mirror of
https://github.com/kubernetes-sigs/external-dns.git
synced 2026-04-19 15:01:34 +02:00
fffb9b4f1b
The pre-commit/action@v3 used actions/cache@v4 internally, which the repository's security policy forbids because it is not SHA-pinned. Remove the pre-commit dependency entirely by: * deleting .pre-commit-config.yaml * replacing the pre-commit CI step with a new scripts/file-hygiene.sh that implements the equivalent checks (trailing whitespace, EOF newline, BOM, CR, merge markers, large files, case collisions, broken symlinks, shebang/executable consistency, submodule ban) * removing the pre-commit Makefile targets and adding a file-hygiene target * removing pre-commit from the renovate configuration Markdown linting is already handled by the dedicated markdownlint step in the lint workflow, so no replacement is needed for that hook.
69 lines
2.0 KiB
YAML
69 lines
2.0 KiB
YAML
name: Lint
|
|
|
|
on:
|
|
pull_request:
|
|
branches: [ master ]
|
|
|
|
jobs:
|
|
lint:
|
|
name: Markdown and Go
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
# Required: allow read access to the content for analysis.
|
|
contents: read
|
|
steps:
|
|
|
|
- name: Check out code into the Go module directory
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Lint markdown
|
|
uses: nosborn/github-action-markdown-cli@508d6cefd8f0cc99eab5d2d4685b1d5f470042c1 # v3.5.0
|
|
with:
|
|
files: '.'
|
|
config_file: ".markdownlint.json"
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
|
|
with:
|
|
go-version-file: go.mod
|
|
|
|
- name: Go formatting
|
|
run: |
|
|
if [ -z "$(gofmt -l .)" ]; then
|
|
echo -e "All '*.go' files are properly formatted."
|
|
else
|
|
echo -e "Please run 'make go-lint' to fix. Some files need formatting:"
|
|
gofmt -d -l .
|
|
exit 1
|
|
fi
|
|
|
|
- name: Read golangci-lint version
|
|
id: lint-version
|
|
run: |
|
|
version=$(sed -n 's/^GOLANG_CI_LINTER_VERSION=//p' scripts/install-tools.sh)
|
|
echo "version=${version}" >> $GITHUB_OUTPUT
|
|
echo "golangci-lint version: ${version}"
|
|
|
|
# https://github.com/golangci/golangci-lint-action?tab=readme-ov-file#verify
|
|
- name: Verify linter configuration and Lint go code
|
|
uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
|
|
with:
|
|
verify: true
|
|
args: --timeout=30m
|
|
version: ${{ steps.lint-version.outputs.version }}
|
|
|
|
- name: Run file hygiene checks
|
|
run: ./scripts/file-hygiene.sh
|
|
|
|
check-go-version:
|
|
name: Go version consistency
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Check Go version consistency across cloudbuild.yaml, go.mod and go.tool.mod
|
|
run: ./scripts/go-version-consistency.sh
|