feat(scanner): v1 public API + shields.io badge endpoints #53

Workflow file for this run

	name: ci
	on:
	pull_request:
	push:
	branches: [main]

	permissions: {}

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

	jobs:
	validate-config:
	name: Validate config.yaml
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
	- name: Set up yq
	uses: mikefarah/yq@1b9b4ac5187171d2e5e3129be0cfa827c7f9d53d # v4.53.3
	- name: Parse YAML
	run: yq eval . config.yaml > /dev/null
	- name: Required keys present
	run: \|
	set -euo pipefail
	required_keys=(
	".config_version"
	".catalogue.registry_repo.owner"
	".catalogue.registry_repo.repo"
	".catalogue.registry_repo.ref"
	".scanners.skillspector.pin"
	".verdict.malicious_risk_score"
	".verdict.suspicious_risk_score"
	".publish.release.rolling_tag"
	".publish.pages.enabled"
	".schedule.cron"
	)
	missing=0
	for key in "${required_keys[@]}"; do
	value="$(yq eval "${key}" config.yaml)"
	if [[ "${value}" == "null" ]]; then
	echo "Missing required config key: ${key}" >&2
	missing=1
	fi
	done
	exit "${missing}"

	validate-schema:
	name: Validate report schema
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
	- name: Set up Python
	uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
	with:
	python-version: "3.12"
	- name: Install check-jsonschema
	run: pip install "check-jsonschema==0.33.0"
	- name: Validate schema is itself a valid JSON Schema
	run: \|
	python -m json.tool schema/report.schema.json > /dev/null
	check-jsonschema --check-metaschema schema/report.schema.json

	pytest:
	name: pytest + ruff
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
	- name: Set up Python
	uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
	with:
	python-version: "3.12"
	- name: Install
	run: \|
	python -m pip install --upgrade pip
	pip install -e ".[dev]"
	- name: ruff
	run: ruff check scanner tests
	- name: pytest
	run: pytest

	lint-markdown:
	name: Markdownlint
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
	- name: Set up Node
	uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
	with:
	node-version: "22"
	- name: Run markdownlint-cli2
	run: npx --yes markdownlint-cli2@0.18.1 "*/.md" "!/node_modules/" "!LICENSE"

	site:
	name: site (lint + types + test + build)
	runs-on: ubuntu-latest
	permissions:
	contents: read
	defaults:
	run:
	working-directory: site
	steps:
	- name: Checkout
	uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
	- name: Install pnpm
	uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
	with:
	version: 10.34.4
	- name: Set up Node
	uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
	with:
	node-version: "22"
	cache: "pnpm"
	cache-dependency-path: site/pnpm-lock.yaml
	- name: Install
	run: pnpm install --frozen-lockfile
	- name: Lint
	run: pnpm lint
	- name: Type-check
	run: pnpm lint-types
	- name: Test
	run: pnpm test:ci
	- name: Build
	run: pnpm build
	- name: Upload SPA build
	uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
	with:
	name: site-dist
	path: site/dist
	retention-days: 7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(scanner): v1 public API + shields.io badge endpoints #53

Workflow file

feat(scanner): v1 public API + shields.io badge endpoints #53

Uh oh!

Workflow file for this run