a89b14a76c
- Remove redundant nested checkout of molecule-ci in workflow_call jobs - Add timeout-minutes to prevent hung jobs (plugin: 10m, workspace: 15m) - Add pip cache using requirements.txt - Add missing SKILL.md heading check in validate-plugin - Add legacy import and runtime dependency warnings in workspace validation Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
26 lines
861 B
YAML
26 lines
861 B
YAML
name: Validate Org Template
|
|
on:
|
|
workflow_call:
|
|
|
|
jobs:
|
|
validate:
|
|
name: Org template validation
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 10
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.11"
|
|
cache: "pip"
|
|
cache-dependency-path: .molecule-ci/scripts/requirements.txt
|
|
- run: pip install pyyaml -q
|
|
- run: python3 .molecule-ci/scripts/validate-org-template.py
|
|
- name: Check for secrets
|
|
run: |
|
|
if grep -rE "(sk-ant-|sk_test_|ghp_|AKIA[A-Z0-9])" --include="*.yaml" --include="*.yml" --include="*.md" --include="*.py" --include="*.sh" . 2>/dev/null | grep -v .molecule-ci; then
|
|
echo "::error::Potential secret found in committed files"
|
|
exit 1
|
|
fi
|
|
echo "✓ No secrets detected"
|