Created
March 18, 2026 13:58
-
-
Save pHo9UBenaA/fe77d657f6f0b2dcef0d0c9cd1546192 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -Eeuo pipefail | |
| # Examples: | |
| # bash lint-github-actions.sh .github/workflows | |
| # bash lint-github-actions.sh .github/workflows/auto-assign.yml | |
| # bash lint-github-actions.sh --fix .github/workflows | |
| # bash lint-github-actions.sh --fix .github/workflows/auto-assign.yml | |
| is_fix_mode=false | |
| if [[ "${1:-}" == "--fix" ]]; then | |
| is_fix_mode=true | |
| shift | |
| fi | |
| TARGET_PATH="${1:-}" | |
| if [[ -z "${TARGET_PATH}" ]]; then | |
| echo "Usage: $0 [--fix] <target_path>" >&2 | |
| exit 1 | |
| fi | |
| if [[ ! -d "${TARGET_PATH}" && ! -f "${TARGET_PATH}" ]]; then | |
| echo "Target path not found: ${TARGET_PATH}" >&2 | |
| exit 1 | |
| fi | |
| run_check() { | |
| local name="$1" | |
| shift | |
| echo | |
| echo "== ${name} ==" | |
| if "$@"; then | |
| return 0 | |
| fi | |
| return 1 | |
| } | |
| run_actionlint() { | |
| if [[ -f "${TARGET_PATH}" ]]; then | |
| actionlint "${TARGET_PATH}" | |
| return 0 | |
| fi | |
| local workflow_files=() | |
| while IFS= read -r workflow_file; do | |
| workflow_files+=("${workflow_file}") | |
| done < <(find "${TARGET_PATH}" -type f \( -name '*.yml' -o -name '*.yaml' \) | sort) | |
| if [[ "${#workflow_files[@]}" -eq 0 ]]; then | |
| echo "No workflow files found: ${TARGET_PATH}" >&2 | |
| return 1 | |
| fi | |
| actionlint "${workflow_files[@]}" | |
| } | |
| main() { | |
| local exit_status=0 | |
| if [[ "${is_fix_mode}" == "true" ]]; then | |
| echo "Running safe auto-fix with zizmor..." | |
| zizmor --fix=safe --no-progress "${TARGET_PATH}" || true | |
| fi | |
| run_check "ghalint" ghalint run "${TARGET_PATH}" || exit_status=1 | |
| run_check "zizmor" zizmor --no-progress "${TARGET_PATH}" || exit_status=1 | |
| run_check "actionlint" run_actionlint || exit_status=1 | |
| if [[ "${exit_status}" -ne 0 ]]; then | |
| echo | |
| echo "Static analysis failed for GitHub Actions." >&2 | |
| exit "${exit_status}" | |
| fi | |
| echo | |
| echo "All GitHub Actions checks passed." | |
| } | |
| main "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment