mirror of
https://github.com/community-scripts/ProxmoxVE
synced 2025-01-10 19:05:09 +00:00
235 lines
8.9 KiB
YAML
235 lines
8.9 KiB
YAML
name: Validate scripts
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request_target:
|
|
paths:
|
|
- "ct/*.sh"
|
|
- "install/*.sh"
|
|
|
|
jobs:
|
|
check-scripts:
|
|
name: Check changed files
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
pull-requests: write
|
|
|
|
steps:
|
|
- name: Debug event payload
|
|
run: |
|
|
echo "Event name: ${{ github.event_name }}"
|
|
echo "Payload: $(cat $GITHUB_EVENT_PATH)"
|
|
|
|
- name: Get pull request information
|
|
if: github.event_name == 'pull_request_target'
|
|
uses: actions/github-script@v7
|
|
id: pr
|
|
with:
|
|
script: |
|
|
const { data: pullRequest } = await github.rest.pulls.get({
|
|
...context.repo,
|
|
pull_number: context.payload.pull_request.number,
|
|
});
|
|
return pullRequest;
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event_name == 'pull_request_target' && fromJSON(steps.pr.outputs.result).merge_commit_sha || '' }}
|
|
|
|
- name: Get changed files
|
|
id: changed-files
|
|
run: |
|
|
if [ "${{ github.event_name }}" == "pull_request_target" ]; then
|
|
echo "files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ steps.pr.outputs.result && fromJSON(steps.pr.outputs.result).merge_commit_sha }} | grep -E '\.(sh|func)$' | xargs)" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "files=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | grep -E '\.(sh|func)$' | xargs)" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
- name: Check build.func line
|
|
if: always() && steps.changed-files.outputs.files != ''
|
|
id: build-func
|
|
run: |
|
|
NON_COMPLIANT_FILES=""
|
|
for FILE in ${{ steps.changed-files.outputs.files }}; do
|
|
if [[ "$FILE" == ct/* ]] && [[ $(sed -n '2p' "$FILE") != "source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)" ]]; then
|
|
NON_COMPLIANT_FILES="$NON_COMPLIANT_FILES $FILE"
|
|
fi
|
|
done
|
|
|
|
if [ -n "$NON_COMPLIANT_FILES" ]; then
|
|
echo "files=$NON_COMPLIANT_FILES" >> $GITHUB_OUTPUT
|
|
echo "Build.func line missing or incorrect in files:"
|
|
for FILE in $NON_COMPLIANT_FILES; do
|
|
echo "$FILE"
|
|
done
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check executable permissions
|
|
if: always() && steps.changed-files.outputs.files != ''
|
|
id: check-executable
|
|
run: |
|
|
NON_COMPLIANT_FILES=""
|
|
for FILE in ${{ steps.changed-files.outputs.files }}; do
|
|
if [[ ! -x "$FILE" ]]; then
|
|
NON_COMPLIANT_FILES="$NON_COMPLIANT_FILES $FILE"
|
|
fi
|
|
done
|
|
|
|
if [ -n "$NON_COMPLIANT_FILES" ]; then
|
|
echo "files=$NON_COMPLIANT_FILES" >> $GITHUB_OUTPUT
|
|
echo "Files not executable:"
|
|
for FILE in $NON_COMPLIANT_FILES; do
|
|
echo "$FILE"
|
|
done
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check copyright
|
|
if: always() && steps.changed-files.outputs.files != ''
|
|
id: check-copyright
|
|
run: |
|
|
NON_COMPLIANT_FILES=""
|
|
for FILE in ${{ steps.changed-files.outputs.files }}; do
|
|
if ! sed -n '3p' "$FILE" | grep -qE "^# Copyright \(c\) [0-9]{4}(-[0-9]{4})? (tteck \| community-scripts ORG|community-scripts ORG|tteck)$"; then
|
|
NON_COMPLIANT_FILES="$NON_COMPLIANT_FILES $FILE"
|
|
fi
|
|
done
|
|
|
|
if [ -n "$NON_COMPLIANT_FILES" ]; then
|
|
echo "files=$NON_COMPLIANT_FILES" >> $GITHUB_OUTPUT
|
|
echo "Copyright header missing or not on line 3 in files:"
|
|
for FILE in $NON_COMPLIANT_FILES; do
|
|
echo "$FILE"
|
|
done
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check author
|
|
if: always() && steps.changed-files.outputs.files != ''
|
|
id: check-author
|
|
run: |
|
|
NON_COMPLIANT_FILES=""
|
|
for FILE in ${{ steps.changed-files.outputs.files }}; do
|
|
if ! sed -n '4p' "$FILE" | grep -qE "^# Author: .+"; then
|
|
NON_COMPLIANT_FILES="$NON_COMPLIANT_FILES $FILE"
|
|
fi
|
|
done
|
|
|
|
if [ -n "$NON_COMPLIANT_FILES" ]; then
|
|
echo "files=$NON_COMPLIANT_FILES" >> $GITHUB_OUTPUT
|
|
echo "Author header missing or invalid on line 4 in files:"
|
|
for FILE in $NON_COMPLIANT_FILES; do
|
|
echo "$FILE"
|
|
done
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check license
|
|
if: always() && steps.changed-files.outputs.files != ''
|
|
id: check-license
|
|
run: |
|
|
NON_COMPLIANT_FILES=""
|
|
for FILE in ${{ steps.changed-files.outputs.files }}; do
|
|
if [[ "$(sed -n '5p' "$FILE")" != "# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE" ]]; then
|
|
NON_COMPLIANT_FILES="$NON_COMPLIANT_FILES $FILE"
|
|
fi
|
|
done
|
|
|
|
if [ -n "$NON_COMPLIANT_FILES" ]; then
|
|
echo "files=$NON_COMPLIANT_FILES" >> $GITHUB_OUTPUT
|
|
echo "License header missing or not on line 5 in files:"
|
|
for FILE in $NON_COMPLIANT_FILES; do
|
|
echo "$FILE"
|
|
done
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check source
|
|
if: always() && steps.changed-files.outputs.files != ''
|
|
id: check-source
|
|
run: |
|
|
NON_COMPLIANT_FILES=""
|
|
for FILE in ${{ steps.changed-files.outputs.files }}; do
|
|
if ! sed -n '6p' "$FILE" | grep -qE "^# Source: .+"; then
|
|
NON_COMPLIANT_FILES="$NON_COMPLIANT_FILES $FILE"
|
|
fi
|
|
done
|
|
|
|
if [ -n "$NON_COMPLIANT_FILES" ]; then
|
|
echo "files=$NON_COMPLIANT_FILES" >> $GITHUB_OUTPUT
|
|
echo "Source header missing or not on line 6 in files:"
|
|
for FILE in $NON_COMPLIANT_FILES; do
|
|
echo "$FILE"
|
|
done
|
|
exit 1
|
|
fi
|
|
|
|
- name: Post results and comment
|
|
if: always() && steps.changed-files.outputs.files != '' && github.event_name == 'pull_request_target'
|
|
uses: actions/github-script@v7
|
|
with:
|
|
script: |
|
|
const result = '${{ job.status }}' === 'success' ? 'success' : 'failure';
|
|
const nonCompliantFiles = {
|
|
'Invalid build.func source': "${{ steps.build-func.outputs.files || '' }}",
|
|
'Not executable': "${{ steps.check-executable.outputs.files || '' }}",
|
|
'Copyright header line missing or invalid': "${{ steps.check-copyright.outputs.files || '' }}",
|
|
'Author header line missing or invalid': "${{ steps.check-author.outputs.files || '' }}",
|
|
'License header line missing or invalid': "${{ steps.check-license.outputs.files || '' }}",
|
|
'Source header line missing or invalid': "${{ steps.check-source.outputs.files || '' }}"
|
|
};
|
|
|
|
const issueNumber = context.payload.pull_request ? context.payload.pull_request.number : null;
|
|
const commentIdentifier = 'validate-scripts';
|
|
let newCommentBody = `<!-- ${commentIdentifier}-start -->\n### Script validation\n\n`;
|
|
|
|
if (result === 'failure') {
|
|
newCommentBody += ':x: We found issues in the following changed files:\n\n';
|
|
for (const [check, files] of Object.entries(nonCompliantFiles)) {
|
|
if (files) {
|
|
newCommentBody += `**${check}:**\n`;
|
|
files.trim().split(' ').forEach(file => {
|
|
newCommentBody += `- ${file}: ${check}\n`;
|
|
});
|
|
newCommentBody += `\n`;
|
|
}
|
|
}
|
|
} else {
|
|
newCommentBody += `:rocket: All changed shell scripts passed validation!\n`;
|
|
}
|
|
|
|
newCommentBody += `\n\n<!-- ${commentIdentifier}-end -->`;
|
|
|
|
if (issueNumber) {
|
|
const { data: comments } = await github.rest.issues.listComments({
|
|
...context.repo,
|
|
issue_number: issueNumber
|
|
});
|
|
|
|
const existingComment = comments.find(comment =>
|
|
comment.body.includes(`<!-- ${commentIdentifier}-start -->`) &&
|
|
comment.user.login === 'github-actions[bot]'
|
|
);
|
|
|
|
if (existingComment) {
|
|
const re = new RegExp(String.raw`<!-- ${commentIdentifier}-start -->[\\s\\S]*?<!-- ${commentIdentifier}-end -->`, "m");
|
|
newCommentBody = existingComment.body.replace(re, newCommentBody);
|
|
|
|
await github.rest.issues.updateComment({
|
|
...context.repo,
|
|
comment_id: existingComment.id,
|
|
body: newCommentBody
|
|
});
|
|
} else {
|
|
await github.rest.issues.createComment({
|
|
...context.repo,
|
|
issue_number: issueNumber,
|
|
body: newCommentBody
|
|
});
|
|
}
|
|
}
|