Skip to content

deps: Update dependency anolishq/anolis to v0.1.35 #57

deps: Update dependency anolishq/anolis to v0.1.35

deps: Update dependency anolishq/anolis to v0.1.35 #57

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
validate:
name: Validate project configs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- name: Set up Python
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6
with:
python-version: "3.12"
- name: Install Python dependencies
run: pip install pyyaml check-jsonschema
- name: Validate all YAML files
run: |
python - <<'EOF'
import sys, pathlib, yaml
errors = []
for f in pathlib.Path("projects").rglob("*.yaml"):
try:
yaml.safe_load(f.read_text())
except yaml.YAMLError as e:
errors.append(f"{f}: {e}")
if errors:
print("YAML validation errors:")
for e in errors:
print(f" {e}")
sys.exit(1)
print(f"Validated {sum(1 for _ in pathlib.Path('projects').rglob('*.yaml'))} YAML files OK")
EOF
- name: Check machine-profile.yaml exists in each project
run: |
python - <<'EOF'
import sys, pathlib
errors = []
checked = 0
for project in pathlib.Path("projects").iterdir():
if not project.is_dir():
continue
checked += 1
mp = project / "machine-profile.yaml"
if not mp.exists():
errors.append(f"{project}: missing machine-profile.yaml")
if errors:
print("Missing machine-profile.yaml:")
for e in errors:
print(f" {e}")
sys.exit(1)
print(f"All {checked} project(s) have machine-profile.yaml")
EOF
- name: Verify no .anpkg files committed
run: |
count=$(find projects -name "*.anpkg" | wc -l)
if [ "$count" -gt 0 ]; then
echo "ERROR: .anpkg files must not be committed:"
find projects -name "*.anpkg"
exit 1
fi
echo "No .anpkg files found — OK"
# The canonical machine-profile schema lives in anolishq/anolis and is
# published per release; this repo consumes it at the release pinned in
# schema-source.json (Renovate bumps the pin).
- name: Fetch canonical machine-profile schema (pinned anolis release)
run: |
REPO=$(python3 -c "import json; print(json.load(open('schema-source.json'))['repo'])")
VER=$(python3 -c "import json; print(json.load(open('schema-source.json'))['version'])")
BASE="https://github.com/${REPO}/releases/download/v${VER}"
curl -fsSL -o /tmp/schema.tar.gz "${BASE}/anolis-${VER}-machine-profile-schema.tar.gz"
curl -fsSL -o /tmp/schema-manifest.json "${BASE}/machine-profile-schema-manifest.json"
GOT=$(sha256sum /tmp/schema.tar.gz | awk '{print $1}')
WANT=$(python3 -c "import json; print(json.load(open('/tmp/schema-manifest.json'))['sha256'])")
if [ "${GOT}" != "${WANT}" ]; then
echo "ERROR: schema artifact sha256 mismatch (got ${GOT}, manifest says ${WANT})" >&2
exit 1
fi
mkdir -p /tmp/anolis-schema
tar -xzf /tmp/schema.tar.gz -C /tmp/anolis-schema
test -f /tmp/anolis-schema/schemas/machine/machine-profile.schema.json
- name: Validate machine-profile.yaml against canonical schema
run: |
check-jsonschema \
--schemafile /tmp/anolis-schema/schemas/machine/machine-profile.schema.json \
projects/*/machine-profile.yaml
- name: Shellcheck shell scripts
run: |
files=$(git ls-files '*.sh')
if [ -n "$files" ]; then
shellcheck $files
else
echo "No shell scripts to check"
fi
ok:
name: ok
if: always()
needs: [validate]
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Evaluate job results
run: |
echo "Job results: ${{ toJSON(needs.*.result) }}"
- name: Fail if any required job failed or was cancelled
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: exit 1