defenseunicorns · zachariahmiller · Feb 21, 2024 · Feb 16, 2024 · Feb 16, 2024 · Feb 16, 2024
@@ -1,5 +1,5 @@
 name: clean-runner
-description: "Free GH Runner Space"
+description: Free GH Runner Space
 
 runs:
   using: composite

@@ -1,5 +1,11 @@
 name: save-logs
-description: "Save debug logs"
+description: Save debug logs
+
+inputs:
+  suffix:
+    description: Suffix to append to the debug log
+    required: false
+    default: ""
 
 runs:
   using: composite
@@ -12,7 +18,7 @@ runs:
 
     - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
       with:
-        name: debug-log
+        name: debug-log${{ inputs.suffix }}
         path: |
           /tmp/zarf-*.log
           /tmp/uds-*.log
@@ -1,8 +1,8 @@
-name: "Setup Environment"
-description: "UDS Environment Setup"
+name: Setup Environment
+description: UDS Environment Setup
 
 runs:
-  using: "composite"
+  using: composite
   steps:
     - name: Install k3d
       shell: bash

@@ -0,0 +1,38 @@
+name: Metadata
+
+on:
+  # This workflow is triggered on pull requests to the main branch.
+  pull_request:
+    branches: [main]
+    types: [opened, edited, synchronize]
+
+  # This allows other repositories to call this workflow in a reusable way
+  workflow_call:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    name: Validate PR Title
+    permissions:
+      pull-requests: read # Allows reading pull request metadata.
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+
+      - name: Install commitlint
+        run: |
+          npm install --save-dev @commitlint/config-conventional@18.6.0
+          npm install --save-dev @commitlint/cli@18.6.0
+
+      - name: Lint PR title
+        env:
+          pull_request_title: ${{ github.event.pull_request.title }}
+        run: |
+          echo "module.exports = {extends: ['@commitlint/config-conventional']}" > commitlint.config.js
+          echo "$pull_request_title" | npx commitlint
@@ -0,0 +1,32 @@
+name: Scan
+
+on:
+  # This workflow is triggered on pull requests to the main branch.
+  pull_request:
+
+  # This allows other repositories to call this workflow in a reusable way
+  workflow_call:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    name: Lint
+    permissions:
+      contents: read # Allows reading the repo contents
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Environment setup
+        uses: ./.github/actions/setup
+
+      - name: Install lint deps
+        run: |
+          uds run install-deps
+
+      - name: Lint the repository
+        run: |
+          uds run lint-all
@@ -19,7 +19,7 @@ permissions:
 jobs:
   run-test:
     name: Test
-    runs-on: "ubuntu-latest"
+    runs-on: ubuntu-latest
     timeout-minutes: 20
 
     steps:
@@ -33,19 +33,19 @@ jobs:
         uses: ./.github/actions/setup
 
       - name: Login to registry1
-        env: 
-          REGISTRY: "registry1.dso.mil"
-          REGISTRY_USERNAME: "${{ secrets.IRON_BANK_ROBOT_USERNAME }}"
-          REGISTRY_PASSWORD: "${{ secrets.IRON_BANK_ROBOT_PASSWORD }}"
+        env:
+          REGISTRY: registry1.dso.mil
+          REGISTRY_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
           REGISTRY_RETRY_INTERVAL: "5"
         run: |
           uds run registry-login
 
       - name: Login to ghcr
-        env: 
-          REGISTRY: "ghcr.io"
-          REGISTRY_USERNAME: "dummy"
-          REGISTRY_PASSWORD: "${{ secrets.GITHUB_TOKEN }}"
+        env:
+          REGISTRY: ghcr.io
+          REGISTRY_USERNAME: dummy
+          REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
           REGISTRY_RETRY_INTERVAL: "5"
         run: |
           uds run registry-login

@@ -0,0 +1,34 @@
+yaml-files:
+  - "**/*.y*ml"
+  - .yamllint
+
+rules:
+  anchors: enable
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start:
+    level: warning
+  empty-lines: enable
+  empty-values: disable
+  float-values: disable
+  hyphens: enable
+  indentation: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings:
+    required: only-when-needed
+    quote-type: double
+  trailing-spaces: enable
+  truthy:
+    level: warning
@@ -2,8 +2,13 @@ includes:
   - setup: ./tasks/setup.yaml
   - create: ./tasks/create.yaml
   - deploy: ./tasks/deploy.yaml
+  - lint: ./tasks/lint.yaml
 
 tasks:
+  - name: install-deps
+    actions:
+      - task: lint:deps
+
   - name: setup-cluster
     actions:
       - task: setup:k3d-test-cluster
@@ -47,3 +52,8 @@ tasks:
             name: podinfo
             namespace: podinfo
             condition: available
+
+  - name: lint-all
+    description: Lint the current repository
+    actions:
+      - task: lint:yaml
@@ -1,13 +1,13 @@
 variables:
   - name: FLAVOR
-    default: "upstream"
+    default: upstream
 
 tasks:
   - name: package
     description: Create the UDS Zarf Package
     inputs:
       options:
-        description: "For setting create time variables and flags"
+        description: For setting create time variables and flags
     actions:
       - cmd: uds zarf package create --confirm --no-progress --architecture=${ZARF_ARCHITECTURE} --flavor ${FLAVOR} ${{ .inputs.options }}
 

@@ -2,7 +2,7 @@ tasks:
   - name: package
     inputs:
       options:
-        description: "For setting deploy time variables and flags"
+        description: For setting deploy time variables and flags
     actions:
       - description: Deploy the UDS Zarf Package
         cmd: uds zarf package deploy zarf-package-*-${UDS_ARCH}-*.tar.zst --confirm --no-progress ${{ .inputs.options }}

@@ -0,0 +1,13 @@
+tasks:
+  - name: deps
+    description: Install linting tool dependencies
+    actions:
+      - description:
+        cmd: pip install yamllint
+
+  - name: yaml
+    description: Run YAML linting checks
+    actions:
+      # requires yamllint to be installed either from pip or brew
+      - description: Lint YAML files
+        cmd: yamllint . -c .yamllint --no-warnings
@@ -1,6 +1,6 @@
 variables:
   - name: REGISTRY1_TEST_IMAGE
-    default: "registry1.dso.mil/ironbank/opensource/defenseunicorns/zarf/zarf-agent"
+    default: registry1.dso.mil/ironbank/opensource/defenseunicorns/zarf/zarf-agent
 
 tasks:
   - name: k3d-test-cluster
@@ -12,26 +12,26 @@ tasks:
   - name: registry-login
     inputs:
       registry:
-        description: "Registry"
+        description: Registry
       registryUsername:
-        description: "Registry username"
+        description: Registry username
       registryPassword:
-        description: "Registry password"
+        description: Registry password
       registryRetryInterval:
         default: "5"
-        description: "Registry retry interval"
+        description: Registry retry interval
     actions:
       - cmd: |
           echo ${{ .inputs.registryPassword }} | \
             uds zarf tools registry login \
             --username ${{ .inputs.registryUsername }} \
             --password-stdin ${{ .inputs.registry }} \
             >/dev/null
-        description: "Authenticate to the registry"
+        description: Authenticate to the registry
       - cmd: |
           if [ ${{ .inputs.registry }} = "registry1.dso.mil" ]; then
             uds zarf tools registry digest "${REGISTRY1_TEST_IMAGE}" >/dev/null || \
             (sleep ${{ .inputs.registryRetryInterval }}; exit 1)
-          fi 
-        description: "Validate registry connection"
+          fi
+        description: Validate registry connection
         maxRetries: 10