feat(shared): offline-tolerant sync.sh (#43) #62
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| # Self-CI for github-action-templates. | |
| # | |
| # This repo is the shared source-of-truth for ~18 consumer repos across | |
| # whengas / jr200-labs / jr200 — every push to main effectively ships to | |
| # production immediately, since: | |
| # | |
| # * `default.json` is the Renovate preset extended by every consumer's | |
| # `renovate.json` via `github>jr200-labs/github-action-templates` | |
| # * The `*.yml` workflows are reusable workflows referenced via | |
| # `uses: jr200-labs/github-action-templates/.github/workflows/<x>.yml@master` | |
| # | |
| # A broken commit here breaks every consumer on their next run, with no | |
| # rollback path other than another forward commit. This CI gate exists so | |
| # that broken changes are caught at PR time instead of in production. | |
| # | |
| # Tracked in jr200-labs JRL-20. | |
| on: | |
| pull_request: | |
| branches: [master] | |
| push: | |
| branches: [master] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| validate-renovate-preset: | |
| # Validates default.json + renovate.json against Renovate's strict schema. | |
| # Pinned to renovate@43 to match `renovate-version: '43'` baked into the | |
| # `renovatebot/github-action@v46.1.8` action that the cron workflow uses | |
| # in `renovate.yml`. If we drift from that version we risk validating | |
| # against one schema and running against another. | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22.22.2' | |
| - name: Validate Renovate config | |
| run: | | |
| npx --yes --package=renovate@43 -- \ | |
| renovate-config-validator --strict default.json renovate.json | |
| validate-workflow-syntax: | |
| # actionlint catches: YAML parse errors, invalid `if:` expressions, | |
| # missing/duplicate inputs, wrong action ref formats, undefined step | |
| # outputs, etc. Shellcheck integration is disabled because the | |
| # existing `run:` blocks have a long tail of low-priority style | |
| # findings (SC2086 etc.) that are out of scope for this gate — those | |
| # can be cleaned up separately if/when desired. | |
| # | |
| # `-ignore` patterns suppress known pre-existing warnings that we | |
| # haven't fixed yet, so the gate stays green on day one. When the | |
| # underlying issue is fixed, the corresponding `-ignore` line should | |
| # be removed so any future regression is caught. | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install actionlint | |
| id: get_actionlint | |
| run: | | |
| bash <(curl -fsSL https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) | |
| echo "exe=$(pwd)/actionlint" >> "$GITHUB_OUTPUT" | |
| - name: Run actionlint | |
| run: | | |
| "${{ steps.get_actionlint.outputs.exe }}" \ | |
| -color \ | |
| -shellcheck= \ | |
| -ignore 'peaceiris/actions-gh-pages@v3' |