d44e9bbdd9
CI builds in fresh Fedora 43 container — matched pcre2/libselinux/selinux-policy versions, no fix-repo hack needed. Container starts every run from clean state, no zombie collisions. Fastest path to first green ISO.
55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
name: Lint
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
|
|
jobs:
|
|
ksvalidate:
|
|
name: Kickstart syntax
|
|
runs-on: ubuntu-24.04
|
|
container:
|
|
image: registry.fedoraproject.org/fedora:43
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- run: dnf -y install pykickstart
|
|
- run: ksvalidator kickstart/veilor-os.ks
|
|
|
|
shellcheck:
|
|
name: Shell scripts
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ludeeus/action-shellcheck@master
|
|
with:
|
|
severity: warning
|
|
ignore_paths: build/cache .github
|
|
|
|
brand-leak:
|
|
name: No personal/onyx leaks
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Grep for leaks
|
|
run: |
|
|
set -e
|
|
# Allow audit greps that explicitly check for the patterns
|
|
MATCHES=$(grep -rIni \
|
|
-e 'onyx' \
|
|
-e '192\.168\.0\.' \
|
|
-e 'fedora\.local' \
|
|
-e 'xynki\.dev' \
|
|
--exclude-dir=.git \
|
|
--exclude='*.md' \
|
|
. || true)
|
|
|
|
# Filter out test/audit lines that legitimately reference patterns
|
|
LEAKS=$(echo "$MATCHES" | grep -v -e 'should not contain' -e 'returns zero' -e 'audit grep' || true)
|
|
|
|
if [[ -n "$LEAKS" ]]; then
|
|
echo "::error::Brand leaks detected"
|
|
echo "$LEAKS"
|
|
exit 1
|
|
fi
|
|
echo "no leaks ✓"
|