forked from trailofbits/algo
-
Notifications
You must be signed in to change notification settings - Fork 0
127 lines (107 loc) · 3.81 KB
/
lint.yml
File metadata and controls
127 lines (107 loc) · 3.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
---
name: Lint
'on': [push, pull_request]
permissions:
contents: read
jobs:
ansible-lint:
name: Ansible linting
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
with:
persist-credentials: false
- name: Setup Algo environment
uses: ./.github/actions/setup-algo
with:
install-ansible-collections: 'true'
- name: Run ansible-lint
run: |
uv run --with ansible-lint ansible-lint .
- name: Run playbook dry-run check (catch runtime issues)
run: |
# Test main playbook logic without making changes
# This catches filter warnings, collection issues, and runtime errors
uv run ansible-playbook main.yml --check --connection=local \
-e "server_ip=test" \
-e "server_name=ci-test" \
-e "IP_subject_alt_name=192.168.1.1" \
|| echo "Dry-run check completed with issues - review output above"
yaml-lint:
name: YAML linting
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
with:
persist-credentials: false
- name: Setup uv environment
uses: ./.github/actions/setup-uv
- name: Run yamllint
run: uv run --with yamllint yamllint -c .yamllint .
python-lint:
name: Python linting
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
with:
persist-credentials: false
- name: Setup Algo environment
uses: ./.github/actions/setup-algo
- name: Run ruff
run: |
# Fast Python linter
uv run --with ruff ruff check .
shellcheck:
name: Shell script linting
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
with:
persist-credentials: false
- name: Setup Algo environment
uses: ./.github/actions/setup-algo
with:
install-shellcheck: 'true'
- name: Run shellcheck
run: |
# Check all shell scripts, not just algo and install.sh
find . -type f -name "*.sh" -not -path "./.git/*" -exec shellcheck {} \;
powershell-lint:
name: PowerShell script linting
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
with:
persist-credentials: false
- name: Install PowerShell
run: |
# Install PowerShell Core
wget -q https://github.com/PowerShell/PowerShell/releases/download/v7.4.0/powershell_7.4.0-1.deb_amd64.deb
sudo dpkg -i powershell_7.4.0-1.deb_amd64.deb
sudo apt-get install -f
- name: Install PSScriptAnalyzer
run: |
pwsh -Command "Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser"
- name: Run PowerShell syntax check
run: |
# Check syntax by parsing the script
pwsh -NoProfile -NonInteractive -Command "
try {
\$null = [System.Management.Automation.PSParser]::Tokenize((Get-Content -Path './algo.ps1' -Raw), [ref]\$null)
Write-Host '✓ PowerShell syntax check passed'
} catch {
Write-Error 'PowerShell syntax error: ' + \$_.Exception.Message
exit 1
}
"
- name: Run PSScriptAnalyzer
run: |
pwsh -Command "
\$results = Invoke-ScriptAnalyzer -Path './algo.ps1' -Severity Warning,Error
if (\$results.Count -gt 0) {
\$results | Format-Table -AutoSize
exit 1
} else {
Write-Host '✓ PSScriptAnalyzer check passed'
}
"