[pull] master from trailofbits:master #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Lint | |
| 'on': [push, pull_request] | |
| permissions: | |
| contents: read | |
| jobs: | |
| ansible-lint: | |
| name: Ansible linting | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install ansible-lint and dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install ansible-lint ansible | |
| # Install required ansible collections for comprehensive testing | |
| ansible-galaxy collection install -r requirements.yml | |
| - name: Run ansible-lint | |
| run: | | |
| ansible-lint . | |
| - name: Run playbook dry-run check (catch runtime issues) | |
| run: | | |
| # Test main playbook logic without making changes | |
| # This catches filter warnings, collection issues, and runtime errors | |
| ansible-playbook main.yml --check --connection=local \ | |
| -e "server_ip=test" \ | |
| -e "server_name=ci-test" \ | |
| -e "IP_subject_alt_name=192.168.1.1" \ | |
| || echo "Dry-run check completed with issues - review output above" | |
| yaml-lint: | |
| name: YAML linting | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run yamllint | |
| run: | | |
| pip install yamllint | |
| yamllint -c .yamllint . | |
| python-lint: | |
| name: Python linting | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install Python linters | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install ruff | |
| - name: Run ruff | |
| run: | | |
| # Fast Python linter | |
| ruff check . || true # Start with warnings only | |
| shellcheck: | |
| name: Shell script linting | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run shellcheck | |
| run: | | |
| sudo apt-get update && sudo apt-get install -y shellcheck | |
| # Check all shell scripts, not just algo and install.sh | |
| find . -type f -name "*.sh" -not -path "./.git/*" -exec shellcheck {} \; |