refactor(ci): improve dependabot file style #3

Workflow file for this run

.github/workflows/validate_new_changes.yml at dcdbb4d

	name: "New changes validation"

	on:
	pull_request: # yamllint disable-line rule:empty-values

	permissions:
	contents: "read"
	packages: "read"

	env:
	REGISTRY: "ghcr.io"
	IMAGE_NAME: "articola-tools/markdown-linter"

	jobs:
	find-changed-files:
	runs-on: "ubuntu-latest"
	outputs:
	is_yaml_changed: "${{ steps.filter.outputs.yaml }}"
	is_dockerfile_changed: "${{ steps.filter.outputs.dockerfile }}"
	is_markdown_linter_image_changed: "${{ steps.filter.outputs.markdown-linter-image }}"
	is_markdown_changed: "${{ steps.filter.outputs.markdown }}"
	permissions:
	pull-requests: "read"
	steps:
	- name: "Checkout ${{ github.event.repository.name }}"
	uses: "actions/checkout@v4"
	with:
	fetch-depth: 1

	- name: "Find changed files"
	uses: "dorny/paths-filter@v3"
	id: "filter"
	with:
	filters: \|
	yaml:
	- "*/.yaml"
	- "*/.yml"
	dockerfile:
	- "**/Dockerfile"
	markdown-linter-image:
	- "**/Dockerfile"
	- "**/.dockerignore"
	- "**/.mdl_style.rb"
	- "**/.mdlrc"
	markdown:
	- "*/.md"

	validate-markdown-linter-image:
	runs-on: "ubuntu-latest"
	needs: "find-changed-files"
	if: "${{ needs.find-changed-files.outputs.is_markdown_linter_image_changed == 'true' }}"

	# NOTE: building and running Docker image of Markdown linter take around 1 minute.
	# If this job takes more than 5 minutes, it means that something is wrong.
	timeout-minutes: 5
	steps:
	- name: "Checkout ${{ github.event.repository.name }}"
	uses: "actions/checkout@v4"

	- name: "Set up Docker Buildx"
	uses: "docker/setup-buildx-action@v3"

	- name: "Login to Docker registry"
	uses: "docker/login-action@v3"
	with:
	registry: "${{ env.REGISTRY }}"
	username: "${{ github.actor }}"
	password: "${{ secrets.GITHUB_TOKEN }}"

	- name: "Build Markdown linter Docker image"
	uses: "docker/build-push-action@v6"
	with:
	push: false
	load: true

	# NOTE: using another name to don't allow docker to download image from the internet in the next step.
	tags: "local/markdown-linter-pr:latest"
	cache-from: "type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
	cache-to: "type=inline"

	- name: "Run local Markdown linter"
	run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo local/markdown-linter-pr:latest"

	- name: "Run Trivy vulnerability scanner"
	uses: "aquasecurity/[email protected]"
	env:
	# NOTE: this is needed because sometimes GHCR hits the rate limit, and AWS will be used instead.
	TRIVY_DB_REPOSITORY: "ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db"
	with:
	image-ref: "local/markdown-linter-pr:latest"
	format: "table"
	exit-code: "1"
	ignore-unfixed: true
	vuln-type: "os,library"
	severity: "CRITICAL,HIGH,MEDIUM,LOW"
	scanners: "vuln,secret,misconfig"

	validate-dockerfile-changes:
	runs-on: "ubuntu-latest"
	needs: "find-changed-files"
	if: "${{ needs.find-changed-files.outputs.is_dockerfile_changed == 'true' }}"

	# NOTE: validating Dockerfile changes takes around 1 minute.
	# If this job takes more than 5 minutes, it means that something is wrong.
	timeout-minutes: 5
	steps:
	- name: "Checkout ${{ github.event.repository.name }}"
	uses: "actions/checkout@v4"

	- name: "Login to Docker registry"
	uses: "docker/login-action@v3"
	with:
	registry: "${{ env.REGISTRY }}"
	username: "${{ github.actor }}"
	password: "${{ secrets.GITHUB_TOKEN }}"

	- name: "Run Dockerfile linter"
	run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo
	${{ env.REGISTRY }}/articola-tools/dockerfile-linter:latest"

	validate-yaml-changes:
	runs-on: "ubuntu-latest"
	needs: "find-changed-files"

	if: "${{ needs.find-changed-files.outputs.is_yaml_changed == 'true' }}"

	# NOTE: validating YAML changes takes around 1 minute.
	# If this job takes more than 5 minutes, it means that something is wrong.
	timeout-minutes: 5
	steps:
	- name: "Checkout ${{ github.event.repository.name }}"
	uses: "actions/checkout@v4"

	- name: "Login to Docker registry"
	uses: "docker/login-action@v3"
	with:
	registry: "${{ env.REGISTRY }}"
	username: "${{ github.actor }}"
	password: "${{ secrets.GITHUB_TOKEN }}"

	- name: "Run YAML linter"
	run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo
	${{ env.REGISTRY }}/articola-tools/yaml-linter:latest"

	validate-markdown-changes:
	runs-on: "ubuntu-latest"
	needs: "find-changed-files"

	# NOTE: do not run this job when `is_markdown_linter_image_changed` is true, because this job validates Markdown
	# changes with the latest released markdown-linter image, and new changes in markdown-linter image can introduce
	# false positives for this job (since changes in markdown-linter can change Markdown rules).
	if: "${{ needs.find-changed-files.outputs.is_markdown_changed == 'true'
	&& needs.find-changed-files.outputs.is_markdown_linter_image_changed == 'false' }}"

	# NOTE: validating Markdown changes takes around 1 minute.
	# If this job takes more than 5 minutes, it means that something is wrong.
	timeout-minutes: 5
	steps:
	- name: "Checkout ${{ github.event.repository.name }}"
	uses: "actions/checkout@v4"

	- name: "Login to Docker registry"
	uses: "docker/login-action@v3"
	with:
	registry: "${{ env.REGISTRY }}"
	username: "${{ github.actor }}"
	password: "${{ secrets.GITHUB_TOKEN }}"

	- name: "Run Markdown linter"
	run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo
	${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor(ci): improve dependabot file style #3

Workflow file

refactor(ci): improve dependabot file style #3

Jobs

Run details

Workflow file for this run