Skip to content

Commit 3f25f07

Browse files
ptr727claude
andcommitted
Declare workflow YAML as LF and validate line endings in CI
Dependabot and Actions rewrite workflow YAML with LF, so pin `.github/workflows/*.{yml,yaml}` to LF in `.editorconfig` and convert the existing files, keeping them consistent instead of mixed on every bump. Add `.editorconfig-checker.json` and a Docker `editorconfig-checker` step after actionlint in the lint job so CI enforces the endings. Also LF-pin the existing-LF `.dockerignore` (editorconfig + gitattributes) so the new checker is green without flipping Docker-consumed patterns to CRLF. Update AGENTS.md to record that workflow YAML is LF while other YAML stays CRLF. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 21cab2a commit 3f25f07

12 files changed

Lines changed: 735 additions & 711 deletions

.editorconfig

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,11 @@ indent_size = 2
3737
end_of_line = crlf
3838
indent_size = 2
3939

40+
# Workflow YAML is LF: Dependabot and Actions rewrite it with LF, so declaring LF keeps it consistent instead of
41+
# mixed. git still leaves endings alone (`* -text`); this and CI (editorconfig-checker) enforce it. Other YAML is CRLF.
42+
[.github/workflows/*.{yml,yaml}]
43+
end_of_line = lf
44+
4045
# JSON and JSONC files
4146
[*.{json,jsonc}]
4247
end_of_line = crlf
@@ -53,6 +58,11 @@ end_of_line = lf
5358
[{Dockerfile,*.Dockerfile}]
5459
end_of_line = lf
5560

61+
# .dockerignore is Docker-consumed and committed LF - CRLF can leak a trailing carriage return into ignore
62+
# patterns; pin LF like the Dockerfiles (extensionless, so no extension rule covers it).
63+
[.dockerignore]
64+
end_of_line = lf
65+
5666
# Windows scripts
5767
[*.{cmd,bat,ps1}]
5868
end_of_line = crlf

.editorconfig-checker.json

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
{
2+
"Disable": {
3+
"Charset": true,
4+
"Indentation": true,
5+
"IndentSize": true,
6+
"TrimTrailingWhitespace": true,
7+
"InsertFinalNewline": true,
8+
"MaxLineLength": true
9+
}
10+
}

.gitattributes

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,3 +15,4 @@
1515
# Dockerfiles must be LF - a CRLF breaks RUN heredocs and line continuations.
1616
Dockerfile text eol=lf
1717
*.Dockerfile text eol=lf
18+
.dockerignore text eol=lf
Lines changed: 109 additions & 109 deletions
Original file line numberDiff line numberDiff line change
@@ -1,110 +1,110 @@
1-
name: Build Docker image task
2-
3-
# Builds the multi-arch image (linux/amd64,arm64) and, on a main publish, pushes it plus the Docker Hub overview.
4-
# Branch drives config and tags: main => Release/`latest`, else Debug/`develop`, plus the `:SemVer2` tag. Smoke builds
5-
# amd64 only and never pushes; registry buildcache is branch-scoped. The orchestrator passes `branch` explicitly
6-
# (the publisher builds one branch per run - the trigger ref - and smoke passes github.ref_name).
7-
on:
8-
workflow_call:
9-
inputs:
10-
# Push the built image and the Docker Hub overview.
11-
push:
12-
required: false
13-
type: boolean
14-
default: false
15-
# Git ref to check out / version (empty = default checkout ref).
16-
ref:
17-
required: false
18-
type: string
19-
default: ''
20-
# Logical branch: main => Release/`latest`, else Debug/`develop`. Required (see header).
21-
branch:
22-
required: true
23-
type: string
24-
# Smoke: build linux/amd64 only, never push, skip the shared cache-to. Fast PR feedback.
25-
smoke:
26-
required: false
27-
type: boolean
28-
default: false
29-
# Version from the orchestrator's single NBGV run (threaded). This task does not
30-
# re-run NBGV on the detached commit, which could classify the branch differently.
31-
semver2:
32-
required: true
33-
type: string
34-
assembly_version:
35-
required: true
36-
type: string
37-
assembly_file_version:
38-
required: true
39-
type: string
40-
assembly_informational_version:
41-
required: true
42-
type: string
43-
44-
jobs:
45-
46-
build-docker:
47-
name: Build Docker image job
48-
runs-on: ubuntu-latest
49-
50-
steps:
51-
52-
- name: Checkout step
53-
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
54-
with:
55-
ref: ${{ inputs.ref }}
56-
57-
# QEMU only emulates arm64; smoke is amd64-only, so skip it to save setup cost.
58-
- name: Setup QEMU step
59-
if: ${{ !inputs.smoke }}
60-
uses: docker/setup-qemu-action@96fe6ef7f33517b61c61be40b68a1882f3264fb8 # v4.2.0
61-
with:
62-
platforms: linux/amd64,linux/arm64
63-
64-
- name: Setup Buildx step
65-
uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0
66-
with:
67-
platforms: ${{ inputs.smoke && 'linux/amd64' || 'linux/amd64,linux/arm64' }}
68-
69-
# Always login (even on smoke) for higher pull/cache-read rate limits; the credentials are in both the
70-
# Actions and Dependabot secret stores so a Dependabot push CI run can log in too. Forks cannot push here.
71-
- name: Login to Docker Hub step
1+
name: Build Docker image task
2+
3+
# Builds the multi-arch image (linux/amd64,arm64) and, on a main publish, pushes it plus the Docker Hub overview.
4+
# Branch drives config and tags: main => Release/`latest`, else Debug/`develop`, plus the `:SemVer2` tag. Smoke builds
5+
# amd64 only and never pushes; registry buildcache is branch-scoped. The orchestrator passes `branch` explicitly
6+
# (the publisher builds one branch per run - the trigger ref - and smoke passes github.ref_name).
7+
on:
8+
workflow_call:
9+
inputs:
10+
# Push the built image and the Docker Hub overview.
11+
push:
12+
required: false
13+
type: boolean
14+
default: false
15+
# Git ref to check out / version (empty = default checkout ref).
16+
ref:
17+
required: false
18+
type: string
19+
default: ''
20+
# Logical branch: main => Release/`latest`, else Debug/`develop`. Required (see header).
21+
branch:
22+
required: true
23+
type: string
24+
# Smoke: build linux/amd64 only, never push, skip the shared cache-to. Fast PR feedback.
25+
smoke:
26+
required: false
27+
type: boolean
28+
default: false
29+
# Version from the orchestrator's single NBGV run (threaded). This task does not
30+
# re-run NBGV on the detached commit, which could classify the branch differently.
31+
semver2:
32+
required: true
33+
type: string
34+
assembly_version:
35+
required: true
36+
type: string
37+
assembly_file_version:
38+
required: true
39+
type: string
40+
assembly_informational_version:
41+
required: true
42+
type: string
43+
44+
jobs:
45+
46+
build-docker:
47+
name: Build Docker image job
48+
runs-on: ubuntu-latest
49+
50+
steps:
51+
52+
- name: Checkout step
53+
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
54+
with:
55+
ref: ${{ inputs.ref }}
56+
57+
# QEMU only emulates arm64; smoke is amd64-only, so skip it to save setup cost.
58+
- name: Setup QEMU step
59+
if: ${{ !inputs.smoke }}
60+
uses: docker/setup-qemu-action@96fe6ef7f33517b61c61be40b68a1882f3264fb8 # v4.2.0
61+
with:
62+
platforms: linux/amd64,linux/arm64
63+
64+
- name: Setup Buildx step
65+
uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0
66+
with:
67+
platforms: ${{ inputs.smoke && 'linux/amd64' || 'linux/amd64,linux/arm64' }}
68+
69+
# Always login (even on smoke) for higher pull/cache-read rate limits; the credentials are in both the
70+
# Actions and Dependabot secret stores so a Dependabot push CI run can log in too. Forks cannot push here.
71+
- name: Login to Docker Hub step
7272
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
73-
with:
74-
username: ${{ secrets.DOCKER_HUB_USERNAME }}
75-
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
76-
77-
- name: Docker build and push step
78-
uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
79-
with:
80-
context: .
81-
push: ${{ inputs.push }}
82-
file: ./Docker/Dockerfile
83-
tags: |
84-
docker.io/ptr727/plexcleaner:${{ inputs.branch == 'main' && 'latest' || 'develop' }}
85-
docker.io/ptr727/plexcleaner:${{ inputs.semver2 }}
86-
platforms: ${{ inputs.smoke && 'linux/amd64' || 'linux/amd64,linux/arm64' }}
87-
# Read both branches' caches (near-identical layers), write only this branch's tag and only when pushing.
88-
# mode=max caches the builder publish; ignore-error keeps a cache hiccup from failing a publish.
89-
cache-from: |
90-
type=registry,ref=docker.io/ptr727/plexcleaner:buildcache-main
91-
type=registry,ref=docker.io/ptr727/plexcleaner:buildcache-develop
92-
cache-to: ${{ inputs.push && format('type=registry,ref=docker.io/ptr727/plexcleaner:buildcache-{0},mode=max,ignore-error=true', inputs.branch) || '' }}
93-
build-args: |
94-
LABEL_VERSION=${{ inputs.semver2 }}
95-
BUILD_CONFIGURATION=${{ inputs.branch == 'main' && 'Release' || 'Debug' }}
96-
BUILD_VERSION=${{ inputs.assembly_version }}
97-
BUILD_FILE_VERSION=${{ inputs.assembly_file_version }}
98-
BUILD_ASSEMBLY_VERSION=${{ inputs.assembly_version }}
99-
BUILD_INFORMATION_VERSION=${{ inputs.assembly_informational_version }}
100-
BUILD_PACKAGE_VERSION=${{ inputs.semver2 }}
101-
102-
# Push the trimmed Docker Hub overview from Docker/README.md, main only (one overview, no per-branch context).
103-
- name: Update Docker Hub description step
104-
if: ${{ inputs.push && inputs.branch == 'main' }}
105-
uses: peter-evans/dockerhub-description@1b9a80c056b620d92cedb9d9b5a223409c68ddfa # v5.0.0
106-
with:
107-
username: ${{ secrets.DOCKER_HUB_USERNAME }}
108-
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
109-
repository: ptr727/plexcleaner
110-
readme-filepath: ./Docker/README.md
73+
with:
74+
username: ${{ secrets.DOCKER_HUB_USERNAME }}
75+
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
76+
77+
- name: Docker build and push step
78+
uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
79+
with:
80+
context: .
81+
push: ${{ inputs.push }}
82+
file: ./Docker/Dockerfile
83+
tags: |
84+
docker.io/ptr727/plexcleaner:${{ inputs.branch == 'main' && 'latest' || 'develop' }}
85+
docker.io/ptr727/plexcleaner:${{ inputs.semver2 }}
86+
platforms: ${{ inputs.smoke && 'linux/amd64' || 'linux/amd64,linux/arm64' }}
87+
# Read both branches' caches (near-identical layers), write only this branch's tag and only when pushing.
88+
# mode=max caches the builder publish; ignore-error keeps a cache hiccup from failing a publish.
89+
cache-from: |
90+
type=registry,ref=docker.io/ptr727/plexcleaner:buildcache-main
91+
type=registry,ref=docker.io/ptr727/plexcleaner:buildcache-develop
92+
cache-to: ${{ inputs.push && format('type=registry,ref=docker.io/ptr727/plexcleaner:buildcache-{0},mode=max,ignore-error=true', inputs.branch) || '' }}
93+
build-args: |
94+
LABEL_VERSION=${{ inputs.semver2 }}
95+
BUILD_CONFIGURATION=${{ inputs.branch == 'main' && 'Release' || 'Debug' }}
96+
BUILD_VERSION=${{ inputs.assembly_version }}
97+
BUILD_FILE_VERSION=${{ inputs.assembly_file_version }}
98+
BUILD_ASSEMBLY_VERSION=${{ inputs.assembly_version }}
99+
BUILD_INFORMATION_VERSION=${{ inputs.assembly_informational_version }}
100+
BUILD_PACKAGE_VERSION=${{ inputs.semver2 }}
101+
102+
# Push the trimmed Docker Hub overview from Docker/README.md, main only (one overview, no per-branch context).
103+
- name: Update Docker Hub description step
104+
if: ${{ inputs.push && inputs.branch == 'main' }}
105+
uses: peter-evans/dockerhub-description@1b9a80c056b620d92cedb9d9b5a223409c68ddfa # v5.0.0
106+
with:
107+
username: ${{ secrets.DOCKER_HUB_USERNAME }}
108+
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
109+
repository: ptr727/plexcleaner
110+
readme-filepath: ./Docker/README.md

0 commit comments

Comments
 (0)