shared-workflows/.github/workflows/policy.yaml at master · StatusCakeDev/shared-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
---
name: policy
on:
  workflow_call:
    inputs:
      enable-merge-commit-check:
        description: Enable checking for merge commits in pull requests
        type: boolean
        default: true
      enable-commit-message-check:
        description: Enable commit message style checking (gitlint)
        type: boolean
        default: true
      enable-markdown-check:
        description: Enable markdown linting (pymarkdownlnt)
        type: boolean
        default: true
      enable-yaml-check:
        description: Enable YAML linting (yamllint)
        type: boolean
        default: true
      markdown-args:
        description: Additional markdown options (e.g., patterns to exclude)
        type: string
      python-version:
        description: Python version to use for linting tools
        type: string
        default: "3.10"
      skip-dependabot:
        description: Skip commit message checks for Dependabot PRs
        type: boolean
        default: true
permissions:
  contents: read
jobs:
  check-merge-commits:
    if: inputs.enable-merge-commit-check
    name: Check for merge commits
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v6
      with:
        fetch-depth: 0
    - name: Verify no merge commits
      run: |
        git config --global --add safe.directory /github/workspace
        merge_commits=$(git rev-list --merges "origin/$GITHUB_BASE_REF".."origin/$GITHUB_HEAD_REF")
        if [ -n "$merge_commits" ]; then
          echo "Error: merge commits found in $GITHUB_BASE_REF..$GITHUB_HEAD_REF"
          for merge_commit in $merge_commits; do
            echo "$merge_commit"
          done
          exit 1
        fi
  commit-message-style:
    if: |
      inputs.enable-commit-message-check &&
      (!inputs.skip-dependabot || github.triggering_actor != 'dependabot[bot]')
    name: Check commit message style
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v6
      with:
        fetch-depth: 0
    - name: Setup Python
      uses: actions/setup-python@v6
      with:
        python-version: ${{ inputs.python-version }}
    - name: Install gitlint
      run: pip install --user gitlint
    - name: Validate commit messages
      run: gitlint --commits ${{ github.event.pull_request.base.sha }}..HEAD
  markdown-style:
    if: inputs.enable-markdown-check
    name: Check markdown style
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v6
      with:
        fetch-depth: 0
    - name: Setup Python
      uses: actions/setup-python@v6
      with:
        python-version: ${{ inputs.python-version }}
    - name: Install markdownlint
      run: pip install --user pymarkdownlnt
    - name: Validate markdown
      run: pymarkdown scan ${{ inputs.markdown-args }} **/*.md
  yaml-style:
    if: inputs.enable-yaml-check
    name: Check YAML style
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v6
      with:
        fetch-depth: 0
    - name: Setup Python
      uses: actions/setup-python@v6
      with:
        python-version: ${{ inputs.python-version }}
    - name: Install yamllint
      run: pip install --user yamllint
    - name: Validate YAML
      run: yamllint .