feat(lint): add actionlint for GitHub Actions workflow validation #229
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: The OSS Review Toolkit (ORT) | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| actions: read | |
| on: | |
| create: | |
| push: | |
| branches: | |
| - "release-*" | |
| pull_request: | |
| paths: | |
| - .github/workflows/ort.yml | |
| workflow_dispatch: | |
| concurrency: | |
| group: ORT-${{ github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| run-ort: | |
| name: Create attribution files | |
| # workaround for https://github.com/orgs/community/discussions/54860 (`create` event filter) | |
| if: > | |
| github.repository_owner == 'valkey-io' && | |
| (github.event_name != 'create' || | |
| (github.event_name == 'create' && | |
| ((github.event.ref_type == 'branch' && startsWith(github.event.ref, 'release-')) || | |
| github.event.ref_type == 'tag') | |
| ) | |
| ) | |
| runs-on: ubuntu-latest | |
| env: | |
| ATTRIBUTIONS_FILE: THIRD_PARTY_LICENSES | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| submodules: true | |
| - name: Setup target commit | |
| run: | | |
| echo "TARGET_COMMIT=$(git rev-parse HEAD)" >> "$GITHUB_ENV" | |
| - name: Set up JDK 11 for the ORT package | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: "temurin" | |
| java-version: 11 | |
| - name: Cache ORT and Gradle packages | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| id: cache-ort | |
| with: | |
| path: | | |
| /tmp/ort | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-ort | |
| - name: Checkout ORT Repository | |
| if: steps.cache-ort.outputs.cache-hit != 'true' | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| repository: oss-review-toolkit/ort | |
| path: ./ort | |
| ref: "82.1.0" | |
| submodules: recursive | |
| # Move ORT outside of repo, otherwise it will try to analyze itself (can't checkout straight to /tmp) | |
| - name: Move ORT Repository | |
| if: steps.cache-ort.outputs.cache-hit != 'true' | |
| run: mv ./ort /tmp | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| - name: Install ScanCode Toolkit | |
| run: | | |
| pip install --upgrade pip | |
| pip install scancode-toolkit | |
| - name: Build and install ORT | |
| if: steps.cache-ort.outputs.cache-hit != 'true' | |
| working-directory: /tmp/ort | |
| run: | | |
| export JAVA_OPTS="$JAVA_OPTS -Xmx8g" | |
| ./gradlew installDist | |
| - name: Create ORT config file | |
| run: | | |
| mkdir -p ~/.ort/config | |
| cat << EOF > ~/.ort/config/config.yml | |
| ort: | |
| analyzer: | |
| skip_excluded: true | |
| allowDynamicVersions: true | |
| enabledPackageManagers: [Cargo, NuGet] | |
| EOF | |
| cat ~/.ort/config/config.yml | |
| - name: Set up dotnet | |
| uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 | |
| with: | |
| dotnet-version: | | |
| 6 | |
| 8 | |
| 9 | |
| # Install it somewhere outside of repo, otherwise ORT will try to process inspector's sources too | |
| - name: Set up nuget-inspector | |
| working-directory: /tmp | |
| run: | | |
| wget -q https://github.com/aboutcode-org/nuget-inspector/releases/download/v0.9.12/nuget-inspector-v0.9.12-linux-x64.tar.gz | |
| tar xf nuget-inspector-*.tar.gz | |
| echo /tmp/nuget-inspector >> "$GITHUB_PATH" | |
| # Add SER, because >50% of glide C# client's code is copied from there for compatibility purposes | |
| - name: Add SER dependency | |
| working-directory: sources/Valkey.Glide | |
| run: | | |
| dotnet add package StackExchange.Redis --version 2.8.58 | |
| - name: Run ORT tools | |
| working-directory: /tmp/ort | |
| run: | | |
| mkdir -p "$GITHUB_WORKSPACE/ort_results" | |
| # Analyzer (analyzer-result.json) | |
| ./gradlew cli:run --args="--info analyze -i $GITHUB_WORKSPACE -o $GITHUB_WORKSPACE/ort_results -f JSON" | |
| # NOTICE DEFAULT | |
| ./gradlew cli:run --args="--info report -i $GITHUB_WORKSPACE/ort_results/analyzer-result.json -o $GITHUB_WORKSPACE/ort_results/ -f PlainTextTemplate" | |
| - name: Upload ORT results | |
| if: always() | |
| continue-on-error: true | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: ort_results | |
| path: | | |
| ort_results/** | |
| ### Get licenses ### | |
| - name: Retrieve licenses list | |
| working-directory: scripts | |
| run: | | |
| { | |
| echo 'LICENSES_LIST<<EOF' | |
| python3 get_licenses_from_ort.py | |
| echo EOF | |
| } >> "$GITHUB_ENV" | |
| ### Upload licenses ### | |
| - name: Get current date | |
| id: date | |
| run: | | |
| CURR_DATE=$(date +'%Y-%m-%d-%H') | |
| echo "date=${CURR_DATE}" >> "$GITHUB_OUTPUT" | |
| - name: Upload the final package list | |
| continue-on-error: true | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: final-package-list-${{ steps.date.outputs.date }} | |
| path: | | |
| scripts/final_package_list.txt | |
| retention-days: 30 | |
| - name: Upload the skipped package list | |
| continue-on-error: true | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: skipped-package-list-${{ steps.date.outputs.date }} | |
| path: | | |
| scripts/skipped_package_list.txt | |
| retention-days: 30 | |
| - name: Upload the unknown/unapproved package list | |
| continue-on-error: true | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: unapproved-package-list-${{ steps.date.outputs.date }} | |
| path: | | |
| scripts/unapproved_package_list.txt | |
| retention-days: 30 | |
| - name: Check for unapproved packages | |
| run: | | |
| if [ -s scripts/unapproved_package_list.txt ]; then | |
| echo "::error::Found unapproved packages. Please review unapproved package list" | |
| cat scripts/unapproved_package_list.txt | |
| exit 1 | |
| else | |
| echo "No unapproved packages found." | |
| fi | |
| ### Check for ATTRIBUTIONS_FILE diff ### | |
| - name: Check for diff | |
| run: | | |
| cp ort_results/NOTICE_DEFAULT "$ATTRIBUTIONS_FILE" | |
| GIT_DIFF=$(git diff "$ATTRIBUTIONS_FILE") | |
| if [ -n "$GIT_DIFF" ]; then | |
| echo "FOUND_DIFF=true" >> "$GITHUB_ENV" | |
| else | |
| echo "FOUND_DIFF=false" >> "$GITHUB_ENV" | |
| fi | |
| ### Create PR, Note a potential race on the source branch ### | |
| - name: Create or update pull request | |
| if: ${{ env.FOUND_DIFF == 'true' }} | |
| id: create-pr | |
| uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| sign-commits: true | |
| commit-message: "Updated attribution files\n\nSigned-off-by: ort-bot <valkey-glide@lists.valkey.io>" | |
| branch: "ort-diff-for-${{ github.head_ref || github.ref_name }}" | |
| base: ${{ github.head_ref || github.ref_name }} | |
| title: "Updated attribution files for commit ${{ env.TARGET_COMMIT }}" | |
| body: "Created by Github action. ${{ env.LICENSES_LIST }}" | |
| add-paths: | | |
| ${{ env.ATTRIBUTIONS_FILE }} | |
| - name: Enable auto-merge | |
| if: ${{ steps.create-pr.outputs.pull-request-number != '' }} | |
| continue-on-error: true | |
| run: gh pr merge "${{ steps.create-pr.outputs.pull-request-number }}" --auto --squash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ### Warn of outdated ATTRIBUTIONS_FILE ### | |
| - name: Warn of outdated ATTRIBUTIONS_FILE | |
| if: ${{ env.FOUND_DIFF == 'true' }} | |
| run: | | |
| MESSAGE="WARNING! The attribution files is outdated on this branch. Please ensure updating it by manually running of this workflow!" | |
| # Echo the message to the console | |
| echo "$MESSAGE" | |
| # Emit a general warning in the action log | |
| echo "::warning::$MESSAGE" | |
| if ! git diff --quiet "$ATTRIBUTIONS_FILE"; then | |
| # Emit a warning associated with the changed file | |
| echo "::warning file=$ATTRIBUTIONS_FILE::WARNING! The attribution file is outdated." | |
| fi |