• Stars
    star
    144
  • Rank 255,590 (Top 6 %)
  • Language
    Rust
  • License
    GNU General Publi...
  • Created about 3 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tool to validate GitHub Action and Workflow YAML files

The action-validator is a standalone tool designed to "lint" the YAML files used to define GitHub Actions and Workflows. It ensures that they are well-formed, by checking them against published JSON schemas, and it makes sure that any globs used in paths / paths-ignore match at least one file in the repo.

The intended use case for action-validator is in Git pre-commit hooks and similar situations.

Installation

We have many ways to install action-validator.

Pre-built binaries

The GitHub releases have some pre-built binaries -- just download and put them in your path. If a binary for your platform isn't available, let me know and I'll see what I can figure out.

Using cargo

If you've got a Rust toolchain installed, running cargo install action-validator should give you the latest release.

Using asdf

If you're a proponent of the asdf tool, then you can use that to install and manage action-validator:

asdf plugin add action-validator
# or
asdf plugin add action-validator https://github.com/mpalmer/action-validator.git

Install/configure action-validator:

# Show all installable versions
asdf list-all action-validator

# Install specific version
asdf install action-validator latest

# Set a version globally (on your ~/.tool-versions file)
asdf global action-validator latest

# Now action-validator commands are available
action-validator --help

Using NPM

Node users can install the latest version using NPM:

ℹ️ The @action-validator/core package can be used directly within Node.js applications.

npm install -g @action-validator/core @action-validator/cli --save-dev

Building from the repo

If you want to build locally, you'll need to:

  1. Checkout the git repository somewhere;

  2. Grab the SchemaStore submodule, by running git submodule init && git submodule update;

  3. Install a Rust toolchain; and then

  4. run cargo build.

Usage

Couldn't be simpler: just pass a file to the program:

action-validator .github/workflows/build.yml

Use action-validator -h to see additional options.

CAUTION

As the intended use-case for action-validator is in pre-commit hooks, it assumes that it is being run from the root of the repository. Glob checking will explode horribly if you run it from a sub-directory of the repo -- or, heaven forfend, outside the repository entirely.

In a GitHub Action

The action-validator can be run in a Github action itself, as a pull request job. See the actions job in the QA workflow, in this repository, as an example of how to use action-validator + asdf in a GitHub workflow. This may seem a little redundant (after all, an action has to be valid in order for GitHub to run it), but this job will make sure that all your other actions are also valid.

Using pre-commit

Update your .pre-commit-config.yaml:

repos:
- repo: https://github.com/mpalmer/action-validator
  rev: v0.5.1
  hooks:
    - id: action-validator

Pre-commit hook example

Create an executable file in the .git/hooks directory of the target repository: touch .git/hooks/pre-commit && chmod +x .git/hooks/pre-commit and paste the following example code:

#!/bin/bash
if ! command -v action-validator >/dev/null; then
  echo "action-validator is not installed."
  echo "Installation instructions: https://github.com/mpalmer/action-validator"
  exit 1
fi
echo "Running pre-commit hook for GitHub Actions: https://github.com/mpalmer/action-validator"
scan_count=0
for action in $(git diff --cached --name-only --diff-filter=ACM | grep -E '^\.github/(workflows|actions)/.*\.ya?ml$'); do
  if action-validator "$action"; then
    echo "βœ… $action"
  else
    echo "❌ $action"
    exit 1
  fi
  scan_count=$((scan_count+1))
done
echo "action-validator scanned $scan_count GitHub Actions and found no errors!"

This script will run on every commit to the target repository, whether the github action yaml files are being committed, or not and prevent any commit if there are linting errors.

# All action-validator linting errors must be resolved before any commit will succeed.
$ echo "" >> README.md && git add README.md && git commit -m "Update read-me"
Running pre-commit hook for GitHub Actions: https://github.com/mpalmer/action-validator
Validation failed: ValidationState {
    errors: [
        Properties {
            path: "",
            detail: "Additional property 'aname' is not allowed",
        },
    ],
    missing: [],
    replacement: None,
}
❌ .github/workflows/ci.yaml
Fatal error validating .github/workflows/ci.yaml: validation failed


# Fix error and try again
$ echo "" >> README.md && git add README.md && git commit -m "Update read-me"
Running pre-commit hook for GitHub Actions: https://github.com/mpalmer/action-validator
βœ… .github/workflows/ci.yaml
βœ… .github/workflows/release.yml
action-validator scanned 2 GitHub Actions found no errors!
[main c34fda3] Update read-me
 1 file changed, 2 insertions(+)

NPM

Provided you have followed the installation instructions for NPM, you can run the action validator CLI as follows

npx action-validator <path_to_action_yaml>

Or, if you've installed the package globally:

action-validator <path_to_action_yaml>

Node API

The Node API can be used to validate action and workflow files from Node.js as follows:

⚠️ The Node API does not currently support glob validation.

import { readFileSync } from "fs";
import { validateAction, validateWorkflow } from "@action-validator/core";

// Validate Action
const actionSource = readFileSync("action.yml", "utf8");
const state = validator.validateAction(actionSource);
const isValid = state.errors.length === 0;

// Validate Workflow
const workflowSource = readFileSync("workflow.yml", "utf8");
const state = validator.validateWorkflow(workflowSource);
const isValid = state.errors.length === 0;

Contributing

Please see CONTRIBUTING.md.

Licence

Unless otherwise stated, everything in this repo is covered by the following copyright notice:

Copyright (C) 2021  Matt Palmer <[email protected]>

This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

More Repositories

1

lvmsync

Synchronise LVM LVs across a network by sending only snapshotted changes
Ruby
369
star
2

jekyll-static-comments

A plugin for Jekyll to implement a static-file based comments system
PHP
195
star
3

giddyup

Simple web application deployment with "git push"
Ruby
93
star
4

git-version-bump

Track your app's version entirely with git tags
Ruby
47
star
5

nginx

C
32
star
6

email-address-validator

Advanced E-mail address validation library in Ruby
Ruby
16
star
7

vmdksync

Apply VMDK snapshot files
Ruby
14
star
8

isc-dhcp

Mirror of ISC DHCP from https://source.isc.org/git/dhcp.git, plus local patches of my own
C
14
star
9

merkle-hash-tree

A Ruby implementation of a merkle hash tree
Ruby
13
star
10

ruby-snmp-agent

An easily extensible SNMP agent, written entirely in Ruby
Ruby
9
star
11

dns323-firmware-tools

Tools to create and dissect firmware for the DNS-323 and similar NAS boxes
Ruby
9
star
12

sequel-pg-comment

Create PostgreSQL comments within Sequel migrations and schema modification methods
Ruby
8
star
13

rethtool

A ruby wrapper for the SIOCETHTOOL ioctl
Ruby
8
star
14

redmine_issue_dependency_graph

A Redmine plugin to display a graph of relationships between issues
Ruby
8
star
15

evinrude

A Raft engine for Ruby
Ruby
7
star
16

certificate-transparency-client

client for RFC6962 Certificate Transparency log servers
Ruby
5
star
17

typo-guard

Checksum text files before printing for safe and easy re-entry
Ruby
4
star
18

pbuilder

Shell
3
star
19

github-release

Automatically create releases on github from local git tags
Ruby
3
star
20

frankenstein

the modern Prometheus -- eases the task of instrumenting services written in Ruby
Ruby
3
star
21

moby-derp

Tool for securely derping a pod of containers
Ruby
2
star
22

hyperdex-gem

HyperDex bindings for Ruby
C
1
star
23

em-pg-client-helper

Helpful wrapper for em-pg-client
Ruby
1
star
24

rack-logstash

Complete logstash logging for your Rack applications
Ruby
1
star
25

s3blade

An AoE target which stores sectors in an S3-compatible object store
Ruby
1
star
26

marquise-ruby

Ruby bindings for libmarquise
Ruby
1
star
27

puppet-module-shorewall

Shorewall management using Puppet
Puppet
1
star