2121 # Mondays at 12:00 UTC. Catches link rot in unchanged content.
2222 - cron : " 0 12 * * 1"
2323 workflow_dispatch :
24+ # Lets OTHER repos reuse this exact check instead of copying it, so the
25+ # logic never drifts. A consumer adds a ~10-line caller workflow:
26+ #
27+ # jobs:
28+ # external-references:
29+ # uses: amd/skills/.github/workflows/external-reference-check.yml@main
30+ # permissions:
31+ # contents: read
32+ # issues: write
33+ #
34+ # The lychee config is NOT configurable: callers always use the canonical
35+ # .github/lychee.toml from amd/skills (pinned to the same commit as this
36+ # workflow), so neither the logic nor the config can drift.
37+ workflow_call :
38+ inputs :
39+ markdown_glob :
40+ description : " Glob of markdown files to check, relative to the caller repo root."
41+ type : string
42+ default : " ./**/*.md"
2443
2544permissions :
2645 contents : read
@@ -34,11 +53,44 @@ jobs:
3453 - name : Check out repository
3554 uses : actions/checkout@v4
3655
56+ # The lychee config always comes from amd/skills so it can never drift.
57+ # When this repo runs the check on itself, the working-tree copy is used
58+ # (so PRs that edit the config are tested against their own changes).
59+ # When another repo calls this workflow, the canonical config is fetched
60+ # from amd/skills at the SAME commit as this workflow file
61+ # (github.job_workflow_sha), keeping logic and config in lockstep.
62+ # Sparse-checkout grabs only the config file so its markdown can't
63+ # pollute the scan.
64+ - name : Fetch canonical lychee config
65+ if : ${{ github.repository != 'amd/skills' }}
66+ uses : actions/checkout@v4
67+ with :
68+ repository : amd/skills
69+ ref : ${{ github.job_workflow_sha || 'main' }}
70+ path : .external-reference-check-config
71+ sparse-checkout : |
72+ .github/lychee.toml
73+ sparse-checkout-cone-mode : false
74+ persist-credentials : false
75+
76+ - name : Resolve lychee config path
77+ id : cfg
78+ shell : bash
79+ env :
80+ IS_CANONICAL : ${{ github.repository == 'amd/skills' }}
81+ run : |
82+ set -euo pipefail
83+ if [ "${IS_CANONICAL}" = "true" ]; then
84+ echo "path=.github/lychee.toml" >> "$GITHUB_OUTPUT"
85+ else
86+ echo "path=.external-reference-check-config/.github/lychee.toml" >> "$GITHUB_OUTPUT"
87+ fi
88+
3789 - name : Check external references
3890 id : lychee
3991 uses : lycheeverse/lychee-action@v2
4092 with :
41- args : --config .github/lychee.toml --no-progress ". /**/*.md"
93+ args : --config ${{ steps.cfg.outputs.path }} --no-progress "${{ inputs.markdown_glob || '. /**/*.md' }} "
4294 # Fail the workflow on PR and manual runs so broken external
4395 # references show up as a red check (mark this workflow as
4496 # not-required in branch protection if you don't want it to
0 commit comments