Skip to content

Tooling Improvements #1

Tooling Improvements

Tooling Improvements #1

name: "Lint: YAML"
concurrency:
group: lint-yaml-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on:
## Check YAML on merge queue insertion
merge_group: {}
## Check on release
release:
types: [created]
## Check on push to `main` if modified
push:
branches:
- main
paths:
- ".github/workflows/*.yaml"
- ".github/workflows/*.yml"
- ".bazelci/presubmit.yml"
- ".bcr/*.yml"
## Check each PR change against `main`
pull_request:
paths:
- ".github/workflows/*.yaml"
- ".github/workflows/*.yml"
- ".bazelci/presubmit.yml"
- ".bcr/*.yml"
permissions:
contents: read
jobs:
## Task: Lint workflows in this respository with YAMLLint
lint-workflows-yaml:
name: "Workflows"
runs-on: ${{ vars.RUNNER || 'ubuntu-latest' }}
permissions:
contents: "read"
id-token: "write"
checks: "write"
pull-requests: "read"
steps:
- name: Harden Runner
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
with:
egress-policy: audit
- name: "Setup: Checkout"
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: 'Lint: YAML'
uses: karancode/yamllint-github-action@master
with:
yamllint_file_or_dir: '.github/workflows'
yamllint_strict: false
yamllint_comment: true
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
## Task: Lint Bazel Central Registry config files
lint-bcr-yaml:
name: "BCR"
runs-on: ${{ vars.RUNNER || 'ubuntu-latest' }}
permissions:
contents: "read"
id-token: "write"
checks: "write"
pull-requests: "read"
steps:
- name: Harden Runner
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
with:
egress-policy: audit
- name: "Setup: Checkout"
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: 'Lint: YAML'
uses: karancode/yamllint-github-action@master
with:
yamllint_file_or_dir: '.bcr'
yamllint_strict: false
yamllint_comment: true
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
## Task: Lint Bazel CI config files
lint-bazelci-yaml:
name: "BCR"
runs-on: ${{ vars.RUNNER || 'ubuntu-latest' }}
permissions:
contents: "read"
id-token: "write"
checks: "write"
pull-requests: "read"
steps:
- name: Harden Runner
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
with:
egress-policy: audit
- name: "Setup: Checkout"
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: 'Lint: YAML'
uses: karancode/yamllint-github-action@master
with:
yamllint_file_or_dir: '.bazelci'
yamllint_strict: false
yamllint_comment: true
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}