Skip to content

Gitleaks GitHub Action Rule #394

Gitleaks GitHub Action Rule

Gitleaks GitHub Action Rule #394

Workflow file for this run

# Lints the ruletypes and profiles
name: Lint
on:
push:
branches:
- main
pull_request:
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
check-latest: true
- name: Lint Rule Types
run: go run github.com/mindersec/minder/cmd/dev@latest ruletype lint -r rule-types/github --skip-rego
- name: Ensure rule type release_phase is set
run: |
# Directory containing YAML files
DIRECTORY="rule-types/github"
# Allowed values for the "release_phase" field
ALLOWED_VALUES=("alpha" "beta" "ga" "deprecated")
# Iterate over all YAML files in the directory
for file in "$DIRECTORY"/*.yaml; do
echo "Checking file: $file"
# Skip .test.yaml and .test.yml files
if [[ "$file" == *".test.yaml" ]] || [[ "$file" == *".test.yml" ]]; then
echo "Skipping test file: $file"
continue
fi
# Extract the value of the "release_phase" field
release_phase_value=$(yq e '.release_phase' "$file")
# Check if the "release_phase" field is null or missing
if [ "$release_phase_value" == "null" ] || [ -z "$release_phase_value" ]; then
echo "Error: The file '$file' does not have the 'release_phase' field set or it is empty."
exit 1
else
# Validate if the "release_phase" value is one of the allowed values
is_valid=false
for allowed_value in "${ALLOWED_VALUES[@]}"; do
if [ "$release_phase_value" == "$allowed_value" ]; then
is_valid=true
break
fi
done
if [ "$is_valid" == false ]; then
echo "Error: The file '$file' has an invalid 'release_phase' value: $release_phase_value"
echo " Allowed values are: ${ALLOWED_VALUES[*]}"
exit 1
else
echo "The file '$file' has a valid 'release_phase' field set to: $release_phase_value"
fi
fi
done