Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@digitalservice4germany/github-actions-linter
Advanced tools
@digitalservice4germany/github-actions-linter - npm Package Compare versions
Comparing version 0.0.2 to 0.1.0
32
cli.js
| #! /usr/bin/env node | ||
| import yargs from "yargs"; | ||
| import { hideBin } from "yargs/helpers"; | ||
| import chalk from "chalk"; | ||
| import linter from "./index.js"; | ||
| const argv = yargs(hideBin(process.argv)).argv; | ||
| let workflowPath = "./.github/workflows/"; | ||
| import chalk from "chalk" | ||
| import yargs from "yargs" | ||
| import { hideBin } from "yargs/helpers" | ||
| import linter from "./index.js" | ||
| if (argv.path) { | ||
| console.log(chalk.blue(`Looking for workflows in ${argv.path}`)); | ||
| workflowPath = argv.path; | ||
| } | ||
| const argv = yargs(hideBin(process.argv)).argv | ||
| const workflowsPattern = argv.path || "./.github/workflows/**/*.yml" | ||
| try { | ||
| const result = linter(workflowPath); | ||
| console.log(chalk.blue(`Looking for workflows with pattern ${argv.path}`)) | ||
| const result = linter(workflowsPattern) | ||
| if (result.length > 0) { | ||
| console.log(chalk.red(`Found issues in github workflows`)); | ||
| console.log(chalk.red(result.join("\n"))); | ||
| process.exit(result.length); | ||
| console.log(chalk.red("Found issues in workflow files")) | ||
| console.log(chalk.red(result.join("\n"))) | ||
| process.exit(result.length) | ||
| } else { | ||
| console.log(chalk.green(`No issues found in github workflows`)); | ||
| process.exit(0); | ||
| console.log(chalk.green("No issues found in workflow files")) | ||
| process.exit(0) | ||
| } | ||
| } catch (err) { | ||
| console.log(chalk.red(`${err.message}`)); | ||
| console.log(chalk.red(`${err.message}`)) | ||
| } |
33
index.js
@@ -1,23 +0,18 @@ | ||
| import assert from "assert"; | ||
| import fs from "fs"; | ||
| import glob from "glob"; | ||
| import YAML from "yamljs"; | ||
| import fs from "fs" | ||
| import glob from "glob" | ||
| import YAML from "yamljs" | ||
| export default (root) => | ||
| export default (pattern) => | ||
| glob | ||
| .sync(`${root}/**/*.yml`) | ||
| .sync(pattern) | ||
| .map((path) => fs.readFileSync(path, "utf8")) | ||
| .map((content) => YAML.parse(content)) | ||
| .filter((content) => content && content.hasOwnProperty("jobs")) | ||
| .flatMap((yaml) => yaml.jobs) | ||
| .map((jobs) => { | ||
| for (let key of Object.keys(jobs)) { | ||
| return jobs[key]; | ||
| } | ||
| }) | ||
| .filter((content) => Object.prototype.hasOwnProperty.call(content, "jobs")) | ||
| .map((yaml) => yaml.jobs) | ||
| .flatMap((jobs) => Object.values(jobs)) | ||
| .flatMap((job) => job.steps) | ||
| .filter((step) => step && step.hasOwnProperty("uses")) | ||
| .filter((step) => Object.prototype.hasOwnProperty.call(step, "uses")) | ||
| .map((step) => step.uses) | ||
| .filter((uses) => !uses.startsWith("actions/")) | ||
| .map((uses) => { | ||
| .reduce((accumulator, uses) => { | ||
| if ( | ||
@@ -27,5 +22,7 @@ uses.split("@").length !== 2 || | ||
| ) { | ||
| return `${uses} should use a commit hash as a version identifier`; | ||
| accumulator.push( | ||
| `${uses} should use a commit hash as a version identifier` | ||
| ) | ||
| } | ||
| }) | ||
| .filter((found) => found); | ||
| return accumulator | ||
| }, []) |
| { | ||
| "name": "@digitalservice4germany/github-actions-linter", | ||
| "private": false, | ||
| "version": "0.0.2", | ||
| "description": "Check for presence of commit hashes in third party actions", | ||
| "version": "0.1.0", | ||
| "description": "Linting for GitHub Actions workflows", | ||
| "main": "index.js", | ||
| "scripts": { | ||
| "test": "echo \"Error: no test specified\" && exit 1" | ||
| "test": "NODE_OPTIONS=--experimental-vm-modules jest", | ||
| "lint:check": "eslint --ext .cjs,.js --ignore-path .gitignore .", | ||
| "lint:fix": "npm run lint:check -- --fix", | ||
| "format:check": "prettier --check .", | ||
| "format:fix": "prettier --write --ignore-unknown .", | ||
| "release": "release-it" | ||
| }, | ||
@@ -36,4 +41,8 @@ "type": "module", | ||
| "devDependencies": { | ||
| "prettier": "^2.6.2" | ||
| "eslint": "^8.15.0", | ||
| "eslint-plugin-import": "^2.26.0", | ||
| "jest": "^28.1.0", | ||
| "prettier": "^2.6.2", | ||
| "release-it": "^15.0.0" | ||
| } | ||
| } |
| # GitHub Actions Linter | ||
| [](https://github.com/digitalservice4germany/github-actions-linter/actions/workflows/ci.yml) | ||
| [](https://www.npmjs.com/package/@digitalservice4germany/github-actions-linter) | ||
@@ -21,1 +22,25 @@ | ||
| ``` | ||
| ## Usage | ||
| Lint workflow files in `.github/workflows`: | ||
| ```bash | ||
| npx --yes @digitalservice4germany/github-actions-linter@v0.0.2 | ||
| ``` | ||
| ## Releasing | ||
| 👉 [release-it](https://www.npmjs.com/package/release-it) | ||
| Start a dry run to see what would happen: | ||
| ```bash | ||
| npm run release minor -- --dry-run | ||
| ``` | ||
| Do a real release (publishes to npm): | ||
| ```bash | ||
| npm run release minor | ||
| ``` |
Fixed alerts
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
Found 1 instance in 1 package
Improved metrics
- Number of package files
- increased by125%
18
- Lines of code
- increased by120.37%
119
- Number of low quality alerts
- decreased by-33.33%
2
- Number of lines in readme file
- increased by119.05%
46
Worsened metrics
- Total package byte prevSize
- decreased by-44.83%
9889
- Dev dependency count
- increased by400%
5
No dependency changes