ci: use actionlint on GHA workflows

- https://github.com/rhysd/actionlint is cool
2024-12-22 00:54:22 +01:00 · 2022-02-15 23:56:09 +01:00 · 2022-02-15 23:56:09 +01:00 · dbc61d72fb
commit dbc61d72fb
parent 2838ad9eae
4 changed files with 31 additions and 3 deletions
--- a/.github/actionlint-matcher.json
+++ b/.github/actionlint-matcher.json
@ -0,0 +1,17 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "actionlint",
+      "pattern": [
+        {
+          "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    }
+  ]
+}
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@ -15,7 +15,7 @@ jobs:

    - name: Extract dyndnsd version from tag name
      run: |
-        echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
+        echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> "$GITHUB_ENV"

    - name: Wait for dyndnsd ${{ env.DYNDNSD_VERSION }} gem to be available
      run: |
@ -23,6 +23,7 @@ jobs:
        for retry in $(seq 1 5); do
          echo "Checking if dyndnsd $DYNDNSD_VERSION gem is retrievable from rubygems.org (try #$retry)..."
          sudo gem install dyndnsd -v "$DYNDNSD_VERSION"
+          # shellcheck disable=SC2181
          if [ $? -eq 0 ]; then
            exit 0
          fi
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -33,3 +33,13 @@ jobs:
    - name: Lint and Test
      run: |
        bundle exec rake ci
+
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Check workflow files
+      run: |
+        echo "::add-matcher::.github/actionlint-matcher.json"
+        bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+        ./actionlint
--- a/.github/workflows/vulnscan.yml
+++ b/.github/workflows/vulnscan.yml
@ -16,9 +16,9 @@ jobs:
    steps:
    - name: Install Trivy
      run: |
-        mkdir -p $GITHUB_WORKSPACE/bin
+        mkdir -p "$GITHUB_WORKSPACE/bin"
        echo "$GITHUB_WORKSPACE/bin" >> "$GITHUB_PATH"
-        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin
+        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b "$GITHUB_WORKSPACE/bin"
    - name: Download Trivy DB
      run: |
        trivy image --download-db-only