ci: run yamllint on pull requests#971
Conversation
Bring the GitHub Actions workflows under the 120-char line-length rule so the yamllint pre-commit hook passes without --no-verify: - Rename the Isthmus artifact via a working-directory instead of repeating the long nativeCompile path twice (release.yml, pr.yml). - Derive the release-bot email once as a step output and reference it, removing the duplicated long env lines (release.yml). - Scope a line-length disable/enable around the github-script step in pr_title.yaml: its long lines are prose inside a template literal where wrapping would change the rendered comment. The rest of the file stays checked.
a200c28 to
8fc6a1a
Compare
Add a Lint YAML job to the PR build workflow that runs the yamllint pre-commit hook (pinned config and version from .pre-commit-config.yaml) against all files, so YAML line-length and bracket violations are caught in CI instead of only locally.
add7df7 to
b2df2e5
Compare
benbellick
left a comment
There was a problem hiding this comment.
These changes look reasonable to me, but I am nervous about things which alter the release process. Lets make sure to monitor the next release and see if things go through without a problem.
| GIT_COMMITTER_EMAIL: ${{ steps.bot-user-id.outputs.email }} | ||
| SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }} | ||
| SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }} | ||
| SIGNING_KEY: ${{ secrets.SIGNING_KEY }} |
There was a problem hiding this comment.
I think alternatively we can do:
- name: Configure release bot email
run: |
slug="${{ steps.app-token.outputs.app-slug }}"
user_id="$(gh api "/users/${slug}[bot]" --jq .id)"
email="${user_id}+${slug}[bot]@users.noreply.github.com"
{
echo "GIT_AUTHOR_EMAIL=${email}"
echo "GIT_COMMITTER_EMAIL=${email}"
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
- name: Run semantic-release
run: ./ci/release/run.sh
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
MAVENCENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USER }}
MAVENCENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_KEY }}where the change is to use GITHUB_ENV in place of GITHUB_OUTPUT.
I'm fine with either though.
There was a problem hiding this comment.
Thanks for the suggestion. It feels to me like using GITHUB_OUTPUT limits the scope better since GITHUB_ENV would set the environment for all subsequent steps while for outputs we set the environment on each step to be derived from the outputs which gives us better lineage of where the environment variables of a step come from. I merged with the outputs approach for now.
yamllintis configured as a pre-commit hook but is not enforced in CI, so line-length and bracket violations have accumulated onmainand committing a touched workflow file requiresgit commit --no-verify. This adds a CI check and brings the existing workflows into compliance so the check passes.Enforce in CI
yamllintpre-commit hook against all files. It reuses the pinned config and version from.pre-commit-config.yaml(.yamllint.yaml, yamllint v1.33.0), keeping CI and local checks in lockstep.Fix existing violations
release.yml,pr.yml): use a stepworking-directoryinstead of repeating the longisthmus-cli/build/native/nativeCompile/path twice inmv(also drops the unusedvalue=capture).release.yml): derive the email once as an output of the bot-user-id step and reference it, removing the two duplicated longGIT_AUTHOR_EMAIL/GIT_COMMITTER_EMAILlines.pr_title.yaml: scope a# yamllint disable/enable rule:line-lengthpair around the github-script step — its long lines are prose inside a template literal, where wrapping would alter the rendered PR comment. The rest of the file stays checked.No behavior change to the workflows. Verified
pre-commit run yamllint --all-filespasses.🤖 Generated with AI