issue #172: start, missing vault fetch secret step #293
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Reusable workflow to validate organization standards | |
on: | |
workflow_call: | |
push: | |
jobs: | |
validate-name: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Check repository name | |
uses: actions/github-script@v5 | |
with: | |
script: | | |
const { repo } = context.repo; | |
if (repo.includes('_')) { | |
core.setFailed("Repository name contains underscores (_). " + | |
"Please use dashes (-) instead."); | |
} | |
- name: Check repository visibility | |
uses: actions/github-script@v5 | |
with: | |
script: | | |
const { owner,repo } = context.repo; | |
const repoDetails = await github.rest.repos.get({ owner,repo }) | |
if (repoDetails.data.private){ | |
core.setFailed("Repository is private, please make it public"); | |
} | |
# Run step even if previous steps fail. | |
if: always() | |
- name: Check repository description | |
uses: actions/github-script@v5 | |
with: | |
script: | | |
const { owner, repo } = context.repo; | |
const repoDetails = await github.rest.repos.get({ owner, repo }); | |
if (!repoDetails.data.description) { | |
core.setFailed("The repository does not have a description, " + | |
"please add one."); | |
} | |
# Run step even if previous steps fail. | |
if: always() | |
- name: Check branch protection | |
uses: actions/github-script@v5 | |
with: | |
github-token: ${{ secrets.AILAB_OCTOKIT_ACCESS_TOKEN }} | |
script: | | |
const { owner, repo } = context.repo; | |
try { | |
const protection = await github.rest.repos.getBranchProtection({ | |
owner, | |
repo, | |
branch: 'main' | |
}); | |
} catch (error) { | |
if (error.message.includes("Branch not protected")) { | |
core.setFailed("The main branch is not protected, " + | |
"please protect it."); | |
} else { | |
core.setFailed(`An error occurred: ${error.message}`); | |
} | |
return; | |
} | |
# Run step even if previous steps fail. | |
if: always() | |
- name: Check repository LICENSE | |
uses: actions/github-script@v5 | |
with: | |
script: | | |
const { owner, repo } = context.repo; | |
let refBranchNumber; | |
if (context.eventName === 'pull_request') { | |
refBranchNumber = context.payload.pull_request.head.ref; | |
} else { | |
refBranchNumber = process.env['GITHUB_REF'] | |
.replace('refs/heads/', ''); | |
} | |
try { | |
await github.rest.repos.getContent({ | |
owner, | |
repo, | |
path: `LICENSE`, | |
ref: refBranchNumber | |
}); | |
} catch (error) { | |
if (error.status === 404) { | |
core.setFailed(`The ${refBranchNumber} branch does not have ` + | |
`a LICENSE file, please add one.`); | |
} else { | |
core.setFailed(`An error occurred while checking for ` + | |
`LICENSE: ${error.message}`); | |
} | |
} | |
# Run step even if previous steps fail. | |
if: always() | |
- name: Check presence of README | |
uses: actions/github-script@v5 | |
with: | |
script: | | |
const { owner, repo } = context.repo; | |
let refBranchNumber; | |
if (context.eventName === 'pull_request') { | |
refBranchNumber = context.payload.pull_request.head.ref; | |
} else { | |
refBranchNumber = process.env['GITHUB_REF'] | |
.replace('refs/heads/', ''); | |
} | |
try { | |
await github.rest.repos.getContent({ | |
owner, | |
repo, | |
path: `README.md`, | |
ref: refBranchNumber | |
}); | |
} catch (error) { | |
if (error.status === 404) { | |
core.setFailed(`The ${refBranchNumber} branch does not have ` + | |
`a README.md file, please add one.`); | |
} else { | |
core.setFailed(`An error occurred while checking for ` + | |
`README: ${error.message}`); | |
} | |
} | |
# Run step even if previous steps fail. | |
if: always() | |
- name: Check presence of TESTING.md | |
uses: actions/github-script@v5 | |
with: | |
script: | | |
const { owner, repo } = context.repo; | |
let refBranchNumber; | |
if (context.eventName === 'pull_request') { | |
refBranchNumber = context.payload.pull_request.head.ref; | |
} else { | |
refBranchNumber = process.env['GITHUB_REF'] | |
.replace('refs/heads/', ''); | |
} | |
try { | |
await github.rest.repos.getContent({ | |
owner, | |
repo, | |
path: `TESTING.md`, | |
ref: refBranchNumber | |
}); | |
} catch (error) { | |
if (error.status === 404) { | |
core.setFailed(`The ${refBranchNumber} branch does not have ` + | |
`a TESTING.md file, please add one.`); | |
} else { | |
core.setFailed(`An error occurred while checking for ` + | |
`TESTING.md: ${error.message}`); | |
} | |
} | |
# Run step even if previous steps fail. | |
if: always() | |
- name: Check if all files end in newline | |
uses: fernandrone/linelint@master | |
id: linelint | |
# Run step even if previous steps fail. | |
if: always() |