[DRAFT] Add a base setup for resource access evaluation and adds a sample plugin #838
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code Hygiene | |
on: [push, pull_request] | |
jobs: | |
linelint: | |
runs-on: ubuntu-latest | |
name: Check if all files end in newline | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Linelint | |
uses: fernandrone/linelint@0.0.6 | |
spotless: | |
runs-on: ubuntu-latest | |
name: Spotless scan | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: 21 | |
- uses: gradle/gradle-build-action@v3 | |
with: | |
cache-disabled: true | |
arguments: spotlessCheck | |
checkstyle: | |
runs-on: ubuntu-latest | |
name: Checkstyle scan | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: 21 | |
- uses: gradle/gradle-build-action@v3 | |
with: | |
cache-disabled: true | |
arguments: checkstyleMain checkstyleTest checkstyleIntegrationTest | |
spotbugs: | |
runs-on: ubuntu-latest | |
name: Spotbugs scan | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: 21 | |
- uses: gradle/gradle-build-action@v3 | |
with: | |
cache-disabled: true | |
arguments: spotbugsMain | |
check-permissions-order: | |
runs-on: ubuntu-latest | |
name: Check permissions orders | |
steps: | |
- uses: actions/checkout@v4 | |
- run: npm install yaml | |
- name: Check permissions order | |
run: | | |
exclude_pattern="(^|/)roles_invalidxcontent.yml($|/) | |
(^|/)invalid_config/config.yml($|/)" | |
# Set pattern to exclude certain files | |
set -e | |
exit_code=0 | |
for file in $(find . -name '*.yml' | grep -Ev "$exclude_pattern"); do | |
if ! node check-permissions-order.js "$file" --slient; then | |
exit_code=1 | |
echo "Error: $file requires changes. Run the following command to fix:" | |
echo "node check-permissions-order.js $file --fix" | |
fi | |
done | |
exit $exit_code |