6533e6eeac
Heredocs in GitHub Actions YAML were being echoed as script text instead of executed. Moving validation logic to scripts/ and running via 'python3 .molecule-ci/scripts/validate-*.py' after checking out the molecule-ci repo at .molecule-ci/ path.
26 lines
865 B
YAML
26 lines
865 B
YAML
name: Validate Org Template
|
|
on:
|
|
workflow_call:
|
|
jobs:
|
|
validate:
|
|
name: Org template validation
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
repository: Molecule-AI/molecule-ci
|
|
path: .molecule-ci
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.11"
|
|
- run: pip install pyyaml -q
|
|
- run: python3 .molecule-ci/scripts/validate-org-template.py
|
|
- name: Check for secrets
|
|
run: |
|
|
if grep -rE "(sk-ant-|sk_test_|ghp_|AKIA[A-Z0-9])" --include="*.yaml" --include="*.yml" --include="*.md" --include="*.py" --include="*.sh" . 2>/dev/null | grep -v .molecule-ci; then
|
|
echo "::error::Potential secret found in committed files"
|
|
exit 1
|
|
fi
|
|
echo "✓ No secrets detected"
|