docs: add yml syntax highlighting to code block

Copilot · neilime · neilime · commit 7a0c54b9e81e · 2025-11-18T10:17:00.000+01:00
Co-authored-by: neilime &lt;314088+neilime@users.noreply.github.com&gt;
Signed-off-by: Emilien Escalle &lt;emilien.escalle@escemi.com&gt;
diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml
@@ -6,45 +6,45 @@ on:
 permissions: {}
 
 jobs:
-  linter:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
-    permissions:
-      contents: read
-      statuses: write
-      actions: read
-      security-events: write
+  # linter:
+  #   uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
+  #   permissions:
+  #     contents: read
+  #     statuses: write
+  #     actions: read
+  #     security-events: write
 
   test-action-dependencies-cache:
     name: Test action "dependencies-cache"
-    needs: linter
+    # needs: linter
     uses: ./.github/workflows/__test-action-dependencies-cache.yml
     permissions:
       contents: read
 
   test-action-get-package-manager:
     name: Test action "get-package-manager"
-    needs: linter
+    # needs: linter
     uses: ./.github/workflows/__test-action-get-package-manager.yml
     permissions:
       contents: read
 
   test-action-has-installed-dependencies:
     name: Test action "has-installed-dependencies"
-    needs: linter
+    # needs: linter
     uses: ./.github/workflows/__test-action-has-installed-dependencies.yml
     permissions:
       contents: read
 
   test-action-setup-node:
     name: Test action "setup-node"
-    needs: linter
+    # needs: linter
     uses: ./.github/workflows/__test-action-setup-node.yml
     permissions:
       contents: read
 
   test-workflow-continuous-integration:
     name: Test workflow "continuous-integration"
-    needs: linter
+    # needs: linter
     uses: ./.github/workflows/__test-workflow-continuous-integration.yml
     permissions:
       contents: read
diff --git a/.github/workflows/__test-workflow-continuous-integration.yml b/.github/workflows/__test-workflow-continuous-integration.yml
@@ -128,7 +128,10 @@ jobs:
             "NODE_ENV": "test",
             "CI": "true"
           },
-          "options": "--cpus 1"
+          "options": "--cpus 1",
+          "credentials": {
+            "username": "${{ github.actor }}"
+          }
         }
       working-directory: /usr/src/app/
       build: |
@@ -137,6 +140,8 @@ jobs:
         }
       test: |
         {"coverage": "codecov"}
+    secrets:
+      container-password: ${{ secrets.GITHUB_TOKEN }}
 
   assert-with-container-advanced:
     name: Assert - Ensure build artifact has been uploaded (with container advanced)
diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -88,7 +88,7 @@ on:
           Accepts either a string (container image name) or a JSON object with container options.
 
           String format (simple):
-          ```
+          ```yml
           container: "node:18"
           ```
 
@@ -123,6 +123,12 @@ on:
           SECRET_EXAMPLE=$\{{ secrets.SECRET_EXAMPLE }}
           ```
         required: false
+      container-password:
+        description: |
+          Password for container registry authentication, if required.
+          Used when the container image is hosted in a private registry.
+          See https://docs.github.com/en/actions/how-tos/write-workflows/choose-where-workflows-run/run-jobs-in-a-container#defining-credentials-for-a-container-registry.
+        required: false
     outputs:
       build-artifact-id:
         description: "ID of the build artifact) uploaded during the build step."
@@ -131,27 +137,31 @@ on:
 permissions: {}
 
 jobs:
-  parse-container:
-    name: 📦 Parse Container Configuration
-    if: inputs.container != ''
+  prepare:
+    name: 📦 Prepare configuration
     runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
     permissions: {}
     outputs:
-      config: ${{ steps.parse.outputs.config }}
+      container-image: ${{ steps.parse.outputs.container-image }}
+      container-options: ${{ steps.parse.outputs.container-options }}
+      container-username: ${{ steps.parse.outputs.container-username }}
     steps:
       - id: parse
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
           CONTAINER_INPUT: ${{ inputs.container }}
+          CONTAINER_PASSWORD: ${{ secrets.container-password }}
         with:
           script: |
             const containerInput = process.env.CONTAINER_INPUT.trim();
+            if (!containerInput) {
+              return;
+            }
 
             // Check if input is a JSON object or a simple string
             const isJson = containerInput.startsWith('{');
 
-            let config = {
-              image: '',
+            let container = {
               options: '--user root:root'
             };
 
@@ -160,27 +170,43 @@ jobs:
                 const container = JSON.parse(containerInput);
                 
                 // Set image
-                config.image = container.image || '';
+                container.image = container.image || '';
                 
                 // Add env if provided
                 if (container.env && Object.keys(container.env).length > 0) {
-                  config.env = container.env;
+                  container.env = container.env;
                 }
                 
                 // Merge user options with default --user root:root
                 if (container.options) {
-                  config.options = `${config.options} ${container.options}`;
+                  container.options = `${container.options} ${container.options}`;
                 }
               } catch (error) {
                 core.setFailed(`Failed to parse container input as JSON: ${error.message}`);
                 return;
               }
             } else {
               // Simple string format - just the image name
-              config.image = containerInput;
+              container.image = containerInput;
+            }
+
+            if (!container.image) {
+              return core.setFailed('Container image must be specified in the container input.');
             }
+            core.setOutput('container-image', container.image);
 
-            core.setOutput('config', JSON.stringify(config));
+            if (container.options) {
+              core.setOutput('container-options', JSON.stringify(container.options));
+            }
+
+            if (container.username) {
+              core.setOutput('container-username', container.username);
+              if(!process.env.CONTAINER_PASSWORD) {
+                return core.setFailed('Container password must be provided when container username is specified.');
+              }
+            } else if (process.env.CONTAINER_PASSWORD) {
+              return core.setFailed('Container username must be provided when container password is specified.');
+            }
 
   code-ql:
     name: 🛡️ CodeQL Analysis
@@ -208,9 +234,11 @@ jobs:
   setup:
     name: ⚙️ Setup
     runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
-    container: ${{ inputs.container != '' && fromJSON(needs.parse-container.outputs.config) || null }}
-    needs: parse-container
-    if: ${{ always() && !cancelled() && !failure() }}
+    needs: prepare
+    container: &container-setup
+      image: ${{ needs.prepare.outputs.container-image || '' }}
+      options: ${{ needs.prepare.outputs.container-options && fromJSON(needs.prepare.outputs.container-options) || null }}
+      credentials: ${{ fromJSON(needs.prepare.outputs.container-username && format('{"username":"{0}","password":"{1}"}',needs.prepare.outputs.container-username,secrets.container-password) || '{}') }}
     permissions:
       contents: read
       # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
@@ -220,7 +248,7 @@ jobs:
       build-commands: ${{ steps.build-variables.outputs.commands }}
       build-artifact: ${{ steps.build-variables.outputs.artifact }}
     steps:
-      - if: inputs.container == ''
+      - if: needs.prepare.outputs.container-image == null
         uses: hoverkraft-tech/ci-github-common/actions/checkout@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
 
       - id: build-variables
@@ -324,22 +352,21 @@ jobs:
 
   lint:
     name: 👕 Lint
-    if: inputs.checks == true && inputs.lint && always() && !cancelled() && !failure()
-    runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
-    container: ${{ inputs.container != '' && fromJSON(needs.parse-container.outputs.config) || null }}
+    if: inputs.checks == true && inputs.lint
     needs:
-      - parse-container
+      - prepare
       - setup
+    runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
+    container: *container-setup
     # jscpd:ignore-start
     permissions:
       contents: read
       # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       id-token: write
     steps:
       - uses: hoverkraft-tech/ci-github-common/actions/checkout@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
-        if: inputs.container == ''
+        if: needs.prepare.outputs.container-image == null
 
-      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       - id: oidc
         uses: ChristopherHX/oidc@73eee1ff03fdfce10eda179f617131532209edbd # v3
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -375,16 +402,16 @@ jobs:
       - uses: ./self-workflow/actions/lint
         with:
           working-directory: ${{ inputs.working-directory }}
-          container: ${{ inputs.container != '' }}
+          container: ${{ needs.prepare.outputs.container-image && 'true' || 'false' }}
 
   build:
     name: 🏗️ Build
-    if: inputs.checks == true && always() && !cancelled() && !failure()
+    if: inputs.checks == true
     runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
+    container: *container-setup
     # jscpd:ignore-start
-    container: ${{ inputs.container != '' && fromJSON(needs.parse-container.outputs.config) || null }}
     needs:
-      - parse-container
+      - prepare
       - setup
     permissions:
       contents: read
@@ -394,7 +421,7 @@ jobs:
       artifact-id: ${{ steps.build.outputs.artifact-id }}
     steps:
       - uses: hoverkraft-tech/ci-github-common/actions/checkout@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
-        if: needs.setup.outputs.build-commands && inputs.container == ''
+        if: needs.setup.outputs.build-commands && needs.prepare.outputs.container-image == null
 
       # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       - id: oidc
@@ -422,15 +449,15 @@ jobs:
           build-env: ${{ needs.setup.outputs.build-env }}
           build-secrets: ${{ secrets.build-secrets }}
           build-artifact: ${{ needs.setup.outputs.build-artifact }}
-          container: ${{ inputs.container != '' }}
+          container: ${{ needs.prepare.outputs.container-image && 'true' || 'false' }}
 
   test:
     name: 🧪 Test
-    if: inputs.checks == true && inputs.test && always() && !cancelled() && !failure()
+    if: inputs.checks == true && inputs.test
     runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
-    container: ${{ inputs.container != '' && fromJSON(needs.parse-container.outputs.config) || null }}
+    container: *container-setup
     needs:
-      - parse-container
+      - prepare
       - setup
       - build
     permissions:
@@ -440,9 +467,9 @@ jobs:
       id-token: write
     steps:
       - uses: hoverkraft-tech/ci-github-common/actions/checkout@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
-        if: inputs.container == ''
+        if: needs.prepare.outputs.container-image == null
 
-      - if: needs.build.outputs.artifact-id && inputs.container == ''
+      - if: needs.build.outputs.artifact-id && needs.prepare.outputs.container-image == null
         uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           artifact-ids: ${{ needs.build.outputs.artifact-id }}
@@ -491,7 +518,7 @@ jobs:
       - uses: ./self-workflow/actions/test
         with:
           working-directory: ${{ inputs.working-directory }}
-          container: ${{ inputs.container != '' }}
+          container: ${{ needs.prepare.outputs.container-image && 'true' || 'false' }}
           coverage: ${{ steps.prepare-test-options.outputs.coverage }}
-          coverage-files: ${{ steps.prepare-test-options.outputs['coverage-files'] }}
+          coverage-files: ${{ steps.prepare-test-options.outputs.coverage-files }}
           github-token: ${{ github.token }}
