65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
name: Lint
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
|
|
jobs:
|
|
ksvalidate:
|
|
name: Kickstart syntax
|
|
runs-on: ubuntu-24.04
|
|
container:
|
|
image: registry.fedoraproject.org/fedora:43
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- run: dnf -y install pykickstart
|
|
- run: ksvalidator kickstart/veilor-os.ks
|
|
|
|
shellcheck:
|
|
name: Shell scripts
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ludeeus/action-shellcheck@master
|
|
with:
|
|
severity: warning
|
|
ignore_paths: build/cache .github
|
|
|
|
brand-leak:
|
|
name: No personal/onyx leaks
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Grep for leaks
|
|
run: |
|
|
set -e
|
|
# Allow audit greps that explicitly check for the patterns
|
|
MATCHES=$(grep -rIni \
|
|
-e 'onyx' \
|
|
-e '192\.168\.0\.' \
|
|
-e 'fedora\.local' \
|
|
-e 'xynki\.dev' \
|
|
--exclude-dir=.git \
|
|
--exclude='*.md' \
|
|
. || true)
|
|
|
|
# Filter out self-referencing leak-detection grep patterns + audit text.
|
|
# Lines that contain the bash escaped grep pattern (onyx\|192\.168) are
|
|
# the leak detectors themselves, not leaks.
|
|
LEAKS=$(echo "$MATCHES" | grep -v \
|
|
-e 'should not contain' \
|
|
-e 'returns zero' \
|
|
-e 'audit grep' \
|
|
-e "'onyx\\\\\\\\\\\\|" \
|
|
-e 'onyx\\|' \
|
|
-e "name:.*onyx leaks" \
|
|
-e "-e 'onyx'" \
|
|
|| true)
|
|
|
|
if [[ -n "$LEAKS" ]]; then
|
|
echo "::error::Brand leaks detected"
|
|
echo "$LEAKS"
|
|
exit 1
|
|
fi
|
|
echo "no leaks ✓"
|