feat: rework macos.sh setup #202
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server:$schema=https://json.schemastore.org/github-workflow.json | |
| # https://docs.github.com/en/actions/writing-workflows | |
| name: Verify | |
| # yamllint disable-line rule:truthy | |
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| editorconfig: | |
| description: Run EditorConfig linter | |
| default: true | |
| type: boolean | |
| gitleaks: | |
| description: Run Gitleaks (Secret scanner) | |
| default: true | |
| type: boolean | |
| markdownlint: | |
| description: Run Markdown linter | |
| default: true | |
| type: boolean | |
| shellcheck: | |
| description: Run shellcheck (shell script linter) | |
| default: true | |
| type: boolean | |
| taplo: | |
| description: Run taplo (TOML linter) | |
| default: true | |
| type: boolean | |
| yamllint: | |
| description: Run yamllint (YAML linter) | |
| default: true | |
| type: boolean | |
| # https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token | |
| permissions: | |
| contents: read | |
| jobs: | |
| editorconfig: | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.editorconfig || true }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Extract Tool Versions | |
| id: tool-versions | |
| run: | | |
| ec_version=$(grep -F 'editorconfig-checker' .mise.toml | cut -d '=' -f2 | cut -d '#' -f1 | xargs) | |
| ec_shasum=$(grep -F 'editorconfig-checker' .mise.toml | cut -d '=' -f3 | xargs) | |
| echo "ec_version=${ec_version}" >> "$GITHUB_OUTPUT" | |
| echo "ec_shasum=${ec_shasum}" >> "$GITHUB_OUTPUT" | |
| - name: Run EditorConfig Checker | |
| env: | |
| EDITORCONFIG_VERSION: ${{ steps.tool-versions.outputs.ec_version }} | |
| EDITORCONFIG_SHASUM: ${{ steps.tool-versions.outputs.ec_shasum }} | |
| run: | | |
| curl --fail --silent --show-error --location --output editorconfig.tar.gz \ | |
| https://github.com/editorconfig-checker/editorconfig-checker/releases/download/v${EDITORCONFIG_VERSION}/ec-linux-amd64.tar.gz | |
| echo "${EDITORCONFIG_SHASUM} editorconfig.tar.gz" | sha256sum --check | |
| tar -xzf editorconfig.tar.gz bin/ec-linux-amd64 | |
| ./bin/ec-linux-amd64 --exclude .git | |
| gitleaks: | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.gitleaks || true }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Extract Tool Versions | |
| id: tool-versions | |
| run: | | |
| gitleaks_version=$(grep -F 'gitleaks' .mise.toml | cut -d '=' -f2 | cut -d '#' -f1 | xargs) | |
| gitleaks_shasum=$(grep -F 'gitleaks' .mise.toml | cut -d '=' -f3 | xargs) | |
| echo "gitleaks_version=${gitleaks_version}" >> "$GITHUB_OUTPUT" | |
| echo "gitleaks_shasum=${gitleaks_shasum}" >> "$GITHUB_OUTPUT" | |
| - name: Install Gitleaks | |
| env: | |
| GITLEAKS_VERSION: ${{ steps.tool-versions.outputs.gitleaks_version }} | |
| GITLEAKS_SHASUM: ${{ steps.tool-versions.outputs.gitleaks_shasum }} | |
| run: | | |
| curl --fail --silent --show-error --location --output gitleaks.tar.gz \ | |
| https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz | |
| echo "${GITLEAKS_SHASUM} gitleaks.tar.gz" | sha256sum --check | |
| tar -xzf gitleaks.tar.gz gitleaks | |
| ./gitleaks dir --verbose --redact . | |
| markdownlint: | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.markdownlint || true }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: DavidAnson/markdownlint-cli2-action@v17 | |
| shellcheck: | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.shellcheck || true }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Extract Tool Versions | |
| id: tool-versions | |
| run: | | |
| shellcheck_version=$(grep -F 'shellcheck' .mise.toml | cut -d '=' -f2 | cut -d '#' -f1 | xargs) | |
| echo "shellcheck_version=${shellcheck_version}" >> "$GITHUB_OUTPUT" | |
| - uses: ludeeus/action-shellcheck@2.0.0 | |
| with: | |
| version: v${{ steps.tool-versions.outputs.shellcheck_version }} | |
| taplo: | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.taplo || true }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Extract Tool Versions | |
| id: tool-versions | |
| run: | | |
| taplo_version=$(grep -F 'taplo' .mise.toml | grep -v 'asdf' | cut -d '=' -f2 | cut -d '#' -f1 | xargs) | |
| taplo_shasum=$(grep -F 'taplo' .mise.toml | cut -d '=' -f3 | xargs) | |
| echo "taplo_version=${taplo_version}" >> "$GITHUB_OUTPUT" | |
| echo "taplo_shasum=${taplo_shasum}" >> "$GITHUB_OUTPUT" | |
| - name: Run Taplo | |
| env: | |
| TAPLO_VERSION: ${{ steps.tool-versions.outputs.taplo_version }} | |
| TAPLO_SHASUM: ${{ steps.tool-versions.outputs.taplo_shasum }} | |
| run: | | |
| curl --fail --silent --show-error --location --output taplo.gz \ | |
| https://github.com/tamasfe/taplo/releases/download/${TAPLO_VERSION}/taplo-full-linux-x86_64.gz | |
| echo "${TAPLO_SHASUM} taplo.gz" | sha256sum --check | |
| gunzip --decompress taplo.gz | |
| chmod +x ./taplo | |
| ./taplo format --check --diff | |
| ./taplo check --default-schema-catalogs | |
| yamllint: | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.yamllint || true }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run yamllint | |
| run: | | |
| pip install yamllint | |
| yamllint . |