sqllocaldb/.github/workflows/lint.yml at main · martincostello/sqllocaldb · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: lint

on:
  push:
    branches: [ main ]
    paths-ignore:
      - '**/*.gitattributes'
      - '**/*.gitignore'
      - '**/*.md'
  pull_request:
  workflow_dispatch:

permissions: {}

env:
  FORCE_COLOR: 3
  # renovate: datasource=github-releases depName=powershell-yaml packageName=cloudbase/powershell-yaml
  POWERSHELL_YAML_VERSION: '0.4.12'
  # renovate: datasource=github-releases depName=PSScriptAnalyzer packageName=PowerShell/PSScriptAnalyzer
  PSSCRIPTANALYZER_VERSION: '1.25.0'
  TERM: xterm
  # renovate: datasource=github-releases depName=zizmor packageName=zizmorcore/zizmor
  ZIZMOR_VERSION: '1.23.1'

jobs:
  lint:
    runs-on: ubuntu-latest

    permissions:
      actions: read
      contents: read
      security-events: write

    steps:

    - name: Checkout code
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        filter: 'tree:0'
        persist-credentials: false
        show-progress: false

    - name: Add actionlint problem matcher
      run: echo "::add-matcher::.github/actionlint-matcher.json"

    - name: Lint workflows with actionlint
      uses: docker://rhysd/actionlint:1.7.11@sha256:6f03470d0152251d7f07f7c4dc019dbe7024c72cd952f839544c7798843efa8f
      with:
        args: -color

    - name: Lint workflows with zizmor
      uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
      with:
        persona: pedantic
        version: ${{ env.ZIZMOR_VERSION }}

    - name: Lint markdown
      uses: DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101 # v22.0.0
      with:
        config: '.markdownlint.json'
        globs: |
          **/*.md

    - name: Lint PowerShell in workflows
      uses: martincostello/lint-actions-powershell@e088367ebeb113cd7c1ebee5c541175d93e945b7 # v1.0.1
      with:
        powershell-yaml-version: ${{ env.POWERSHELL_YAML_VERSION }}
        psscriptanalyzer-version: ${{ env.PSSCRIPTANALYZER_VERSION }}
        treat-warnings-as-errors: true

    - name: Lint PowerShell scripts
      shell: pwsh
      run: |
        $settings = @{
          IncludeDefaultRules = $true
          Severity = @("Error", "Warning")
        }
        $issues = Invoke-ScriptAnalyzer -Path ${env:GITHUB_WORKSPACE} -Recurse -ReportSummary -Settings $settings
        foreach ($issue in $issues) {
          $severity = $issue.Severity.ToString()
          $level = $severity.Contains("Error") ? "error" : $severity.Contains("Warning") ? "warning" : "notice"
          Write-Output "::${level} file=$($issue.ScriptName),line=$($issue.Line),title=PSScriptAnalyzer::$($issue.Message)"
        }
        if ($issues.Count -gt 0) {
          exit 1
        }