Run containers as non-root user with Docker --user support #39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test YAML | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| pull_request_target: | |
| types: [opened, reopened, synchronize] | |
| jobs: | |
| test-yaml: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.13' | |
| - name: Install yamllint | |
| run: pip install yamllint | |
| - name: Lint YAML files | |
| id: yamllint-check | |
| run: | | |
| yamllint -f github -d '{rules: {line-length: disable}}' . | |
| - name: Comment on PR if check failed | |
| if: failure() && steps.yamllint-check.outcome == 'failure' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| // Find PR associated with this branch | |
| const { data: pulls } = await github.rest.pulls.list({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| head: `${context.repo.owner}:${process.env.GITHUB_REF_NAME}`, | |
| state: 'open' | |
| }); | |
| if (pulls.length === 0) { | |
| console.log('No open PR found for this branch, skipping comment.'); | |
| return; | |
| } | |
| const prNumber = pulls[0].number; | |
| const runUrl = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`; | |
| const commentBody = `## ❌ YAML Lint Check Failed | |
| **YAML syntax or formatting errors were detected in this PR.** | |
| Please check the [workflow run logs](${runUrl}) for details on which files have issues. | |
| ### Common fixes: | |
| 1. **Indentation errors** - YAML requires consistent indentation (use spaces, not tabs) | |
| 2. **Missing colons or quotes** - Check for proper key-value syntax | |
| 3. **Trailing spaces** - Remove whitespace at the end of lines | |
| 4. **Duplicate keys** - Each key in a mapping must be unique | |
| 5. **Invalid characters** - Ensure special characters are properly quoted | |
| ### To lint YAML files locally: | |
| \`\`\`bash | |
| # Install yamllint | |
| pip install yamllint | |
| # Run yamllint on the repo (with line-length disabled) | |
| yamllint -d "{rules: {line-length: disable}}" . | |
| \`\`\` | |
| 📚 [yamllint documentation](https://yamllint.readthedocs.io/) | |
| `; | |
| // Check if we already commented on this PR to avoid spam | |
| const { data: comments } = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber | |
| }); | |
| const botComment = comments.find(comment => | |
| comment.user.type === 'Bot' && | |
| comment.body.includes('YAML Lint Check Failed') | |
| ); | |
| if (botComment) { | |
| // Update existing comment | |
| await github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: botComment.id, | |
| body: commentBody | |
| }); | |
| console.log(`Updated existing comment on PR #${prNumber}`); | |
| } else { | |
| // Create new comment | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| body: commentBody | |
| }); | |
| console.log(`Created comment on PR #${prNumber}`); | |
| } |