feat(): add a linter for github actions workflows (#7178)

Co-authored-by: John Joyce <john@acryl.io>
2025-11-03 12:16:10 +00:00 · 2023-01-30 16:13:41 -05:00 · 2023-01-30 16:13:41 -05:00 · 7e869cd1d6
commit 7e869cd1d6
parent b4114c6499
3 changed files with 42 additions and 62 deletions
--- a/.github/workflows/docker-ingestion-smoke.yml
+++ b/.github/workflows/docker-ingestion-smoke.yml
@ -48,9 +48,6 @@ jobs:
    name: Build and Push Docker Image to Docker Hub
    runs-on: ubuntu-latest
    needs: setup
-    outputs:
-      image_tag: ${{ steps.docker_meta.outputs.tags }}
-      image_name: ${{ env.IMAGE }}
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
--- a/.github/workflows/docker-unified.yml
+++ b/.github/workflows/docker-unified.yml
@ -63,9 +63,6 @@ jobs:
    name: Build and Push DataHub GMS Docker Image
    runs-on: ubuntu-latest
    needs: setup
-    outputs:
-      image_tag: ${{ steps.docker_meta.outputs.tags }}
-      image_name: ${{ env.DATAHUB_GMS_IMAGE }}
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
@ -109,25 +106,21 @@ jobs:
          TRIVY_OFFLINE_SCAN: true
        with:
          image-ref: ${{ env.DATAHUB_GMS_IMAGE }}:${{ needs.setup.outputs.unique_tag }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH"
          ignore-unfixed: true
-          vuln-type: "os,library"          
+          vuln-type: "os,library"
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
-          sarif_file: 'trivy-results.sarif'
-
+          sarif_file: "trivy-results.sarif"

  mae_consumer_build:
    name: Build and Push DataHub MAE Consumer Docker Image
    runs-on: ubuntu-latest
    needs: setup
-    outputs:
-      image_tag: ${{ steps.docker_meta.outputs.tags }}
-      image_name: ${{ env.DATAHUB_MAE_CONSUMER_IMAGE }}
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
@ -171,25 +164,21 @@ jobs:
          TRIVY_OFFLINE_SCAN: true
        with:
          image-ref: ${{ env.DATAHUB_MAE_CONSUMER_IMAGE }}:${{ needs.setup.outputs.unique_tag }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH"
          ignore-unfixed: true
          vuln-type: "os,library"
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
-          sarif_file: 'trivy-results.sarif'
-
+          sarif_file: "trivy-results.sarif"

  mce_consumer_build:
    name: Build and Push DataHub MCE Consumer Docker Image
    runs-on: ubuntu-latest
    needs: setup
-    outputs:
-      image_tag: ${{ steps.docker_meta.outputs.tags }}
-      image_name: ${{ env.DATAHUB_MCE_CONSUMER_IMAGE }}
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
@ -233,25 +222,21 @@ jobs:
          TRIVY_OFFLINE_SCAN: true
        with:
          image-ref: ${{ env.DATAHUB_MCE_CONSUMER_IMAGE }}:${{ needs.setup.outputs.unique_tag }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH"
          ignore-unfixed: true
          vuln-type: "os,library"
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
-          sarif_file: 'trivy-results.sarif'
-
+          sarif_file: "trivy-results.sarif"

  datahub_upgrade_build:
    name: Build and Push DataHub Upgrade Docker Image
    runs-on: ubuntu-latest
    needs: setup
-    outputs:
-      image_tag: ${{ steps.docker_meta.outputs.tags }}
-      image_name: ${{ env.DATAHUB_UPGRADE_IMAGE }}
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
@ -295,24 +280,21 @@ jobs:
          TRIVY_OFFLINE_SCAN: true
        with:
          image-ref: ${{ env.DATAHUB_UPGRADE_IMAGE }}:${{ needs.setup.outputs.unique_tag }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH"
          ignore-unfixed: true
          vuln-type: "os,library"
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: "trivy-results.sarif"

  frontend_build:
    name: Build and Push DataHub Frontend Docker Image
    runs-on: ubuntu-latest
    needs: setup
-    outputs:
-      image_tag: ${{ steps.docker_meta.outputs.tags }}
-      image_name: ${{ env.DATAHUB_FRONTEND_IMAGE }}
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
@ -358,24 +340,21 @@ jobs:
          TRIVY_OFFLINE_SCAN: true
        with:
          image-ref: ${{ env.DATAHUB_FRONTEND_IMAGE }}:${{ needs.setup.outputs.unique_tag }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH"
          ignore-unfixed: true
          vuln-type: "os,library"
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: "trivy-results.sarif"

  kafka_setup_build:
    name: Build and Push DataHub Kafka Setup Docker Image
    runs-on: ubuntu-latest
    needs: setup
-    outputs:
-      image_tag: ${{ steps.docker_meta.outputs.tags }}
-      image_name: ${{ env.DATAHUB_KAFKA_SETUP_IMAGE }}
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
@ -398,9 +377,6 @@ jobs:
    name: Build and Push DataHub MySQL Setup Docker Image
    runs-on: ubuntu-latest
    needs: setup
-    outputs:
-      image_tag: ${{ steps.docker_meta.outputs.tags }}
-      image_name: ${{ env.DATAHUB_MYSQL_SETUP_IMAGE }}
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
@ -423,9 +399,6 @@ jobs:
    name: Build and Push DataHub Elasticsearch Setup Docker Image
    runs-on: ubuntu-latest
    needs: setup
-    outputs:
-      image_tag: ${{ steps.docker_meta.outputs.tags }}
-      image_name: ${{ env.DATAHUB_ELASTIC_SETUP_IMAGE }}
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
@ -450,11 +423,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        test_strategy: [
-          "no_cypress", 
-          "cypress_suite1",
-          "cypress_rest"
-        ]
+        test_strategy: ["no_cypress", "cypress_suite1", "cypress_rest"]
    needs:
      [
        setup,
@ -477,7 +446,7 @@ jobs:
      - uses: actions/setup-python@v4
        with:
          python-version: "3.7"
-          cache: 'pip'
+          cache: "pip"
      - name: Install dependencies
        run: ./metadata-ingestion/scripts/install_deps.sh
      - name: Build datahub cli
--- a/.github/workflows/lint-actions.yml
+++ b/.github/workflows/lint-actions.yml
@ -0,0 +1,14 @@
+name: Lint actions
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/**'
+
+jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: reviewdog/action-actionlint@v1
+        with:
+          reporter: github-pr-review