Skip to content

chore(ci): add GitHub Actions quality checks and YAML formatting #126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

chore(ci): add GitHub Actions quality checks and YAML formatting #126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
5323cfd
chore(build): enhance Makefile with orchestrion-style tooling and aut…
kakkoyun Nov 4, 2025
199ef14
fix(docs): properly indent code blocks in ordered lists
kakkoyun Nov 4, 2025
3b4c624
fix(build): fix package target with proper shell handling
kakkoyun Nov 4, 2025
04d3bed
fix(build): use bash explicitly for targets with pipefail
kakkoyun Nov 4, 2025
9617e7b
chore(ci): format YAML files with yamlfmt
kakkoyun Nov 4, 2025
847bba6
fix(build): improve ratchet targets for repos without actions directory
kakkoyun Nov 4, 2025
0b40713
chore(ci): add YAML formatting and actionlint checks
kakkoyun Nov 4, 2025
a78bde0
chore(.github/workflows): Make sure all files are formatted
kakkoyun Nov 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/codeconv.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ coverage:
status:
project:
default:
target: auto # compare to base
threshold: 1% # allow small drops
informational: true # don't fail PRs on project drop
target: auto # compare to base
threshold: 1% # allow small drops
informational: true # don't fail PRs on project drop
patch:
default:
target: auto
threshold: 0.1% # require the change itself to be covered
threshold: 0.1% # require the change itself to be covered

comment:
layout: "reach,diff,flags,tree"
Expand Down
36 changes: 36 additions & 0 deletions .github/workflows/actionlint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: GitHub Actions Lint

on:
pull_request:
paths:
- ".github/workflows/*.yml"
- ".github/workflows/*.yaml"
- ".github/actions/**/action.yml"
- ".github/actions/**/action.yaml"
push:
branches: [main]
paths:
- ".github/workflows/*.yml"
- ".github/workflows/*.yaml"
- ".github/actions/**/action.yml"
- ".github/actions/**/action.yaml"

permissions:
contents: read

jobs:
actionlint:
name: Lint GitHub Actions
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version-file: go.mod
cache: false

- name: Lint GitHub Actions
run: make lint/action
17 changes: 9 additions & 8 deletions .github/workflows/conventional-commit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ permissions:
jobs:
update-labels:
permissions:
pull-requests: write # Needed to post comments & update labels
pull-requests: write # Needed to post comments & update labels
name: Update Labels
runs-on: ubuntu-latest
# Prevent double triggers: skip pull_request runs for forks (pull_request_target will handle them)
Expand All @@ -30,13 +30,13 @@ jobs:
id: check-permissions
run: |
if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then
echo "has_permissions=true" >> $GITHUB_OUTPUT
echo "has_permissions=true" >> "$GITHUB_OUTPUT"
echo "✅ Running with pull_request_target - has write permissions"
elif [[ "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then
echo "has_permissions=true" >> $GITHUB_OUTPUT
echo "has_permissions=true" >> "$GITHUB_OUTPUT"
echo "✅ Running with pull_request from same repository - has write permissions"
else
echo "has_permissions=false" >> $GITHUB_OUTPUT
echo "has_permissions=false" >> "$GITHUB_OUTPUT"
echo "❌ Running with pull_request from fork - no write permissions"
echo "⚠️ Labels cannot be updated on this run. They will be updated when:"
echo " - The PR is opened, edited, or reopened (uses pull_request_target)"
Expand All @@ -57,16 +57,17 @@ jobs:
echo "Base Repo: ${{ github.repository }}"
echo "Is Fork: ${{ github.event.pull_request.head.repo.full_name != github.repository }}"
- name: Check out
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Setup go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
cache-dependency-path: '**/go.mod'
cache-dependency-path: "**/go.mod"
go-version-file: go.mod
# Run the conventionalcommit tool to validate PR title and assign labels
# This step is skipped if we don't have write permissions (e.g., pull_request from fork on synchronize)
- name: Assign Labels
if: steps.check-permissions.outputs.has_permissions == 'true'
run: go -C .github/tools/conventionalcommit run . -owner="${{ github.repository_owner }}" -repo="${{ github.event.repository.name }}" -pr="${{ github.event.pull_request.number }}"
run: go -C .github/tools/conventionalcommit run . -owner="${{ github.repository_owner }}" -repo="${{ github.event.repository.name
}}" -pr="${{ github.event.pull_request.number }}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4 changes: 2 additions & 2 deletions .github/workflows/fossa.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ jobs:
fossa:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

- uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
- uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
with:
api-key: ${{secrets.FOSSA_API_KEY}}
team: OpenTelemetry
10 changes: 5 additions & 5 deletions .github/workflows/golangci-lint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,19 @@ jobs:
name: Format and Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version-file: go.mod
- name: Install golangci-lint
run: |
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${{ env.GOLANGCI_LINT_VERSION }}
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "$(go env GOPATH)/bin" ${{ env.GOLANGCI_LINT_VERSION }}
- name: Check Format
run: |
golangci-lint fmt --diff
- name: Lint
uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8
uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
- name: Check Typos
uses: crate-ci/typos@0c17dabcee8b8f1957fa917d17393a23e02e1583 # v1.36.3
uses: crate-ci/typos@0c17dabcee8b8f1957fa917d17393a23e02e1583 # v1.36.3
2 changes: 1 addition & 1 deletion .github/workflows/markdown-lint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

- name: Run linter
id: markdownlint
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/ossf-scorecard.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ on:
branches:
- main
schedule:
- cron: "13 5 * * 4" # once a week
- cron: "13 5 * * 4" # once a week
workflow_dispatch:

permissions: read-all
Expand All @@ -19,11 +19,11 @@ jobs:
# Needed for GitHub OIDC token if publish_results is true
id-token: write
steps:
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
persist-credentials: false

- uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
- uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
Expand All @@ -33,7 +33,7 @@ jobs:
# uploads of run results in SARIF format to the repository Actions tab.
# https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
- name: "Upload artifact"
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: SARIF file
path: results.sarif
Expand All @@ -42,6 +42,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
with:
sarif_file: results.sarif
sarif_file: results.sarif
12 changes: 6 additions & 6 deletions .github/workflows/unit-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,20 +8,20 @@ on:
permissions: read-all
jobs:
test-coverage:
if: false # temporary disable
if: false # temporary disable
name: Coverage
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version-file: go.mod
- name: Run coverage tests
run: go test ./... -coverprofile=coverage.txt -covermode=atomic
- name: Upload coverage report
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1

compatibility-test:
name: Test (go ${{ matrix.platform.os }} ${{ matrix.platform.arch }})
Expand All @@ -41,9 +41,9 @@ jobs:
runs-on: ${{ matrix.platform.os }}
steps:
- name: Checkout code
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version-file: go.mod
cache-dependency-path: "**/go.mod"
Expand Down
32 changes: 32 additions & 0 deletions .github/workflows/yaml-format-check.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: YAML Format Check

on:
pull_request:
paths:
- "**/*.yml"
- "**/*.yaml"
push:
branches: [main]
paths:
- "**/*.yml"
- "**/*.yaml"

permissions:
contents: read

jobs:
yaml-format:
name: Check YAML Formatting
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version-file: go.mod
cache: false

- name: Check YAML formatting
run: make lint/yaml
Loading
Loading