ci: introduce yamllint check for controls and profiles

marcusburghardt · marcusburghardt · commit 8e6c2428dfd7 · 2025-06-18T00:10:58.000+02:00
This workflow will detect files changed by the PR and in case controls
or profiles files are included in the list, it will execute yamllint
using the .yamllint configuration file located in .github directory.

Signed-off-by: Marcus Burghardt &lt;maburgha@redhat.com&gt;
diff --git a/.github/workflows/ci_lint.yml b/.github/workflows/ci_lint.yml
@@ -0,0 +1,63 @@
+name: CI Lint
+on:
+  pull_request:
+    branches: [master, 'stabilization*']
+permissions:
+    contents: read
+jobs:
+  yamllint:
+    name: Yaml Lint on Changed Controls and Profiles Files
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Git
+        run: sudo apt-get update && sudo apt-get install -y git
+
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          repository: ${{ github.repository }}
+          fetch-depth: 0
+
+      - name: Detect Files Changed by PR
+        id: changed_files
+        run: |
+          repo=${{ github.repository }}
+          pr_number=${{ github.event.pull_request.number }}
+          # Fetch all pages of the files for the pull request
+          url="repos/$repo/pulls/$pr_number/files"
+          response=$(gh api "$url" --paginate)
+          echo "$response" | jq -r '.[].filename' > filenames.txt
+          cat filenames.txt
+
+          if grep "controls/" filenames.txt; then
+            echo "CONTROLS_CHANGES=true" >> $GITHUB_ENV
+          else
+            echo "CONTROLS_CHANGES=false" >> $GITHUB_ENV
+          fi
+          if grep "\.profile" filenames.txt; then
+            echo "PROFILES_CHANGES=true" >> $GITHUB_ENV
+          else
+            echo "PROFILES_CHANGES=false" >> $GITHUB_ENV
+          fi
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install yamllint
+        if : ${{ env.CONTROLS_CHANGES == 'true' || env.PROFILES_CHANGES == 'true' }}
+        run: pip install yamllint
+
+      - name: Run yamllint in Control Files Modified by PR
+        if: ${{ env.CONTROLS_CHANGES == 'true' }}
+        run: |
+          for control_file in $(cat filenames.txt | grep "controls/"); do
+            echo "Running yamllint on $control_file..."
+            yamllint "$control_file"
+          done
+
+      - name: Run yamllint in Profile Files Modified by PR
+        if: ${{ env.PROFILES_CHANGES == 'true' }}
+        run: |
+          for profile_file in $(cat filenames.txt | grep "\.profile"); do
+            echo "Running yamllint on $profile_file..."
+            yamllint "$profile_file"
+          done
