Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .github/workflows/code-coverage.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
concurrency:

Check warning on line 1 in .github/workflows/code-coverage.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

1:1 [document-start] missing document start "---"
cancel-in-progress: true
group: coverage-${{ github.workflow }}-${{ github.ref }}
jobs:
Expand All @@ -7,7 +7,7 @@
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0

Check warning on line 10 in .github/workflows/code-coverage.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

10:84 [comments] too few spaces before comment
with:
egress-policy: audit

Expand Down Expand Up @@ -56,7 +56,7 @@
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0

Check warning on line 59 in .github/workflows/code-coverage.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

59:84 [comments] too few spaces before comment
with:
egress-policy: audit

Expand Down Expand Up @@ -185,7 +185,7 @@
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0

Check warning on line 188 in .github/workflows/code-coverage.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

188:84 [comments] too few spaces before comment
with:
egress-policy: audit

Expand Down Expand Up @@ -278,14 +278,12 @@
python-version: ["3.11", "3.12"]
timeout-minutes: 20
name: Code Coverage
on:

Check warning on line 281 in .github/workflows/code-coverage.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

281:1 [truthy] truthy value should be one of [false, true]
pull_request:
branches: [main, dev]
push:
branches: [main, dev]
workflow_dispatch:



permissions:
contents: read
6 changes: 3 additions & 3 deletions .github/workflows/dataset-integrity.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@
# - integrity-summary: Aggregates results into a single status check
# =============================================================================

name: Dataset Integrity

Check warning on line 14 in .github/workflows/dataset-integrity.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

14:1 [document-start] missing document start "---"

on:

Check warning on line 16 in .github/workflows/dataset-integrity.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

16:1 [truthy] truthy value should be one of [false, true]
pull_request:
branches: [main, dev]
paths:
Expand Down Expand Up @@ -67,9 +67,9 @@

steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0

Check warning on line 70 in .github/workflows/dataset-integrity.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

70:90 [comments] too few spaces before comment
with:
egress-policy: audit
egress-policy: audit

- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
Expand Down Expand Up @@ -186,9 +186,9 @@

steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0

Check warning on line 189 in .github/workflows/dataset-integrity.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

189:90 [comments] too few spaces before comment
with:
egress-policy: audit
egress-policy: audit

- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
Expand Down Expand Up @@ -489,9 +489,9 @@
timeout-minutes: 1
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0

Check warning on line 492 in .github/workflows/dataset-integrity.yml

View workflow job for this annotation

GitHub Actions / Validate Copilot setup files & linters

492:90 [comments] too few spaces before comment
with:
egress-policy: audit
egress-policy: audit

- name: Aggregate status
env:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ossar.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
uses: github/ossar-action@v1
id: ossar

# Upload results to the Security tab
# Upload results to the Security tab
- name: Upload OSSAR results
uses: github/codeql-action/upload-sarif@v3
with:
Expand Down
61 changes: 61 additions & 0 deletions tests/test_workflow_yamllint_regressions.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
from __future__ import annotations

from pathlib import Path

import pytest
import yaml


REPO_ROOT = Path(__file__).resolve().parents[1]


def _read(path: str) -> str:
return (REPO_ROOT / path).read_text(encoding="utf-8")


@pytest.mark.unit
def test_code_coverage_workflow_no_triple_blank_before_permissions() -> None:
content = _read(".github/workflows/code-coverage.yml")
assert "\n\n\npermissions:" not in content


@pytest.mark.unit
def test_dataset_integrity_harden_runner_with_block_indentation() -> None:
content = _read(".github/workflows/dataset-integrity.yml")
bad_indent = "with:\n egress-policy: audit" # 16 leading spaces on egress-policy
good_indent = "with:\n egress-policy: audit" # 18 leading spaces on egress-policy
assert bad_indent not in content
assert content.count(good_indent) == 3


@pytest.mark.unit
def test_workflow_files_end_with_newline() -> None:
for rel_path in (
".github/workflows/github_workflows_autofix-pr.yml",
".github/workflows/github_workflows_validate-workflows.yml",
):
assert _read(rel_path).endswith("\n")


@pytest.mark.unit
def test_ossar_workflow_steps_and_branch_spacing_regression() -> None:
content = _read(".github/workflows/ossar.yml")
workflow = yaml.safe_load(content)
triggers = workflow.get("on", workflow.get(True))
assert triggers is not None, "Expected workflow triggers under key 'on' (or YAML-1.1 boolean True fallback)."
steps = workflow["jobs"]["OSSAR-Scan"]["steps"]

assert triggers["push"]["branches"] == ["main"]
assert triggers["pull_request"]["branches"] == ["main"]
assert steps[0]["name"] == "Checkout repository"
Comment on lines +48 to +50


@pytest.mark.unit
def test_summary_workflow_has_no_trailing_whitespace() -> None:
content = _read(".github/workflows/summary.yml")
trailing_ws_lines = [
line_number
for line_number, line in enumerate(content.splitlines(), start=1)
if line != line.rstrip(" \t")
]
assert not trailing_ws_lines, f"Trailing whitespace found on lines: {trailing_ws_lines}"
Loading