Skip to content

Commit

Permalink
Check workflows for issues during CI (open-quantum-safe#1916)
Browse files Browse the repository at this point in the history
* Check workflows for issues during CI

This PR adds an Actionlint workflow to validate GH actions as per open-quantum-safe#1866

This is an updated version of PR open-quantum-safe#1880, taking into account the discussion on that contribution.

Signed-off-by: JP Lomas <[email protected]>

* CONTRIBUTING.md update

Documents actionlint use as part of CI basic workflow including instructions of running locally.

Signed-off-by: JP Lomas <[email protected]>

* Update .github/workflows/basic.yml

Co-authored-by: Spencer Wilson <[email protected]>
Signed-off-by: JP Lomas <[email protected]>

---------

Signed-off-by: JP Lomas <[email protected]>
Signed-off-by: JP Lomas <[email protected]>
Co-authored-by: Spencer Wilson <[email protected]>
  • Loading branch information
jplomas and SWilson4 authored Sep 11, 2024
1 parent b37c937 commit a7bfc8d
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 4 deletions.
14 changes: 14 additions & 0 deletions .github/actionlint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Labels of self-hosted runner in array of strings.

# NB. oqs-arm64 is not self-hosted but this configuration
# is required for liboqs to lint correctly with actionlint v1.7.1

self-hosted-runner:
# Labels of self-hosted runner in array of string
labels:
- oqs-arm64
# Configuration variables in array of strings defined in your repository or organization
config-variables:
# - DEFAULT_RUNNER
# - JOB_NAME
# - ENVIRONMENT_STAGE
14 changes: 13 additions & 1 deletion .github/workflows/basic.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,19 @@ on: [workflow_call, workflow_dispatch]

jobs:

workflowcheck:
name: Check validity of GitHub workflows
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Ensure GitHub actions are valid
run: actionlint -shellcheck "" # run *without* shellcheck

stylecheck:
name: Check code formatting
needs: [ workflowcheck ]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
Expand All @@ -23,6 +34,7 @@ jobs:

upstreamcheck:
name: Check upstream code is properly integrated
needs: [ workflowcheck ]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
Expand All @@ -47,7 +59,7 @@ jobs:
buildcheck:
name: Check that code passes a basic build
needs: [ stylecheck, upstreamcheck ]
needs: [ workflowcheck, stylecheck, upstreamcheck ]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
Expand Down
17 changes: 14 additions & 3 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,20 @@ GitHub CI jobs. When executed in the main `liboqs` directory,

When installing `act` as a GitHub extension, prefix the commands with `gh `.

## Modifications to CI

Modifications to GitHub Actions workflows are checked with [actionlint](https://github.com/rhysd/actionlint) during the [basic.yml](.github/workflows/basic.yml) job, protecting the CI chain and against wrong approval decisions based on improper CI runs. Changes to these workflows can be validated locally with `actionlint`:

```bash
actionlint .github/workflows/*.yml
```

or running the CI locally (as above):

```bash
act workflow_call -W '.github/workflows/basic.yml'
```

### New features

Any PR introducing a new feature is expected to contain a test of this feature
Expand All @@ -70,6 +84,3 @@ add a tag to one or more of our [most active contributors](https://github.com/op

If you feel like contributing but don't know what specific topic to work on,
please check the [open issues tagged "good first issue" or "help wanted"](https://github.com/open-quantum-safe/liboqs/issues).



0 comments on commit a7bfc8d

Please sign in to comment.