react-webpack-rails-tutorial/bin/test-cpflow-github-flow at 29aec1267d8758d99d32e1cc05590ae40a8013e3 · shakacode/react-webpack-rails-tutorial · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/usr/bin/env bash
set -euo pipefail

ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
cd "$ROOT"

cpflow_cmd=(cpflow)
if [[ $# -gt 0 ]]; then
  cpflow_cmd=("$@")
fi

echo "==> cpflow github-flow-readiness"
bin/conductor-exec "${cpflow_cmd[@]}" github-flow-readiness

echo "==> parse generated GitHub Actions YAML"
bin/conductor-exec ruby <<'RUBY'
require "yaml"

Dir[".github/actions/**/action.yml", ".github/workflows/*.yml"].sort.each do |path|
  YAML.load_file(path, aliases: true)
  puts "parsed #{path}"
end
RUBY

echo "==> check composite action input descriptions"
bin/conductor-exec ruby <<'RUBY'
require "yaml"

bad = []
Dir[".github/actions/**/action.yml"].sort.each do |path|
  doc = YAML.load_file(path, aliases: true)
  doc.fetch("inputs", {}).each do |name, spec|
    bad << "#{path}:#{name}" if spec["description"].to_s.include?("${{")
  end
end

abort bad.join("\n") unless bad.empty?
puts "no action metadata descriptions contain GitHub expressions"
RUBY

echo "==> check cpflow reusable workflow refs"
bin/conductor-exec ruby <<'RUBY'
require "yaml"

CONTROL_PLANE_FLOW_WORKFLOW = %r{\Ashakacode/control-plane-flow/\.github/workflows/[^@\s]+@([^\s]+)\z}

refs = Hash.new { |hash, key| hash[key] = [] }

Dir[".github/workflows/cpflow-*.yml"].sort.each do |path|
  doc = YAML.load_file(path, aliases: true)
  doc.fetch("jobs", {}).each do |job_name, job|
    next unless job.is_a?(Hash)

    with = job["with"].is_a?(Hash) ? job["with"] : {}
    input_ref = with["control_plane_flow_ref"]
    uses_match = job["uses"].to_s.match(CONTROL_PLANE_FLOW_WORKFLOW)

    unless uses_match
      abort "#{path}:#{job_name} has control_plane_flow_ref but no control-plane-flow reusable workflow" if input_ref

      next
    end

    uses_ref = uses_match[1]
    refs[uses_ref] << "#{path}:#{job_name}"

    if input_ref
      refs[input_ref] << "#{path}:#{job_name}"
      abort "#{path}:#{job_name} mismatched cpflow refs: #{uses_ref}, #{input_ref}" if uses_ref != input_ref
    elsif job.key?("secrets")
      abort "#{path}:#{job_name} inherits secrets but is missing control_plane_flow_ref for #{uses_ref}"
    end
  end
end

if refs.empty?
  puts "no upstream cpflow reusable workflow refs found"
elsif refs.length > 1
  refs.each do |ref, paths|
    puts "#{ref}: #{paths.uniq.sort.join(', ')}"
  end
  abort "cpflow workflow wrappers use multiple upstream refs: #{refs.keys.sort.join(', ')}"
else
  puts "cpflow refs: #{refs.keys.sort.join(', ')}"
end
RUBY

echo "==> actionlint"
actionlint -ignore "SC2129" .github/workflows/cpflow-*.yml