Skip to content
ci

feat(badges): publish shields.io for-the-badge style as the canonical SVG #59

Sign in to view logs

feat(badges): publish shields.io for-the-badge style as the canonical SVG

feat(badges): publish shields.io for-the-badge style as the canonical SVG #59

Workflow file for this run

.github/workflows/ci.yaml at d04017d
name: ci
on:
pull_request:
push:
branches: [main]
permissions: {}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
validate-config:
name: Validate config.yaml
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up yq
uses: mikefarah/yq@1b9b4ac5187171d2e5e3129be0cfa827c7f9d53d # v4.53.3
- name: Parse YAML
run: yq eval . config.yaml > /dev/null
- name: Required keys present
run: |
set -euo pipefail
required_keys=(
".config_version"
".catalogue.registry_repo.owner"
".catalogue.registry_repo.repo"
".catalogue.registry_repo.ref"
".scanners.skillspector.pin"
".verdict.malicious_risk_score"
".verdict.suspicious_risk_score"
".publish.release.rolling_tag"
".publish.pages.enabled"
".schedule.cron"
)
missing=0
for key in "${required_keys[@]}"; do
value="$(yq eval "${key}" config.yaml)"
if [[ "${value}" == "null" ]]; then
echo "Missing required config key: ${key}" >&2
missing=1
fi
done
exit "${missing}"
validate-schema:
name: Validate report schema
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Python
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
with:
python-version: "3.12"
- name: Install check-jsonschema
run: pip install "check-jsonschema==0.33.0"
- name: Validate schema is itself a valid JSON Schema
run: |
python -m json.tool schema/report.schema.json > /dev/null
check-jsonschema --check-metaschema schema/report.schema.json
pytest:
name: pytest + ruff
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Python
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
with:
python-version: "3.12"
- name: Install
run: |
python -m pip install --upgrade pip
pip install -e ".[dev]"
- name: ruff
run: ruff check scanner tests
- name: pytest
run: pytest
lint-markdown:
name: Markdownlint
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "22"
- name: Run markdownlint-cli2
run: npx --yes markdownlint-cli2@0.18.1 "**/*.md" "!**/node_modules/**" "!LICENSE"
site:
name: site (lint + types + test + build)
runs-on: ubuntu-latest
permissions:
contents: read
defaults:
run:
working-directory: site
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Install pnpm
uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
with:
version: 10.34.4
- name: Set up Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "22"
cache: "pnpm"
cache-dependency-path: site/pnpm-lock.yaml
- name: Install
run: pnpm install --frozen-lockfile
- name: Lint
run: pnpm lint
- name: Type-check
run: pnpm lint-types
- name: Test
run: pnpm test:ci
- name: Build
run: pnpm build
- name: Upload SPA build
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: site-dist
path: site/dist
retention-days: 7