molecule-ci/.github/workflows/validate-plugin.yml

name: Validate Plugin
on:
  workflow_call:
jobs:
  validate:
    name: Plugin validation
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/checkout@v4
        with:
          repository: Molecule-AI/molecule-ci
          path: .molecule-ci
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - run: pip install pyyaml -q
      - run: python3 .molecule-ci/scripts/validate-plugin.py
      - name: Check for secrets
        run: |
          if grep -rE "(sk-ant-|sk_test_|ghp_|AKIA[A-Z0-9])" --include="*.yaml" --include="*.yml" --include="*.md" --include="*.py" --include="*.sh" . 2>/dev/null | grep -v .molecule-ci; then
            echo "::error::Potential secret found in committed files"
            exit 1
          fi
          echo "✓ No secrets detected"