From 959ace6a799476c07aaa00cd6599433832fa4721 Mon Sep 17 00:00:00 2001 From: Mikkel Ricky Date: Mon, 5 Jan 2026 22:19:14 +0100 Subject: [PATCH] Added actionlint --- .github/workflows/actions.yaml | 19 +++++++++++++++++++ .github/workflows/pr.yaml | 8 ++++---- .github/workflows/workflow-template.yaml | 16 +++++++++------- github/workflows/drupal/site.yaml | 21 +++++++++++++-------- 4 files changed, 45 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/actions.yaml diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml new file mode 100644 index 0000000..837933f --- /dev/null +++ b/.github/workflows/actions.yaml @@ -0,0 +1,19 @@ +name: Actions + +on: + pull_request: + push: + branches: + - main + - develop + +jobs: + # https://github.com/rhysd/actionlint/blob/v1.7.10/docs/usage.md#use-actionlint-on-github-actions + actionlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + - name: Check workflow files + uses: docker://rhysd/actionlint:latest + with: + args: -color diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index c820fc5..c4b1dc6 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -22,13 +22,13 @@ jobs: - name: Validate local docker compose files run: | DC=$(COMPOSE_DOMAIN=test.itkdev.dk docker compose --file templates/${{ matrix.version }}/docker-compose.yml config --quiet 2>&1) - [ -z "$DC" ] || { echo $DC; exit 1; } + [ -z "$DC" ] || { echo "$DC"; exit 1; } - name: Validate server docker compose files run: | DC=$(COMPOSE_SERVER_DOMAIN=test.itkdev.dk docker compose --file templates/${{ matrix.version }}/docker-compose.server.yml config --quiet 2>&1) - [ -z "$DC" ] || { echo $DC; exit 1; } + [ -z "$DC" ] || { echo "$DC"; exit 1; } DC=$(COMPOSE_SERVER_DOMAIN=test.itkdev.dk docker compose --file templates/${{ matrix.version }}/docker-compose.server.yml --file templates/${{ matrix.version }}/docker-compose.dev.yml config --quiet 2>&1) - [ -z "$DC" ] || { echo $DC; exit 1; } + [ -z "$DC" ] || { echo "$DC"; exit 1; } DC=$(COMPOSE_SERVER_DOMAIN=test.itkdev.dk docker compose --file templates/${{ matrix.version }}/docker-compose.server.yml --file templates/${{ matrix.version }}/docker-compose.redirect.yml config --quiet 2>&1) - [ -z "$DC" ] || { echo $DC; exit 1; } + [ -z "$DC" ] || { echo "$DC"; exit 1; } diff --git a/.github/workflows/workflow-template.yaml b/.github/workflows/workflow-template.yaml index cba178d..9b9a007 100644 --- a/.github/workflows/workflow-template.yaml +++ b/.github/workflows/workflow-template.yaml @@ -3,16 +3,18 @@ on: pull_request name: Workflow templates jobs: - check-yaml: + # https://github.com/rhysd/actionlint/blob/v1.7.10/docs/usage.md#use-actionlint-on-github-actions + actionlint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - - run: | - docker pull mikefarah/yq - for f in $(find github/workflows/ -name '*.yaml'); do - docker run --rm --volume "$PWD":/workdir mikefarah/yq "$f" > /dev/null - done + - name: Check workflow files + # uses: docker://rhysd/actionlint:latest + # with: + # args: -color github/workflows/*.yaml github/workflows/*/*.yaml + # @todo Can we make globbing work in `with.args`? + run: | + docker run --rm --volume "$PWD":/repo --workdir /repo rhysd/actionlint:latest -color github/workflows/*.yaml github/workflows/*/*.yaml shellcheck: runs-on: ubuntu-latest diff --git a/github/workflows/drupal/site.yaml b/github/workflows/drupal/site.yaml index c410a91..84793fb 100644 --- a/github/workflows/drupal/site.yaml +++ b/github/workflows/drupal/site.yaml @@ -48,12 +48,15 @@ jobs: docker compose exec phpfpm composer install --no-interaction - name: Install site + # https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks + env: + HASH_SALT: ${{ github.head_ref }} run: | # Add some local settings. - cat > web/sites/default/settings.local.php <<'EOF' + cat > web/sites/default/settings.local.php < web/sites/default/settings.local.php <<'EOF' + cat > web/sites/default/settings.local.php <