diff --git a/.github/workflows/cancel-stale-merge-queue-workflows.yml b/.github/workflows/cancel-stale-merge-queue-workflows.yml new file mode 100644 index 0000000..670b4d0 --- /dev/null +++ b/.github/workflows/cancel-stale-merge-queue-workflows.yml @@ -0,0 +1,25 @@ +--- +name: Cancel Stale Merge Queue Workflows +on: + merge_group: + types: + - destroyed + +# See https://github.com/orgs/community/discussions/137976 +jobs: + cancel-workflows: + name: Cancel Workflow Runs + runs-on: sentinel-general-use-runner + permissions: + actions: write + contents: read + if: github.event.reason != 'merged' + steps: + - name: Cancel Workflow Runs + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + ;(await github.rest.actions.listWorkflowRunsForRepo({ ..context.repo, head_sha: context.sha })) + .data.workflow_runs + .filter(r => r.status !== 'completed' && r.id !== context.runId) + .forEach(r => github.rest.actions.cancelWorkflowRun({ ..context.repo, run_id: r.id })) diff --git a/.github/workflows/check-test.yml b/.github/workflows/check-test.yml new file mode 100644 index 0000000..2678030 --- /dev/null +++ b/.github/workflows/check-test.yml @@ -0,0 +1,41 @@ +--- +name: Check Test +on: + - pull_request +jobs: + test: + name: test + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + timeout-minutes: 60 + steps: + - uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + with: + go-version: '1.25.5' + - name: Install GHAlint + run: go install github.com/suzuki-shunsuke/ghalint/cmd/ghalint@latest + - name: Run GHAlint + run: ~/go/bin/ghalint run -c .github/workflows/config/.ghalint.yml &> ghalint.txt + - name: Strip ANSII Escape Sequences + if: always() + run: sed -i -E "s/\x1B\[[0-9;]*[mK]//g" ghalint.txt + - name: upload + uses: actions/upload-artifact@v4 + if: always() + with: + name: ghalint-output + path: ghalint*.txt + - name: Convert + uses: ./ + if: always() + with: + inputFile: ghalint.txt + sarif: false + comment: true + summary: true + toolName: 'ghalint' + inputFormat: 'ghalint' diff --git a/.github/workflows/config/.ghalint.yml b/.github/workflows/config/.ghalint.yml new file mode 100644 index 0000000..58f1fcb --- /dev/null +++ b/.github/workflows/config/.ghalint.yml @@ -0,0 +1,11 @@ +--- +excludes: # These `inherit: secret`s must be used as a workaround for reusable workflows running in an environment + - policy_name: deny_inherit_secrets + workflow_file_path: .github/workflows/build-manual.yml + job_name: sign-production + - policy_name: deny_inherit_secrets + workflow_file_path: .github/workflows/build-master.yml + job_name: sign-production + - policy_name: deny_inherit_secrets + workflow_file_path: .github/workflows/build-release.yml + job_name: sign-production diff --git a/__tests__/ghalint.input.txt b/__tests__/ghalint.input.txt index 2a7ec9f..997768b 100644 --- a/__tests__/ghalint.input.txt +++ b/__tests__/ghalint.input.txt @@ -1,3 +1 @@ -Jan 22 09:42:27.969 ERR the job violates policies program=ghalint version="" workflow_file_path=.github/workflows/cancel-stale-merge-queue-workflows.yml policy_name=job_timeout_minutes_is_required reference=https://github.com/suzuki-shunsuke/ghalint/blob/main/docs/policies/012.md job_name=cancel-workflows error="job's timeout-minutes is required" -Jan 22 09:42:27.969 ERR the job violates policies program=ghalint version="" workflow_file_path=.github/workflows/cancel-stale-merge-queue-workflows.yml reference=https://github.com/suzuki-shunsuke/ghalint/blob/main/docs/policies/012.md job_name=cancel-workflows error="job's timeout-minutes is required" policy_name=job_timeout_minutes_is_required -Jan 22 09:42:27.969 ERR the job violates policies program=ghalint version="" reference=https://github.com/suzuki-shunsuke/ghalint/blob/main/docs/policies/012.md job_name=cancel-workflows error="job's timeout-minutes is required" policy_name=job_timeout_minutes_is_required workflow_file_path=.github/workflows/cancel-stale-merge-queue-workflows.yml +Jan 22 13:12:47.427 ERR the job violates policies program=ghalint version="" workflow_file_path=.github\workflows\cancel-stale-merge-queue-workflows.yml policy_name=job_timeout_minutes_is_required reference=https://github.com/suzuki-shunsuke/ghalint/blob/main/docs/policies/012.md job_name=cancel-workflows error="job's timeout-minutes is required" diff --git a/ghalint2.txt b/ghalint2.txt new file mode 100644 index 0000000..997768b --- /dev/null +++ b/ghalint2.txt @@ -0,0 +1 @@ +Jan 22 13:12:47.427 ERR the job violates policies program=ghalint version="" workflow_file_path=.github\workflows\cancel-stale-merge-queue-workflows.yml policy_name=job_timeout_minutes_is_required reference=https://github.com/suzuki-shunsuke/ghalint/blob/main/docs/policies/012.md job_name=cancel-workflows error="job's timeout-minutes is required"