mirror of
https://github.com/ivuorinen/actions.git
synced 2026-02-06 03:43:48 +00:00
Ismo Vuorinen
5fc2d6a4ca
Replace common-cache with native caching in Python actions for better performance and maintainability. python-lint-fix changes: - Add package manager detection (uv, poetry, pipenv, pip) - Use setup-python's native cache parameter dynamically - Remove redundant common-cache step - Support uv with pip-compatible caching - Enhanced cache-dependency-path to include all lock files ansible-lint-fix changes: - Add setup-python with native pip caching (Python 3.11) - Remove redundant common-cache step - Simplify dependency installation Benefits: - Native caching is more efficient and better maintained - Supports modern Python tooling (uv, poetry, pipenv) - Reduces common-cache dependencies from 11 to 7 actions - setup-python handles cache invalidation automatically setup-python cache types supported: pip, pipenv, poetry
136 lines
4.3 KiB
YAML
136 lines
4.3 KiB
YAML
# yaml-language-server: $schema=https://json.schemastore.org/github-action.json
|
|
# permissions:
|
|
# - contents: write # Required for committing and pushing fixes
|
|
# - security-events: write # Required for uploading SARIF results
|
|
---
|
|
name: Ansible Lint and Fix
|
|
description: 'Lints and fixes Ansible playbooks, commits changes, and uploads SARIF report.'
|
|
author: 'Ismo Vuorinen'
|
|
|
|
branding:
|
|
icon: 'play'
|
|
color: 'green'
|
|
|
|
inputs:
|
|
token:
|
|
description: 'GitHub token for authentication'
|
|
required: false
|
|
default: ''
|
|
username:
|
|
description: 'GitHub username for commits'
|
|
required: false
|
|
default: 'github-actions'
|
|
email:
|
|
description: 'GitHub email for commits'
|
|
required: false
|
|
default: 'github-actions@github.com'
|
|
max-retries:
|
|
description: 'Maximum number of retry attempts for pip install operations'
|
|
required: false
|
|
default: '3'
|
|
|
|
outputs:
|
|
files_changed:
|
|
description: 'Number of files changed by linting'
|
|
value: ${{ steps.lint.outputs.files_changed }}
|
|
lint_status:
|
|
description: 'Linting status (success/failure)'
|
|
value: ${{ steps.lint.outputs.status }}
|
|
sarif_path:
|
|
description: 'Path to SARIF report file'
|
|
value: 'ansible-lint.sarif'
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Validate Inputs
|
|
id: validate
|
|
uses: ivuorinen/actions/validate-inputs@0fa9a68f07a1260b321f814202658a6089a43d42
|
|
with:
|
|
action-type: 'ansible-lint-fix'
|
|
token: ${{ inputs.token }}
|
|
email: ${{ inputs.email }}
|
|
username: ${{ inputs.username }}
|
|
max-retries: ${{ inputs.max-retries }}
|
|
|
|
- name: Check for Ansible Files
|
|
id: check-files
|
|
shell: sh
|
|
run: |
|
|
set -eu
|
|
|
|
# Check for both .yml and .yaml files
|
|
if find . \( -name "*.yml" -o -name "*.yaml" \) -type f | grep -q .; then
|
|
echo "files_found=true" >> "$GITHUB_OUTPUT"
|
|
echo "Found Ansible files, proceeding with lint and fix."
|
|
else
|
|
echo "files_found=false" >> "$GITHUB_OUTPUT"
|
|
echo "No Ansible files found. Skipping lint and fix."
|
|
fi
|
|
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta
|
|
with:
|
|
token: ${{ inputs.token || github.token }}
|
|
|
|
- name: Setup Python
|
|
if: steps.check-files.outputs.files_found == 'true'
|
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
|
with:
|
|
python-version: '3.11'
|
|
cache: 'pip'
|
|
|
|
- name: Install ansible-lint
|
|
id: install-ansible-lint
|
|
if: steps.check-files.outputs.files_found == 'true'
|
|
uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3
|
|
with:
|
|
timeout_minutes: 5
|
|
max_attempts: ${{ inputs.max-retries }}
|
|
command: 'pip install ansible-lint==6.22.1'
|
|
|
|
- name: Run ansible-lint
|
|
if: steps.check-files.outputs.files_found == 'true'
|
|
id: lint
|
|
shell: sh
|
|
run: |
|
|
set -eu
|
|
|
|
# Run ansible-lint and capture exit code
|
|
if ansible-lint --write --parseable-severity --format sarif > ansible-lint.sarif; then
|
|
lint_exit_code=0
|
|
else
|
|
lint_exit_code=$?
|
|
fi
|
|
|
|
# Count files changed by linting
|
|
files_changed=$(git diff --name-only | wc -l | tr -d '[:space:]')
|
|
|
|
# Determine lint status
|
|
if [ "$lint_exit_code" -eq 0 ]; then
|
|
lint_status="success"
|
|
else
|
|
lint_status="failure"
|
|
fi
|
|
|
|
# Write outputs to GITHUB_OUTPUT
|
|
printf 'files_changed=%s\n' "$files_changed" >> "$GITHUB_OUTPUT"
|
|
printf 'status=%s\n' "$lint_status" >> "$GITHUB_OUTPUT"
|
|
|
|
# Exit with the original ansible-lint exit code
|
|
exit "$lint_exit_code"
|
|
|
|
- name: Commit Fixes
|
|
if: steps.check-files.outputs.files_found == 'true'
|
|
uses: stefanzweifel/git-auto-commit-action@be7095c202abcf573b09f20541e0ee2f6a3a9d9b # v5.0.1
|
|
with:
|
|
commit_message: 'style: apply ansible lint fixes'
|
|
commit_user_name: ${{ inputs.username }}
|
|
commit_user_email: ${{ inputs.email }}
|
|
|
|
- name: Upload SARIF Report
|
|
if: steps.check-files.outputs.files_found == 'true'
|
|
uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
|
|
with:
|
|
sarif_file: ansible-lint.sarif
|