-
Notifications
You must be signed in to change notification settings - Fork 0
feat: enhance CI/CD with linting, security scanning, and testing #116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| name: Lint | ||
|
|
||
| on: | ||
| push: | ||
| branches: [master] | ||
| pull_request: | ||
| branches: [master] | ||
|
|
||
| jobs: | ||
| shellcheck: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: ShellCheck | ||
| uses: luizm/action-sh-checker@master | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| SHFMT_OPTS: -i 2 -ci | ||
| with: | ||
| sh_checker_comment: true | ||
| sh_checker_exclude: ".git" | ||
|
|
||
| shfmt: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| with: | ||
| ref: ${{ github.head_ref }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Setup shfmt | ||
| run: | | ||
| curl -sS https://webinstall.dev/shfmt | bash | ||
| echo "$HOME/.local/bin" >> $GITHUB_PATH | ||
| - name: Run shfmt | ||
| run: shfmt -i 2 -ci -w . | ||
| - name: Commit changes | ||
| uses: stefanzweifel/git-auto-commit-action@v5 | ||
| with: | ||
| commit_message: "style: auto-format shell scripts with shfmt" | ||
|
|
||
| yamllint: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - uses: frenck/action-yamllint@v1 | ||
|
Comment on lines
+44
to
+45
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Line 44 の 🤖 Prompt for AI Agents |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| name: Security | ||
|
|
||
| on: | ||
| push: | ||
| branches: [master] | ||
| pull_request: | ||
| branches: [master] | ||
|
|
||
| jobs: | ||
| gitleaks: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: gitleaks/gitleaks-action@v2 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,19 @@ | ||||||
| name: Test | ||||||
|
|
||||||
| on: | ||||||
| push: | ||||||
| branches: [master] | ||||||
| pull_request: | ||||||
| branches: [master] | ||||||
|
|
||||||
| jobs: | ||||||
| e2e: | ||||||
| runs-on: macos-latest | ||||||
| steps: | ||||||
| - uses: actions/checkout@v6 | ||||||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
他のワークフローと同様に修正が必要です。 🔎 修正案- - uses: actions/checkout@v6
+ - uses: actions/checkout@v4📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||
| - name: Run install.sh | ||||||
| run: ./install.sh | ||||||
| - name: Setup Bats | ||||||
| run: brew install bats-core | ||||||
| - name: Run Bats tests | ||||||
| run: bats tests/ | ||||||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| [allowlist] | ||
| paths = [ | ||
| ".config/1Password/", | ||
| ".ssh/config", | ||
| ] |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| repos: | ||
| - repo: https://github.com/shellcheck-py/shellcheck-py | ||
| rev: v0.10.0.1 | ||
| hooks: | ||
| - id: shellcheck | ||
|
Comment on lines
+2
to
+5
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Check latest shellcheck-py version from PyPI
pip index versions shellcheck-py 2>/dev/null | head -20 || echo "PyPI check failed, trying alternative methods"
# Also try to find version info from common sources
curl -s "https://api.github.com/repos/shellcheck-py/shellcheck-py/releases" 2>/dev/null | grep -o '"tag_name": "[^"]*"' | head -5 || echo "GitHub API failed"Repository: fumiya-kume/dotfiles Length of output: 150 🌐 Web query:
💡 Result:
Sources: PyPI release history for shellcheck-py. [1] ShellCheckのバージョンをv0.11.0.1に更新してください。 現在のv0.10.0.1はバージョンが古くなっています。最新バージョンはv0.11.0.1です(2025年8月9日リリース)。新しいバージョンに更新することで、最新のShell機能チェックと問題検出が可能になります。 🤖 Prompt for AI Agents |
||
|
|
||
| - repo: https://github.com/scop/pre-commit-shfmt | ||
| rev: v3.8.0-1 | ||
| hooks: | ||
| - id: shfmt | ||
| args: [-i, "2", -ci, -w] | ||
|
Comment on lines
+7
to
+11
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Check latest version of pre-commit-shfmt from GitHub releases
# Using curl instead of gh API for better compatibility
curl -s https://api.github.com/repos/scop/pre-commit-shfmt/releases/latest | jq -r '.tag_name'Repository: fumiya-kume/dotfiles Length of output: 68 🏁 Script executed: #!/bin/bash
# Try direct GitHub API without jq filtering first to see full response
curl -s https://api.github.com/repos/scop/pre-commit-shfmt/releases/latest | head -20Repository: fumiya-kume/dotfiles Length of output: 207 🌐 Web query:
💡 Result: The latest release/tag for scop/pre-commit-shfmt is v3.12.0-2. (github.com) Citations: shfmtのバージョンを更新してください。 現在のバージョン v3.8.0-1 は古くなっており、最新バージョン v3.12.0-2 へ更新することをお勧めします。設定されている引数(2スペースインデント、switch caseのインデント、自動書き込み)は適切です。 🤖 Prompt for AI Agents |
||
|
|
||
| - repo: https://github.com/gitleaks/gitleaks | ||
| rev: v8.18.4 | ||
| hooks: | ||
| - id: gitleaks | ||
|
Comment on lines
+13
to
+16
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query:
💡 Result: As of Dec 30, 2025:
Latest releases in 2024:
Sources: 🌐 Web query:
💡 Result: Short answer: There is no public security advisory specifically for gitleaks v8.18.4 — that release is a small patch (rule/regex updates) rather than a security-fix release. For vulnerability listings and which versions are affected, see Snyk's gitleaks vulnerability page and the v8.18.4 changelog/merge request. [1][2] Sources
If you want, I can: (a) list the CVEs Snyk attributes to gitleaks and which versions fix them, or (b) check the latest gitleaks release and security advisories and recommend an upgrade path. Gitleaksのバージョンを更新してください。 現在v8.18.4が使用されていますが、最新バージョンはv8.30.0(2025年11月26日リリース)です。 🤖 Prompt for AI Agents |
||
|
|
||
| - repo: https://github.com/adrienverge/yamllint | ||
| rev: v1.35.1 | ||
| hooks: | ||
| - id: yamllint | ||
|
Comment on lines
+18
to
+21
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query:
💡 Result: The latest yamllint release is v1.37.1 (tag v1.37.1), published May 4, 2025. [1][2] Sources:
yamllintを最新バージョンv1.37.1に更新してください。 現在v1.35.1が設定されていますが、最新バージョンはv1.37.1です。依存関係を最新に保つため、revをv1.37.1に更新することをお勧めします。 🤖 Prompt for AI Agents |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| #!/usr/bin/env bats | ||
|
|
||
| @test ".zshrc is symlink" { | ||
| [ -L "$HOME/.zshrc" ] | ||
| } | ||
|
|
||
| @test ".zshrc points to dotfiles" { | ||
| run readlink "$HOME/.zshrc" | ||
| [[ "$output" == *"dotfiles/home/.zshrc"* ]] | ||
| } | ||
|
|
||
| @test ".zprofile is symlink" { | ||
| [ -L "$HOME/.zprofile" ] | ||
| } | ||
|
|
||
| @test ".gitconfig is symlink" { | ||
| [ -L "$HOME/.gitconfig" ] | ||
| } | ||
|
|
||
| @test "starship.toml is symlink" { | ||
| [ -L "$HOME/.config/starship.toml" ] | ||
| } | ||
|
|
||
| @test ".tigrc is symlink" { | ||
| [ -L "$HOME/.tigrc" ] | ||
| } | ||
|
|
||
| @test "install.sh is idempotent" { | ||
| ./install.sh | ||
| ./install.sh | ||
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
フォークからのPRでは auto-commit が失敗します。
shfmtジョブは変更を自動コミットしますが、フォークからのPRではリポジトリへの書き込み権限がないため失敗します。また、ref: ${{ github.head_ref }}は push イベントでは空になる可能性があります。以下の対応を検討してください:
pull_request_targetを使用するか、🤖 Prompt for AI Agents