Skip to content

issue #172: start, missing vault fetch secret step #293

issue #172: start, missing vault fetch secret step

issue #172: start, missing vault fetch secret step #293

---
name: Reusable workflow to validate organization standards
on:
workflow_call:
push:
jobs:
validate-name:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check repository name
uses: actions/github-script@v5
with:
script: |
const { repo } = context.repo;
if (repo.includes('_')) {
core.setFailed("Repository name contains underscores (_). " +
"Please use dashes (-) instead.");
}
- name: Check repository visibility
uses: actions/github-script@v5
with:
script: |
const { owner,repo } = context.repo;
const repoDetails = await github.rest.repos.get({ owner,repo })
if (repoDetails.data.private){
core.setFailed("Repository is private, please make it public");
}
# Run step even if previous steps fail.
if: always()
- name: Check repository description
uses: actions/github-script@v5
with:
script: |
const { owner, repo } = context.repo;
const repoDetails = await github.rest.repos.get({ owner, repo });
if (!repoDetails.data.description) {
core.setFailed("The repository does not have a description, " +
"please add one.");
}
# Run step even if previous steps fail.
if: always()
- name: Check branch protection
uses: actions/github-script@v5
with:
github-token: ${{ secrets.AILAB_OCTOKIT_ACCESS_TOKEN }}
script: |
const { owner, repo } = context.repo;
try {
const protection = await github.rest.repos.getBranchProtection({
owner,
repo,
branch: 'main'
});
} catch (error) {
if (error.message.includes("Branch not protected")) {
core.setFailed("The main branch is not protected, " +
"please protect it.");
} else {
core.setFailed(`An error occurred: ${error.message}`);
}
return;
}
# Run step even if previous steps fail.
if: always()
- name: Check repository LICENSE
uses: actions/github-script@v5
with:
script: |
const { owner, repo } = context.repo;
let refBranchNumber;
if (context.eventName === 'pull_request') {
refBranchNumber = context.payload.pull_request.head.ref;
} else {
refBranchNumber = process.env['GITHUB_REF']
.replace('refs/heads/', '');
}
try {
await github.rest.repos.getContent({
owner,
repo,
path: `LICENSE`,
ref: refBranchNumber
});
} catch (error) {
if (error.status === 404) {
core.setFailed(`The ${refBranchNumber} branch does not have ` +
`a LICENSE file, please add one.`);
} else {
core.setFailed(`An error occurred while checking for ` +
`LICENSE: ${error.message}`);
}
}
# Run step even if previous steps fail.
if: always()
- name: Check presence of README
uses: actions/github-script@v5
with:
script: |
const { owner, repo } = context.repo;
let refBranchNumber;
if (context.eventName === 'pull_request') {
refBranchNumber = context.payload.pull_request.head.ref;
} else {
refBranchNumber = process.env['GITHUB_REF']
.replace('refs/heads/', '');
}
try {
await github.rest.repos.getContent({
owner,
repo,
path: `README.md`,
ref: refBranchNumber
});
} catch (error) {
if (error.status === 404) {
core.setFailed(`The ${refBranchNumber} branch does not have ` +
`a README.md file, please add one.`);
} else {
core.setFailed(`An error occurred while checking for ` +
`README: ${error.message}`);
}
}
# Run step even if previous steps fail.
if: always()
- name: Check presence of TESTING.md
uses: actions/github-script@v5
with:
script: |
const { owner, repo } = context.repo;
let refBranchNumber;
if (context.eventName === 'pull_request') {
refBranchNumber = context.payload.pull_request.head.ref;
} else {
refBranchNumber = process.env['GITHUB_REF']
.replace('refs/heads/', '');
}
try {
await github.rest.repos.getContent({
owner,
repo,
path: `TESTING.md`,
ref: refBranchNumber
});
} catch (error) {
if (error.status === 404) {
core.setFailed(`The ${refBranchNumber} branch does not have ` +
`a TESTING.md file, please add one.`);
} else {
core.setFailed(`An error occurred while checking for ` +
`TESTING.md: ${error.message}`);
}
}
# Run step even if previous steps fail.
if: always()
- name: Check if all files end in newline
uses: fernandrone/linelint@master
id: linelint
# Run step even if previous steps fail.
if: always()