Skip to content

Commit 9ec9007

Browse files
committed
Add explicit awesome lint PR check
1 parent 8c8683f commit 9ec9007

2 files changed

Lines changed: 36 additions & 6 deletions

File tree

.github/workflows/main.yml

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,35 @@ jobs:
9292
if: github.event_name == 'pull_request'
9393
run: node .trusted-base/scripts/check-repo-hygiene.mjs --root "$GITHUB_WORKSPACE" --changed-files .changed-files --diff-file .readme.diff
9494

95+
- name: Run repo hygiene checks
96+
if: github.event_name != 'pull_request'
97+
run: node scripts/check-repo-hygiene.mjs --changed-files .changed-files --diff-file .readme.diff
98+
99+
awesome-lint:
100+
name: awesome-lint
101+
runs-on: ubuntu-latest
102+
steps:
103+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
104+
with:
105+
fetch-depth: 1
106+
107+
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
108+
with:
109+
node-version: 20
110+
111+
- name: Enable pnpm
112+
run: |
113+
corepack enable
114+
corepack prepare pnpm@10.20.0 --activate
115+
116+
- name: Checkout trusted base checks
117+
if: github.event_name == 'pull_request'
118+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
119+
with:
120+
ref: ${{ github.event.pull_request.base.sha }}
121+
path: .trusted-base
122+
fetch-depth: 1
123+
95124
- name: Run trusted awesome-list checks
96125
if: github.event_name == 'pull_request'
97126
run: |
@@ -107,7 +136,3 @@ jobs:
107136
run: |
108137
pnpm run check:awesome-list
109138
pnpm run check:awesome-list:upstream
110-
111-
- name: Run repo hygiene checks
112-
if: github.event_name != 'pull_request'
113-
run: node scripts/check-repo-hygiene.mjs --changed-files .changed-files --diff-file .readme.diff

scripts/workflow-security.test.mjs

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,17 @@ test("pull request hygiene runs the trusted base copy of the script", () => {
1919
);
2020
});
2121

22-
test("pull request hygiene runs trusted awesome-list checks", () => {
22+
test("workflow has an explicit awesome-lint job for every pull request", () => {
23+
assert.match(workflow, /^ awesome-lint:\n\s+name:\s+awesome-lint\n\s+runs-on:\s+ubuntu-latest$/m);
24+
assert.match(workflow, /^ pull_request:\n\s+branches:\s+\[main\]$/m);
25+
});
26+
27+
test("pull requests run trusted awesome-list checks", () => {
2328
assert.match(workflow, /node \.trusted-base\/scripts\/check-awesome-list\.mjs --root "\$GITHUB_WORKSPACE"/);
2429
assert.match(workflow, /pnpm dlx awesome-lint "\$GITHUB_WORKSPACE\/README\.md"/);
2530
});
2631

27-
test("push hygiene runs local awesome-list checks", () => {
32+
test("pushes run local awesome-list checks", () => {
2833
assert.match(workflow, /pnpm install --frozen-lockfile/);
2934
assert.match(workflow, /pnpm run check:awesome-list/);
3035
assert.match(workflow, /pnpm run check:awesome-list:upstream/);

0 commit comments

Comments
 (0)