-library-update.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Docker login
-        run: "docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD"
+        run: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}

diff --git a/actionlint/Dockerfile b/actionlint/Dockerfile
@@ -0,0 +1,15 @@
+FROM alpine:3.18
+
+RUN apk add --update --no-cache \
+  bash \
+  py3-pyflakes \
+  shellcheck
+
+RUN cd /tmp && \
+  wget https://github.com/rhysd/actionlint/releases/download/v1.6.25/actionlint_1.6.25_linux_386.tar.gz && \
+  tar xf actionlint_1.6.25_linux_386.tar.gz && \
+  cp actionlint /usr/bin/ && \
+  chmod a+x /usr/bin/actionlint && \
+  rm -rf /tmp/*
+
+ ENTRYPOINT ["/usr/bin/actionlint"]
diff --git a/actionlint/build-and-push.bash b/actionlint/build-and-push.bash
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+
+#
+# *** You should already be logged in to DockerHub when you run this ***
+#
+
+NAME="ponylang/shared-docker-ci-actionlint"
+TODAY=$(date +%Y%m%d)
+DOCKERFILE_DIR="$(dirname "$0")"
+
+docker build --pull -t "${NAME}:${TODAY}" "${DOCKERFILE_DIR}"
+docker push "${NAME}:${TODAY}"