Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Integrity workflow #7

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
root = true

[*]
indent_style = space
indent_size = 4
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
max_line_length = 120
eclint_block_comment_start = /*
eclint_block_comment = *
eclint_block_comment_end = */

[*.md]
trim_trailing_whitespace = false

[{*.yml,package.json,package-lock.json}]
indent_size = 2
30 changes: 30 additions & 0 deletions .github/workflows/integrity.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow

name: "Integrity"
# This workflow prevents earthquakes.

on: # yamllint disable-line rule:truthy
pull_request: null
push:
branches:
- "master"

permissions: {} # yamllint disable-line rule:braces

concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true

jobs:
call_workflow_integrity:
name: "Integrity"
uses: "./.github/workflows/reusable-integrity.yml"
with:
not-printable-ascii-paths: >-
index.js
export-excludes: ""
exported-paths: >-
LICENSE
README.md
index.js
package.json
190 changes: 190 additions & 0 deletions .github/workflows/reusable-integrity.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,190 @@
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow

name: "Shared Integrity"
# This action prevents earthquakes.

on: # yamllint disable-line rule:truthy
workflow_call:
inputs:
executables:
description: "List of executable files"
type: "string"
default: ""
required: false
not-printable-ascii-paths:
description: "Paths to be searched for characters outside the printable ASCII range"
type: "string"
default: "src/ tests/"
required: false
export-excludes:
description: "List of the expected exported directories"
type: "string"
default: "--exclude='src' --exclude='src/*'"
required: false
exported-paths:
description: "List of the expected exported files"
type: "string"
default: "LICENSE README.md composer.json"
required: false

permissions: {} # yamllint disable-line rule:braces
#permissions: "read-all"
#permissions:
# contents: "read" # Private repositories need read permission

concurrency:
group: "${{ github.workflow }}-${{ github.ref }}-reusable-integrity"
cancel-in-progress: true

jobs:
file:
name: "File"
runs-on: "ubuntu-22.04"
timeout-minutes: 1
steps:
-
name: "Checkout repository"
uses: "actions/[email protected]"
-
name: "Check file names"
run: |
! git ls-tree -r -t -z --name-only HEAD \
| xargs --null --max-args=1 -- basename \
| grep --perl-regexp '[^-.0-9A-Z_a-z]'
-
name: "Check file permissions"
run: |
test "$(
git ls-files --stage \
| grep --invert-match '^100644' \
| cut --characters='51-' \
| paste --serial --delimiters=' '
)" = "${{ inputs.executables }}"
# Filesystem-based
#test "$(
# find ./ -type f -not -path './.git/*' \
# -executable \
# -exec echo -n '{}' '+'
#)" = "${{ inputs.executables }}"
-
# https://github.com/greut/eclint/issues/6
name: "Check for byte order mark (BOM)"
run: |
! git grep --perl-regexp -I -e '^\xEF\xBB\xBF'
-
# https://html.spec.whatwg.org/multipage/named-characters.html
name: "Search for characters outside the printable ASCII range"
run: |
! LC_ALL=C.UTF-8 git grep --perl-regexp --line-number -I -e '[^ -~]' \
-- ${{ inputs.not-printable-ascii-paths }}
# Filesystem-based
#! LC_ALL=C.UTF-8 find src/ resources/ tests/ -type f -print0 \
# | xargs --null -- grep --perl-regexp --with-filename --line-number '[^ -~]'
# Ignore lines
# | grep -v '// @ignore-non-ascii$'
-
name: "Check EditorConfig configuration"
run: "test -f .editorconfig"
-
name: "Check adherence to EditorConfig"
uses: "greut/[email protected]"
-
name: "Look for TAB characters in the middle of the line 🐌"
run: |
! git grep --perl-regexp --line-number -I -e '^(?!//)[^\t]+\t'
-
name: "Look for multiple space characters in the middle of the line 🐌"
run: |
# Exclude comment lines and docblocks
! git grep --perl-regexp --line-number -I \
-e '\S\s\s' --and --not -e '^(#|//)' --and --not -e ' \* @' \
-- ':!:*.lock' ':!:*.md' ':!:.github/**.yml'
-
# Move TODO-s into GitHub issues!
name: "Search for TODO-s and FIXME-s 🐌"
run: |
! git grep --extended-regexp --ignore-case -I -e '\b(TODO|FIXME)\b' \
-- ':!:.github/workflows/reusable-integrity.yml' ':!:.github/workflows/back-end.yml'
-
name: "Remove blank first lines and multiple blank lines 🐌"
run: |
# Exclude binary files, empty files and ones with linguist-generated attribute set
git ls-files --cached \
| git check-attr --stdin --all \
| sed -n -e 's#^\(.\+\): linguist-generated: set$#":!:\1"#p' \
| xargs -- git grep --null --files-with-matches -I -e '.' -- \
| xargs --null -n 1 -- sed -i -e '/./,$!d' -e '/^$/N;/^\n$/D'
-
name: "Check differences to repository"
run: "git diff --exit-code"

cloc:
name: "Lines of Code"
runs-on: "ubuntu-22.04"
timeout-minutes: 1
steps:
-
name: "Checkout repository"
uses: "actions/[email protected]"
-
name: "Count Lines of Code"
env:
GH_TOKEN: "${{ github.token }}"
run: |
mkdir -p "${{ runner.temp }}/cloc"
RELEASE_ASSET_URL="$(
# v1.98
gh api /repos/AlDanial/cloc/releases/117882376 \
--jq '."assets"[] | select(."name" | test("^cloc-.+\\.pl$")) | ."browser_download_url"'
)"
wget --secure-protocol=TLSv1_3 --max-redirect=1 --retry-on-host-error --retry-connrefused --tries=3 \
--no-verbose --output-document="${{ runner.temp }}/cloc/cloc" "${RELEASE_ASSET_URL}"
{
git ls-files -- ':!:LICENSE' ':!:package-lock.json' >"${{ runner.temp }}/cloc/include-list"
echo '```'
perl "${{ runner.temp }}/cloc/cloc" --hide-rate \
--list-file="${{ runner.temp }}/cloc/include-list" \
--ignored="${{ runner.temp }}/cloc/.clocignored"
cat "${{ runner.temp }}/cloc/.clocignored"
echo '```'
} >>"${GITHUB_STEP_SUMMARY}"

commit:
name: "Commit"
runs-on: "ubuntu-22.04"
timeout-minutes: 1
steps:
-
name: "Checkout repository"
uses: "actions/[email protected]"
-
name: "Search for conflict markers 🐌"
run: |
! git grep --line-number -e '^\(<<<<<<<\s\|=======\s\|=======$\|>>>>>>>\s\||||||||\s\)'

git_archive:
name: "Git archive"
runs-on: "ubuntu-22.04"
timeout-minutes: 1
steps:
-
name: "Checkout repository"
uses: "actions/[email protected]"
-
name: "Check for ignored files in the index 🐌"
run: |
# Add negated files: ':!:path/to/negated'
IGNORED_FILES="$(git ls-files --cached --ignored --exclude-standard)"
test -z "${IGNORED_FILES}"
-
name: "Check exported files"
run: |
EXPECTED="${{ inputs.exported-paths }}"
CURRENT="$(
git archive HEAD \
| tar --list ${{ inputs.export-excludes }} \
| paste --serial --delimiters=" "
)"
echo "CURRENT =${CURRENT}"
echo "EXPECTED=${EXPECTED}"
test "${CURRENT}" = "${EXPECTED}"