-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathjustfile
More file actions
137 lines (120 loc) · 4.1 KB
/
justfile
File metadata and controls
137 lines (120 loc) · 4.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Charmarr org automation recipes
# Default recipe - list available recipes
default:
@just --list
# =============================================================================
# Development
# =============================================================================
# Lint all workflow files
actionlint:
#!/usr/bin/env bash
set -euo pipefail
if command -v actionlint &>/dev/null; then
actionlint .github/workflows/*.yaml
elif [[ -x "$HOME/go/bin/actionlint" ]]; then
"$HOME/go/bin/actionlint" .github/workflows/*.yaml
else
echo "actionlint not found. Install with: go install github.com/rhysd/actionlint/cmd/actionlint@latest"
exit 1
fi
# Shellcheck all composite actions
shellcheck-actions:
#!/usr/bin/env bash
set -euo pipefail
errors=0
shopt -s nullglob
for action in actions/*/action.yml actions/*/*/action.yml; do
echo "Checking: $action"
count=$(yq '.runs.steps | length' "$action" 2>/dev/null || echo 0)
for i in $(seq 0 $((count - 1))); do
shell=$(yq ".runs.steps[$i].shell" "$action" 2>/dev/null || echo "")
if [[ "$shell" == "bash" ]]; then
script=$(yq ".runs.steps[$i].run" "$action")
if [[ -n "$script" && "$script" != "null" ]]; then
tmpfile=$(mktemp)
echo "$script" > "$tmpfile"
perl -pi -e 's/\$\{\{[^}]*\}\}/\$_GHA/g' "$tmpfile"
shellcheck -s bash -S warning "$tmpfile" || errors=$((errors + 1))
rm -f "$tmpfile"
fi
fi
done
done
if [[ $errors -gt 0 ]]; then
echo "Found $errors shellcheck issues"
exit 1
fi
echo "All actions passed shellcheck"
# Run all linting (actionlint + shellcheck)
lint: actionlint shellcheck-actions
# =============================================================================
# Org Management
# =============================================================================
# Sync branch rulesets to all repos
sync-rulesets:
#!/usr/bin/env bash
set -euo pipefail
RULESET_NAME="charmarr-default"
# Get all repos in the org
repos=$(gh api orgs/charmarr/repos --paginate --jq '.[].name')
for repo in $repos; do
echo "Processing: $repo"
# Check if main branch exists
if ! gh api repos/charmarr/$repo/branches/main --silent 2>/dev/null; then
echo " No main branch, skipping"
continue
fi
# Check if ruleset already exists
existing_id=$(gh api repos/charmarr/$repo/rulesets --jq ".[] | select(.name == \"$RULESET_NAME\") | .id" 2>/dev/null || echo "")
ruleset_json=$(cat <<'EOF'
{
"name": "charmarr-default",
"target": "branch",
"enforcement": "active",
"conditions": {
"ref_name": {
"include": ["refs/heads/main"],
"exclude": []
}
},
"bypass_actors": [
{
"actor_id": 1,
"actor_type": "OrganizationAdmin",
"bypass_mode": "always"
}
],
"rules": [
{
"type": "deletion"
},
{
"type": "non_fast_forward"
},
{
"type": "pull_request",
"parameters": {
"required_approving_review_count": 1,
"dismiss_stale_reviews_on_push": true,
"require_code_owner_review": false,
"require_last_push_approval": false,
"required_review_thread_resolution": false
}
},
{
"type": "required_linear_history"
}
]
}
EOF
)
if [ -n "$existing_id" ]; then
echo "$ruleset_json" | gh api repos/charmarr/$repo/rulesets/$existing_id -X PUT --input - \
&& echo " ✓ Ruleset updated" \
|| echo " ✗ Failed to update ruleset"
else
echo "$ruleset_json" | gh api repos/charmarr/$repo/rulesets -X POST --input - \
&& echo " ✓ Ruleset created" \
|| echo " ✗ Failed to create ruleset"
fi
done