Skip to content

feat(patterns): add maturity and provenance gates #21

feat(patterns): add maturity and provenance gates

feat(patterns): add maturity and provenance gates #21

Workflow file for this run

---
name: Markdown Validation
'on':
push:
paths:
- "README.md"
- "docs/**/*.md"
- "patterns/**/*.md"
- "TryHackMe/**/*.md"
- "TryHackMe/_meta/TAGS.md"
- "notes/**/*.md"
- "schemas/**/*.json"
- "scripts/check_markdown.py"
- "scripts/check_pattern_library.py"
- "scripts/render_readme_snapshot.py"
- "scripts/render_tags_doc.py"
- "scripts/generate_markdownlint_debt.py"
- "scripts/run_markdownlint.py"
- "requirements-lint.txt"
- ".markdownlint-cli2.jsonc"
- ".markdownlint-cli2-debt.jsonc"
- ".pre-commit-config.yaml"
- ".github/workflows/markdown-lint.yml"
- ".github/workflows/markdownlint-debt.yml"
pull_request:
paths:
- "README.md"
- "docs/**/*.md"
- "patterns/**/*.md"
- "TryHackMe/**/*.md"
- "TryHackMe/_meta/TAGS.md"
- "notes/**/*.md"
- "schemas/**/*.json"
- "scripts/check_markdown.py"
- "scripts/check_pattern_library.py"
- "scripts/render_readme_snapshot.py"
- "scripts/render_tags_doc.py"
- "scripts/generate_markdownlint_debt.py"
- "scripts/run_markdownlint.py"
- "requirements-lint.txt"
- ".markdownlint-cli2.jsonc"
- ".markdownlint-cli2-debt.jsonc"
- ".pre-commit-config.yaml"
- ".github/workflows/markdown-lint.yml"
- ".github/workflows/markdownlint-debt.yml"
jobs:
note-validation:
name: Taxonomy and Front Matter
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install lint dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -r requirements-lint.txt
- name: Verify TAGS.md is in sync with taxonomy.json
run: python scripts/render_tags_doc.py --check
- name: Verify README.md snapshot is in sync with tracked notes
run: python scripts/render_readme_snapshot.py --check
- name: Validate pattern library contract
run: python scripts/check_pattern_library.py
- name: Run Markdown checks
run: python scripts/check_markdown.py
markdownlint-changed:
name: Markdownlint Changed Public Markdown
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Collect changed public Markdown files
id: changed-md
shell: bash
env:
BASE_REF: ${{ github.base_ref }}
BEFORE_SHA: ${{ github.event.before }}
EVENT_NAME: ${{ github.event_name }}
HEAD_SHA: ${{ github.sha }}
run: |
set -euo pipefail
zero_sha="0000000000000000000000000000000000000000"
if [[ "${EVENT_NAME}" == "pull_request" ]]; then
git fetch --no-tags --prune --depth=1 origin "${BASE_REF}"
diff_range="origin/${BASE_REF}...HEAD"
elif [[ "${BEFORE_SHA}" != "${zero_sha}" ]]; then
diff_range="${BEFORE_SHA}...${HEAD_SHA}"
else
diff_range=""
fi
if [[ -n "${diff_range}" ]]; then
mapfile -t files < <(
git diff --name-only --diff-filter=ACMR "${diff_range}" |
grep -E '^(README\.md|(TryHackMe|notes|patterns)/.*\.md)$' |
grep -Ev '^TryHackMe/_meta/' || true
)
else
mapfile -t files < <(
git show --pretty='' --name-only "${HEAD_SHA}" |
grep -E '^(README\.md|(TryHackMe|notes|patterns)/.*\.md)$' |
grep -Ev '^TryHackMe/_meta/' || true
)
fi
echo "count=${#files[@]}" >> "${GITHUB_OUTPUT}"
{
echo "files<<EOF"
printf '%s\n' "${files[@]}"
echo "EOF"
} >> "${GITHUB_OUTPUT}"
- name: Run markdownlint on changed public Markdown files
if: steps.changed-md.outputs.count != '0'
shell: bash
run: |
set -euo pipefail
mapfile -t files <<'EOF'
${{ steps.changed-md.outputs.files }}
EOF
python scripts/run_markdownlint.py "${files[@]}"
- name: Skip markdownlint when no public Markdown changed
if: steps.changed-md.outputs.count == '0'
run: |
echo "No changed public Markdown files;"
echo "skipping markdownlint."