Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor ♻️: Refactor workflows to include issues and push events, add PR check workflow
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details

Browse Source 
This commit refactors the existing workflows by removing 'pull_request' triggers from ansible-lint and markdown-lint.yml files. It also adds a new workflow file `.gitea/workflows/pr-check-yaml` for performing checks on pull requests.
This commit is contained in:
Jose
2026-02-14 08:35:56 +01:00
parent 8199aabc38
commit 75693ebf2e
4 changed files with 166 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/ansible-lint.yml
View File

@@ -2,7 +2,7 @@
# .gitea/workflows/ansible-lint.yml
name: ansible-lint
on: [pull_request, issues, push]
on: [issues, push]
jobs:
build:

4
.gitea/workflows/gitleaks.yml
View File

@@ -1,9 +1,7 @@
---
name: Gitleaks Scan
on:
push:
pull_request:
on: [issues, push]
jobs:
gitleaks:

2
.gitea/workflows/markdown-lint.yml
View File

@@ -2,7 +2,7 @@
# .gitea/workflows/markdown-lint.yml
name: Markdown Lint
on: [pull_request, issues, push]
on: [issues, push]
jobs:
build:

163
.gitea/workflows/pr-check-yaml Normal file
View File

@@ -0,0 +1,163 @@
# https://github.com/kekxv/pr-check
name: ai-reviews
on:
pull_request:
types: [opened, synchronize]
jobs:
leak_test:
name: Gitleaks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
github-server-url: ${{ vars.GIT_SERVER_URL }}
- name: Install Gitleaks
run: |
curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \
| tar -xz
sudo mv gitleaks /usr/local/bin/
- name: Run Gitleaks
run: |
gitleaks dir . \
--redact=10 \
--verbose \
--exit-code 1
lint_test:
name: lint test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
github-server-url: ${{ vars.GIT_SERVER_URL }}
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Run markdownlint
run: npx markdownlint-cli2 "**/*.md" "#node_modules"
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.14"
- name: Install ansible-lint and yamllint
run: |
python -m pip install --upgrade pip
pip install ansible ansible-lint yamllint
- name: Run yamllint
run: |
yamllint .
- name: Run ansible-lint
run: |
ansible-lint
handle_failures:
runs-on: ubuntu-latest
needs: [leak_test, lint_test]
if: needs.leak_test.result != 'success' || needs.lint_test.result != 'success'
steps:
- name: Comment, label, and close PR
run: |
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
PR="${{ github.event.pull_request.number }}"
TOKEN="${{ secrets.GITEA_TOKEN }}"
COMMENT_BODY="❌ CI checks failed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
# Find existing comment
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
"$API/issues/$PR/comments" \
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
# Update or create comment
if [ -n "$EXISTING_COMMENT_ID" ]; then
curl -s -X PATCH \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
else
curl -s -X POST \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
"$API/issues/$PR/comments"
fi
# Add label if missing
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
if ! echo "$LABELS" | grep -q "^ci-failed$"; then
curl -s -X POST \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d '["ci-failed"]' \
"$API/issues/$PR/labels"
fi
# Close PR
curl -s -X PATCH \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d '{"state":"closed"}' \
"$API/pulls/$PR"
handle_success:
runs-on: ubuntu-latest
needs: [leak_test, lint_test]
if: needs.leak_test.result == 'success' && needs.lint_test.result == 'success'
steps:
- name: Update comment, remove label, reopen PR
run: |
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
PR="${{ github.event.pull_request.number }}"
TOKEN="${{ secrets.GITEA_TOKEN }}"
COMMENT_BODY="✅ All CI checks passed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
# Find existing comment
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
"$API/issues/$PR/comments" \
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
# Update comment if exists
if [ -n "$EXISTING_COMMENT_ID" ]; then
curl -s -X PATCH \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
fi
# Remove label if exists
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
if echo "$LABELS" | grep -q "^ci-failed$"; then
curl -s -X DELETE \
-H "Authorization: token $TOKEN" \
"$API/issues/$PR/labels/ci-failed"
fi
# Reopen PR if closed
PR_STATE=$(curl -s -H "Authorization: token $TOKEN" "$API/pulls/$PR" | jq -r '.state')
if [ "$PR_STATE" = "closed" ]; then
curl -s -X PATCH \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d '{"state":"open"}' \
"$API/pulls/$PR"
fi