Gitleaks GitHub Action Rule #394
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Lints the ruletypes and profiles | |
name: Lint | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Set up Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 | |
with: | |
check-latest: true | |
- name: Lint Rule Types | |
run: go run github.com/mindersec/minder/cmd/dev@latest ruletype lint -r rule-types/github --skip-rego | |
- name: Ensure rule type release_phase is set | |
run: | | |
# Directory containing YAML files | |
DIRECTORY="rule-types/github" | |
# Allowed values for the "release_phase" field | |
ALLOWED_VALUES=("alpha" "beta" "ga" "deprecated") | |
# Iterate over all YAML files in the directory | |
for file in "$DIRECTORY"/*.yaml; do | |
echo "Checking file: $file" | |
# Skip .test.yaml and .test.yml files | |
if [[ "$file" == *".test.yaml" ]] || [[ "$file" == *".test.yml" ]]; then | |
echo "Skipping test file: $file" | |
continue | |
fi | |
# Extract the value of the "release_phase" field | |
release_phase_value=$(yq e '.release_phase' "$file") | |
# Check if the "release_phase" field is null or missing | |
if [ "$release_phase_value" == "null" ] || [ -z "$release_phase_value" ]; then | |
echo "Error: The file '$file' does not have the 'release_phase' field set or it is empty." | |
exit 1 | |
else | |
# Validate if the "release_phase" value is one of the allowed values | |
is_valid=false | |
for allowed_value in "${ALLOWED_VALUES[@]}"; do | |
if [ "$release_phase_value" == "$allowed_value" ]; then | |
is_valid=true | |
break | |
fi | |
done | |
if [ "$is_valid" == false ]; then | |
echo "Error: The file '$file' has an invalid 'release_phase' value: $release_phase_value" | |
echo " Allowed values are: ${ALLOWED_VALUES[*]}" | |
exit 1 | |
else | |
echo "The file '$file' has a valid 'release_phase' field set to: $release_phase_value" | |
fi | |
fi | |
done |