Big 🫏 PR: IAP-gated single-image deploy with a fully mediated data plane #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Script Checks | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| jobs: | |
| shellcheck: | |
| name: ShellCheck deploy scripts | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # ShellCheck is preinstalled on the ubuntu-latest runner image, so no | |
| # install step is needed. | |
| - name: ShellCheck | |
| # Scope to error-level findings only: the deploy scripts carry many | |
| # intentional info/warning patterns (e.g. unquoted $PROJECT in gcloud | |
| # flags, sourcing ./config.txt) that should not block the gate. This | |
| # still catches real breakage like undefined-variable use or bad syntax. | |
| run: shellcheck --severity=error deploy.sh deploy/libs.sh deploy/grant-access.sh | |
| - name: Bash syntax check (bash -n) | |
| run: | | |
| for script in deploy.sh deploy/libs.sh deploy/grant-access.sh; do | |
| echo "Checking syntax: $script" | |
| bash -n "$script" | |
| done | |
| whitespace: | |
| name: Diff whitespace check | |
| # Only meaningful on a PR: it checks the lines this PR adds against the base | |
| # branch. git diff --check flags trailing whitespace, space-before-tab, and | |
| # stray conflict markers in the introduced lines (P3). | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: git diff --check against base | |
| run: | | |
| git fetch --no-tags origin "${{ github.base_ref }}" | |
| git diff --check "origin/${{ github.base_ref }}...HEAD" |