Skip to content
Lint

Bootstrap org-wide defaults: community health, AI-agent policy, reusable workflows #4

Sign in to view logs

Bootstrap org-wide defaults: community health, AI-agent policy, reusable workflows

Bootstrap org-wide defaults: community health, AI-agent policy, reusable workflows #4

Workflow file for this run

.github/workflows/lint.yml at 803b732
# CI for nyuchitech/.github itself.
#
# Two tiers:
#
# BLOCKING: actionlint and JSON validity. These catch real bugs
# (broken workflow syntax, unparseable JSON) that would ship to
# every consuming repo. They must pass before merge.
#
# ADVISORY: prettier, markdownlint, yamllint. Style and formatting
# concerns. They post inline PR review suggestions but do NOT fail
# the build. Developers decide which suggestions to apply.
#
# Only the BLOCKING job names belong in required-status-checks.
name: Lint
on:
pull_request:
push:
branches: [main]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
permissions:
contents: read
jobs:
# ---- BLOCKING ----------------------------------------------------------
actionlint:
name: actionlint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download actionlint
id: get_actionlint
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.7.4/scripts/download-actionlint.bash) 1.7.4
shell: bash
- name: Lint workflows and starter templates
run: |
${{ steps.get_actionlint.outputs.executable }} -color \
.github/workflows/*.yml \
workflow-templates/*.yml
shell: bash
jsonlint:
name: JSON validity
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate every *.json file
run: |
set -euo pipefail
status=0
while IFS= read -r -d '' file; do
if ! python3 -c "import json,sys; json.load(open(sys.argv[1]))" "$file"; then
echo "::error file=$file::invalid JSON"
status=1
fi
done < <(find . -name '*.json' -not -path './node_modules/*' -print0)
exit "$status"
# ---- ADVISORY ----------------------------------------------------------
# The three jobs below run their tools in --fix / --write mode, then
# reviewdog/action-suggester picks up the resulting diff and posts it
# as inline PR review suggestions that the developer can click to
# apply or dismiss. fail_on_error: false ensures the job never blocks
# the merge.
prettier:
name: prettier (advisory)
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install Prettier
run: npm install --global [email protected]
- name: Run prettier --write
run: prettier --write "**/*.{md,mdx,json,jsonc}" || true
- name: Post suggestions on PR
if: github.event_name == 'pull_request'
uses: reviewdog/action-suggester@v1
with:
tool_name: prettier
level: warning
fail_on_error: false
markdownlint:
name: markdownlint (advisory)
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run markdownlint with --fix
uses: DavidAnson/markdownlint-cli2-action@v18
with:
globs: |
**/*.md
!**/node_modules/**
fix: true
continue-on-error: true
- name: Post suggestions on PR
if: github.event_name == 'pull_request'
uses: reviewdog/action-suggester@v1
with:
tool_name: markdownlint
level: warning
fail_on_error: false
yamllint:
name: yamllint (advisory)
runs-on: ubuntu-latest
continue-on-error: true
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: Install yamllint
run: pip install "yamllint==1.35.1"
- name: Run yamllint (annotations only)
# `-f github` emits warnings as GitHub Actions workflow
# annotations, which appear inline in the PR Files tab and in
# the check summary. Combined with continue-on-error: true at
# the job level, this surfaces issues without blocking.
run: yamllint -f github .