Skip to content

Commit 97a2554

Browse files
deansheatherdeansheather
committed
chore: add actionlint and zizmor linters
1 parent ee789da commit 97a2554

File tree

13 files changed

+162
-86
lines changed

13 files changed

+162
-86
lines changed

.github/actions/embedded-pg-cache/download/action.yml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,11 @@ runs:
2525
export YEAR_MONTH=$(date +'%Y-%m')
2626
export PREV_YEAR_MONTH=$(date -d 'last month' +'%Y-%m')
2727
export DAY=$(date +'%d')
28-
echo "year-month=$YEAR_MONTH" >> $GITHUB_OUTPUT
29-
echo "prev-year-month=$PREV_YEAR_MONTH" >> $GITHUB_OUTPUT
30-
echo "cache-key=${{ inputs.key-prefix }}-${YEAR_MONTH}-${DAY}" >> $GITHUB_OUTPUT
28+
echo "year-month=$YEAR_MONTH" >> "$GITHUB_OUTPUT"
29+
echo "prev-year-month=$PREV_YEAR_MONTH" >> "$GITHUB_OUTPUT"
30+
echo "cache-key=${KEY_PREFIX}-${YEAR_MONTH}-${DAY}" >> "$GITHUB_OUTPUT"
31+
env:
32+
KEY_PREFIX: ${{ inputs.key-prefix }}
3133

3234
# By default, depot keeps caches for 14 days. This is plenty for embedded
3335
# postgres, which changes infrequently.

.github/actions/test-cache/download/action.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,9 @@ runs:
2727
export YEAR_MONTH=$(date +'%Y-%m')
2828
export PREV_YEAR_MONTH=$(date -d 'last month' +'%Y-%m')
2929
export DAY=$(date +'%d')
30-
echo "year-month=$YEAR_MONTH" >> $GITHUB_OUTPUT
31-
echo "prev-year-month=$PREV_YEAR_MONTH" >> $GITHUB_OUTPUT
32-
echo "cache-key=${{ inputs.key-prefix }}-${YEAR_MONTH}-${DAY}" >> $GITHUB_OUTPUT
30+
echo "year-month=$YEAR_MONTH" >> "$GITHUB_OUTPUT"
31+
echo "prev-year-month=$PREV_YEAR_MONTH" >> "$GITHUB_OUTPUT"
32+
echo "cache-key=${{ inputs.key-prefix }}-${YEAR_MONTH}-${DAY}" >> "$GITHUB_OUTPUT"
3333
3434
# TODO: As a cost optimization, we could remove caches that are older than
3535
# a day or two. By default, depot keeps caches for 14 days, which isn't

.github/actions/upload-datadog/action.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,9 @@ runs:
1212
run: |
1313
set -e
1414
15-
owner=${{ github.repository_owner }}
15+
owner="${{ github.repository_owner }}"
1616
echo "owner: $owner"
17-
if [[ $owner != "coder" ]]; then
17+
if [[ $owner != "coder" ]]; then
1818
echo "Not a pull request from the main repo, skipping..."
1919
exit 0
2020
fi

.github/workflows/ci.yaml

Lines changed: 23 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -171,10 +171,10 @@ jobs:
171171

172172
- name: Get golangci-lint cache dir
173173
run: |
174-
linter_ver=$(egrep -o 'GOLANGCI_LINT_VERSION=\S+' dogfood/coder/Dockerfile | cut -d '=' -f 2)
175-
go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$linter_ver
174+
linter_ver=$(grep -Eo 'GOLANGCI_LINT_VERSION=\S+' dogfood/coder/Dockerfile | cut -d '=' -f 2)
175+
go install "github.com/golangci/golangci-lint/cmd/golangci-lint@v$linter_ver"
176176
dir=$(golangci-lint cache status | awk '/Dir/ { print $2 }')
177-
echo "LINT_CACHE_DIR=$dir" >> $GITHUB_ENV
177+
echo "LINT_CACHE_DIR=$dir" >> "$GITHUB_ENV"
178178
179179
- name: golangci-lint cache
180180
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
@@ -305,8 +305,8 @@ jobs:
305305

306306
- name: make fmt
307307
run: |
308-
export PATH=${PATH}:$(go env GOPATH)/bin
309-
make --output-sync -j -B fmt
308+
PATH="${PATH}:$(go env GOPATH)/bin" \
309+
make --output-sync -j -B fmt
310310
311311
- name: Check for unstaged files
312312
run: ./scripts/check_unstaged.sh
@@ -340,8 +340,8 @@ jobs:
340340
- name: Disable Spotlight Indexing
341341
if: runner.os == 'macOS'
342342
run: |
343-
enabled=$(sudo mdutil -a -s | grep "Indexing enabled" | wc -l)
344-
if [ $enabled -eq 0 ]; then
343+
enabled=$(sudo mdutil -a -s | grep -c "Indexing enabled")
344+
if [ "$enabled" -eq 0 ]; then
345345
echo "Spotlight indexing is already disabled"
346346
exit 0
347347
fi
@@ -485,7 +485,7 @@ jobs:
485485
# terraform gets installed in a random directory, so we need to normalize
486486
# the path to the terraform binary or a bunch of cached tests will be
487487
# invalidated. See scripts/normalize_path.sh for more details.
488-
normalize_path_with_symlinks "$RUNNER_TEMP/sym" "$(dirname $(which terraform))"
488+
normalize_path_with_symlinks "$RUNNER_TEMP/sym" "$(dirname "$(which terraform)")"
489489
490490
gotestsum --format standard-quiet --packages "$PACKAGES" \
491491
-- -timeout=20m -v -p $NUM_PARALLEL_PACKAGES -parallel=$NUM_PARALLEL_TESTS $TESTCOUNT
@@ -683,7 +683,7 @@ jobs:
683683
- name: Setup Node
684684
uses: ./.github/actions/setup-node
685685

686-
- run: pnpm test:ci --max-workers $(nproc)
686+
- run: pnpm test:ci --max-workers "$(nproc)"
687687
working-directory: site
688688

689689
test-e2e:
@@ -963,9 +963,11 @@ jobs:
963963
- name: Setup build tools
964964
run: |
965965
brew install bash gnu-getopt make
966-
echo "$(brew --prefix bash)/bin" >> $GITHUB_PATH
967-
echo "$(brew --prefix gnu-getopt)/bin" >> $GITHUB_PATH
968-
echo "$(brew --prefix make)/libexec/gnubin" >> $GITHUB_PATH
966+
{
967+
echo "$(brew --prefix bash)/bin"
968+
echo "$(brew --prefix gnu-getopt)/bin"
969+
echo "$(brew --prefix make)/libexec/gnubin"
970+
} >> "$GITHUB_PATH"
969971
970972
- name: Switch XCode Version
971973
uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
@@ -1144,18 +1146,18 @@ jobs:
11441146

11451147
- name: Insert dylibs
11461148
run: |
1147-
mv ./build/*amd64.dylib ./site/out/bin/coder-vpn-darwin-amd64.dylib
1148-
mv ./build/*arm64.dylib ./site/out/bin/coder-vpn-darwin-arm64.dylib
1149-
mv ./build/*arm64.h ./site/out/bin/coder-vpn-darwin-dylib.h
1149+
mv "./build/*amd64.dylib" ./site/out/bin/coder-vpn-darwin-amd64.dylib
1150+
mv "./build/*arm64.dylib" ./site/out/bin/coder-vpn-darwin-arm64.dylib
1151+
mv "./build/*arm64.h" ./site/out/bin/coder-vpn-darwin-dylib.h
11501152
11511153
- name: Build
11521154
run: |
11531155
set -euxo pipefail
11541156
go mod download
11551157
11561158
version="$(./scripts/version.sh)"
1157-
tag="main-$(echo "$version" | sed 's/+/-/g')"
1158-
echo "tag=$tag" >> $GITHUB_OUTPUT
1159+
tag="main-${version//+/-}"
1160+
echo "tag=$tag" >> "$GITHUB_OUTPUT"
11591161
11601162
make gen/mark-fresh
11611163
make -j \
@@ -1191,8 +1193,8 @@ jobs:
11911193
11921194
# build Docker images for each architecture
11931195
version="$(./scripts/version.sh)"
1194-
tag="main-$(echo "$version" | sed 's/+/-/g')"
1195-
echo "tag=$tag" >> $GITHUB_OUTPUT
1196+
tag="main-${version//+/-}"
1197+
echo "tag=$tag" >> "$GITHUB_OUTPUT"
11961198
11971199
# build images for each architecture
11981200
# note: omitting the -j argument to avoid race conditions when pushing
@@ -1212,10 +1214,11 @@ jobs:
12121214
# we are adding `latest` tag and keeping `main` for backward
12131215
# compatibality
12141216
for t in "${tags[@]}"; do
1217+
# shellcheck disable=SC2046
12151218
./scripts/build_docker_multiarch.sh \
12161219
--push \
12171220
--target "ghcr.io/coder/coder-preview:$t" \
1218-
--version $version \
1221+
--version "$version" \
12191222
$(cat build/coder_"$version"_linux_{amd64,arm64,armv7}.tag)
12201223
done
12211224
fi

.github/workflows/dogfood.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ jobs:
7070
tag=${{ steps.branch-name.outputs.current_branch }}
7171
# Replace / with --, e.g. user/feature => user--feature.
7272
tag=${tag//\//--}
73-
echo "tag=${tag}" >> $GITHUB_OUTPUT
73+
echo "tag=${tag}" >> "$GITHUB_OUTPUT"
7474
7575
- name: Set up Depot CLI
7676
uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
@@ -107,11 +107,11 @@ jobs:
107107
108108
CURRENT_SYSTEM=$(nix eval --impure --raw --expr 'builtins.currentSystem')
109109
110-
docker image tag codercom/oss-dogfood-nix:latest-$CURRENT_SYSTEM codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }}
111-
docker image push codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }}
110+
docker image tag "codercom/oss-dogfood-nix:latest-$CURRENT_SYSTEM" "codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }}"
111+
docker image push "codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }}"
112112
113-
docker image tag codercom/oss-dogfood-nix:latest-$CURRENT_SYSTEM codercom/oss-dogfood-nix:latest
114-
docker image push codercom/oss-dogfood-nix:latest
113+
docker image tag "codercom/oss-dogfood-nix:latest-$CURRENT_SYSTEM" "codercom/oss-dogfood-nix:latest"
114+
docker image push "codercom/oss-dogfood-nix:latest"
115115
116116
deploy_template:
117117
needs: build_image
@@ -152,12 +152,12 @@ jobs:
152152
- name: Get short commit SHA
153153
if: github.ref == 'refs/heads/main'
154154
id: vars
155-
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
155+
run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
156156

157157
- name: Get latest commit title
158158
if: github.ref == 'refs/heads/main'
159159
id: message
160-
run: echo "pr_title=$(git log --format=%s -n 1 ${{ github.sha }})" >> $GITHUB_OUTPUT
160+
run: echo "pr_title=$(git log --format=%s -n 1 ${{ github.sha }})" >> "$GITHUB_OUTPUT"
161161

162162
- name: "Push template"
163163
if: github.ref == 'refs/heads/main'

.github/workflows/nightly-gauntlet.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ jobs:
3737
- name: Disable Spotlight Indexing
3838
if: runner.os == 'macOS'
3939
run: |
40-
enabled=$(sudo mdutil -a -s | grep "Indexing enabled" | wc -l)
41-
if [ $enabled -eq 0 ]; then
40+
enabled=$(sudo mdutil -a -s | grep -c "Indexing enabled")
41+
if [ "$enabled" -eq 0 ]; then
4242
echo "Spotlight indexing is already disabled"
4343
exit 0
4444
fi

.github/workflows/pr-cleanup.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,9 @@ jobs:
2727
id: pr_number
2828
run: |
2929
if [ -n "${{ github.event.pull_request.number }}" ]; then
30-
echo "PR_NUMBER=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
30+
echo "PR_NUMBER=${{ github.event.pull_request.number }}" >> "$GITHUB_OUTPUT"
3131
else
32-
echo "PR_NUMBER=${{ github.event.inputs.pr_number }}" >> $GITHUB_OUTPUT
32+
echo "PR_NUMBER=${{ github.event.inputs.pr_number }}" >> "$GITHUB_OUTPUT"
3333
fi
3434
3535
- name: Delete image

.github/workflows/pr-deploy.yaml

Lines changed: 22 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ jobs:
5555
echo "PR doesn't exist or is closed."
5656
pr_open=false
5757
fi
58-
echo "pr_open=$pr_open" >> $GITHUB_OUTPUT
58+
echo "pr_open=$pr_open" >> "$GITHUB_OUTPUT"
5959
env:
6060
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6161

@@ -90,18 +90,20 @@ jobs:
9090
PR_NUMBER=$(gh pr view --json number | jq -r '.number')
9191
PR_TITLE=$(gh pr view --json title | jq -r '.title')
9292
PR_URL=$(gh pr view --json url | jq -r '.url')
93-
echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT
94-
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT
95-
echo "PR_TITLE=$PR_TITLE" >> $GITHUB_OUTPUT
93+
{
94+
echo "PR_URL=$PR_URL"
95+
echo "PR_NUMBER=$PR_NUMBER"
96+
echo "PR_TITLE=$PR_TITLE"
97+
} >> "$GITHUB_OUTPUT"
9698
env:
9799
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
98100

99101
- name: Set required tags
100102
id: set_tags
101103
run: |
102104
set -euo pipefail
103-
echo "CODER_BASE_IMAGE_TAG=$CODER_BASE_IMAGE_TAG" >> $GITHUB_OUTPUT
104-
echo "CODER_IMAGE_TAG=$CODER_IMAGE_TAG" >> $GITHUB_OUTPUT
105+
echo "CODER_BASE_IMAGE_TAG=$CODER_BASE_IMAGE_TAG" >> "$GITHUB_OUTPUT"
106+
echo "CODER_IMAGE_TAG=$CODER_IMAGE_TAG" >> "$GITHUB_OUTPUT"
105107
env:
106108
CODER_BASE_IMAGE_TAG: ghcr.io/coder/coder-preview-base:pr${{ steps.pr_info.outputs.PR_NUMBER }}
107109
CODER_IMAGE_TAG: ghcr.io/coder/coder-preview:pr${{ steps.pr_info.outputs.PR_NUMBER }}
@@ -125,7 +127,7 @@ jobs:
125127
echo "Deployment doesn't exist."
126128
NEW=true
127129
fi
128-
echo "NEW=$NEW" >> $GITHUB_OUTPUT
130+
echo "NEW=$NEW" >> "$GITHUB_OUTPUT"
129131
130132
- name: Check changed files
131133
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
@@ -162,9 +164,9 @@ jobs:
162164
run: |
163165
set -euo pipefail
164166
# build if the workflow is manually triggered and the deployment doesn't exist (first build or force rebuild)
165-
echo "first_or_force_build=${{ (github.event_name == 'workflow_dispatch' && steps.check_deployment.outputs.NEW == 'true') || github.event.inputs.build == 'true' }}" >> $GITHUB_OUTPUT
167+
echo "first_or_force_build=${{ (github.event_name == 'workflow_dispatch' && steps.check_deployment.outputs.NEW == 'true') || github.event.inputs.build == 'true' }}" >> "$GITHUB_OUTPUT"
166168
# build if the deployment already exist and there are changes in the files that we care about (automatic updates)
167-
echo "automatic_rebuild=${{ steps.check_deployment.outputs.NEW == 'false' && steps.filter.outputs.all_count > steps.filter.outputs.ignored_count }}" >> $GITHUB_OUTPUT
169+
echo "automatic_rebuild=${{ steps.check_deployment.outputs.NEW == 'false' && steps.filter.outputs.all_count > steps.filter.outputs.ignored_count }}" >> "$GITHUB_OUTPUT"
168170
169171
comment-pr:
170172
needs: get_info
@@ -250,12 +252,13 @@ jobs:
250252
make gen/mark-fresh
251253
export DOCKER_IMAGE_NO_PREREQUISITES=true
252254
version="$(./scripts/version.sh)"
253-
export CODER_IMAGE_BUILD_BASE_TAG="$(CODER_IMAGE_BASE=coder-base ./scripts/image_tag.sh --version "$version")"
255+
CODER_IMAGE_BUILD_BASE_TAG="$(CODER_IMAGE_BASE=coder-base ./scripts/image_tag.sh --version "$version")"
256+
export CODER_IMAGE_BUILD_BASE_TAG
254257
make -j build/coder_linux_amd64
255258
./scripts/build_docker.sh \
256259
--arch amd64 \
257-
--target ${{ env.CODER_IMAGE_TAG }} \
258-
--version $version \
260+
--target "${{ env.CODER_IMAGE_TAG }}" \
261+
--version "$version" \
259262
--push \
260263
build/coder_linux_amd64
261264
@@ -404,14 +407,14 @@ jobs:
404407
DEST="${HOME}/coder"
405408
URL="https://${{ env.PR_HOSTNAME }}/bin/coder-linux-amd64"
406409
407-
mkdir -p "$(dirname ${DEST})"
410+
mkdir -p "$(dirname "$DEST")"
408411
409412
COUNT=0
410-
until $(curl --output /dev/null --silent --head --fail "$URL"); do
413+
until curl --output /dev/null --silent --head --fail "$URL"; do
411414
printf '.'
412415
sleep 5
413416
COUNT=$((COUNT+1))
414-
if [ $COUNT -ge 60 ]; then
417+
if [ "$COUNT" -ge 60 ]; then
415418
echo "Timed out waiting for URL to be available"
416419
exit 1
417420
fi
@@ -435,12 +438,12 @@ jobs:
435438
436439
# add mask so that the password is not printed to the logs
437440
echo "::add-mask::$password"
438-
echo "password=$password" >> $GITHUB_OUTPUT
441+
echo "password=$password" >> "$GITHUB_OUTPUT"
439442
440443
coder login \
441-
--first-user-username pr${{ env.PR_NUMBER }}-admin \
442-
--first-user-email pr${{ env.PR_NUMBER }}@coder.com \
443-
--first-user-password $password \
444+
--first-user-username "pr${{ env.PR_NUMBER }}-admin" \
445+
--first-user-email "pr${{ env.PR_NUMBER }}@coder.com" \
446+
--first-user-password "$password" \
444447
--first-user-trial=false \
445448
--use-token-as-session \
446449
https://${{ env.PR_HOSTNAME }}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy