phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-22 22:39:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: update check-workflows-use-hashes to use github error format

Browse source
This commit is contained in:
Mohit Gaur 2025-07-23 16:24:39 +00:00
parent e1ed152779
commit c871c9d0ac
1 changed files with 11 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

20
scripts/check-workflows-use-hashes.sh
View file

@ -12,21 +12,23 @@ set -euo pipefail
failed=0 failed=0
# Find all workflow YAML files # Find all workflow YAML files
# Use GitHub Actions error format
# ::error file={name},line={line},col={col}::{message}
for file in $(find .github/workflows/ -type f \( -name "*.yml" -o -name "*.yaml" \)); do for file in $(find .github/workflows/ -type f \( -name "*.yml" -o -name "*.yaml" \)); do
IFS=$'\n' IFS=$'\n'
# Grep for `uses:` lines that look like actions # Get line numbers for each 'uses:'
for line in $(grep -E '^.*uses:[^@]+@[^ ]+' "$file"); do while IFS= read -r match; do
# Extract the ref part after the last @ line_num=$(echo "$match" | cut -d: -f1)
line=$(echo "$match" | cut -d: -f2-)
ref=$(echo "$line" | sed -E 's/.*@([A-Za-z0-9._-]+).*/\1/') ref=$(echo "$line" | sed -E 's/.*@([A-Za-z0-9._-]+).*/\1/')
# Check if ref is a 40-character hex string (full SHA).
#
# Note: strictly speaking, this could also be a tag or branch name, but
# we'd have to pull this info from the remote. Meh.
if ! [[ $ref =~ ^[0-9a-fA-F]{40}$ ]]; then if ! [[ $ref =~ ^[0-9a-fA-F]{40}$ ]]; then
echo "ERROR: $file uses non-SHA action ref: $line" # Output in GitHub Actions annotation format
echo "::error file=$file,line=$line_num::uses non-SHA action ref: $line"
failed=1 failed=1
fi fi
done done < <(grep -n -E '^.*uses:[^@]+@[^ ]+' "$file")
done done
exit $failed exit $failed