-
Notifications
You must be signed in to change notification settings - Fork 13
94 lines (85 loc) · 2.6 KB
/
check.lint-yaml.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
---
name: "Lint: YAML"
concurrency:
group: lint-yaml-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
"on":
## Check YAML on merge queue insertion
merge_group: {}
## Check on release
release:
types: [created]
## Check on push to `main` if modified
push:
branches:
- main
paths:
- ".github/workflows/*.yaml"
- ".github/workflows/*.yml"
- ".bazelci/presubmit.yml"
- ".bcr/*.yml"
## Check each PR change against `main`
pull_request:
paths:
- ".github/workflows/*.yaml"
- ".github/workflows/*.yml"
- ".bazelci/presubmit.yml"
- ".bcr/*.yml"
permissions:
contents: read
jobs:
## Task: Lint workflows via Actionlint
lint-workflows:
name: "Lint: Workflows"
uses: elide-dev/build-infra/.github/workflows/check.actions-lint.ci.yml@c54d8227f4bd37839a67ab9cb71fb59a0d197aee
permissions:
checks: write
pull-requests: read
id-token: write
contents: read
## Task: Lint Bazel Central Registry config files
lint-bcr-yaml:
name: "Lint: BCR"
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
checks: "write"
pull-requests: "read"
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
egress-policy: audit
- name: "Setup: Checkout"
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: "Lint: YAML"
uses: karancode/yamllint-github-action@0a904064817924fc6fb449a32f67f25bfacc48ae # master
with:
yamllint_file_or_dir: ".bcr"
yamllint_config_filepath: "./.github/.yamllint.yml"
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
## Task: Lint Bazel CI config files
lint-bazelci-yaml:
name: "Lint: Bazel CI"
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
checks: "write"
pull-requests: "read"
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
egress-policy: audit
- name: "Setup: Checkout"
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: "Lint: YAML"
uses: karancode/yamllint-github-action@0a904064817924fc6fb449a32f67f25bfacc48ae # master
with:
yamllint_file_or_dir: ".bazelci"
yamllint_config_filepath: "./.github/.yamllint.yml"
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}