This action runs Repolinter. This fork extends the original repolinter-action by allowing users to automatically create Pull Requests that fix compliance issues. When Repolinter detects missing files or required content, it creates a Pull Request with the necessary files and content based on templates defined in your repolinter configuration. To enable this feature, your repolinter rules must include file-name
and file-content
fields within the options object to specify the target file and its template content.
Currently, only sending PR's are available in this action. If you would like to send an Issue rather than a PR, use the original repolinter-action. We plan to support both.
- uses: DSACMS/repolinter-actions@main
with:
# The directory Repolinter should run against. Accepts an absolute path
# or a path relative to $GITHUB_WORKSPACE.
#
# Defaults to $GITHUB_WORKSPACE.
directory: ''
# A path to the JSON/YAML Repolinter ruleset to use, relative to the workflow
# working directory (i.e. under `$GITHUB_WORKSPACE`).
#
# This option is mutually exclusive with config_url. If this option and
# config_url are not specified, Repolinter's default ruleset will be used.
config_file: ''
# A URL to pull the JSON/YAML Repolinter ruleset from. This URL must be accessible
# by the actions runner and return raw JSON file on GET.
#
# This option can be used to pull a ruleset from GitHub using the
# raw.githubusercontent.com URL (ex. https://raw.githubusercontent.com/aperture-science-incorporated/.github/master/repolinter-newrelic-communityplus.json).
#
# This option is mutually exclusive with config_file. If this option and
# config_file are not specified, Repolinter's default ruleset will be used.
config_url: ''
# Where repolinter-action should put the linting results. There are two
# options available:
# * "exit-code": repolinter-action will print the lint output to the console
# and set the exit code to result.passed. This output type is most useful for
# PR status checks.
# * "issue": repolinter-action will create a GitHub issue on the current
# repository with the repolinter output and always exit 0. See the README for
# more details on issue outputting behavior. This output type is ideal for
# non-intrusive notification.
# * "pull-request": repolinter-action will send a PR with the neccessary changes
# based on the repolinter configuration. This output type is ideal for repo owners
# who want comprehensive compliance.
#
# Default: "exit-code"
output_type: ''
# The title to use for the issue created by repolinter-action. This title
# should indicate the purpose of the issue, as well as that it was created by
# a bot.
#
# This option will be ignored if output_type != "issue".
#
# Default: "[Repolinter] Open Source Policy Issues"
output_name: ''
# The name to use for the issue label created by repolinter-action. This name
# should be unique to repolinter-action (i.e. not used by any other issue) to
# prevent repolinter-action from getting confused.
#
# This option will be ignored if output_type != "issue".
#
# Default: "repolinter"
label_name: ''
# The color to use for the issue label created by repolinter-action. The value
# for this option should be an unprefixed RRGGBB hex string (ex. ff568a).
# The default value is a shade of yellow.
#
# This option will be ignored if output_type != "issue".
#
# Default: "fbca04"
label_color: ''
# Personal access token (PAT) used to create an issue on this repository.
# This token is optional and only required if this actions is configured to
# output an issue (see `output_type`). This token must have the `public_repo`
# scope for the current repository in order to work properly.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
#
# Default: ${{ github.token }}
token: ''
# The username associated with the `token` field. Repolinter-action uses
# this value to determine which issues have been created by itself. Prefix
# this value with `app/` if `token` is generated from a GitHub app instead
# of a normal user (see https://docs.github.com/en/github/searching-for-information-on-github/searching-issues-and-pull-requests#search-by-author).
#
# Defaults to the username associated with the `GITHUB_TOKEN` provided by Github
# Actions.
#
# Default: app/github-actions
username: ''
# The repository name and owner, formatted like so: `owner/repository`.
# This input determines which repository repolinter-action will create
# an issue on, if that functionality is enabled.
#
# It is recommended that this option is left as the default value.
#
# Default: ${{ github.repository }}
repository: ''
Key | Type | Description |
---|---|---|
passed |
boolean | A boolean indicating whether or not the ruleset passed, equivalent to LintResult#passed . |
errored |
boolean | A boolean indicating whether or or not any errors occurred when running repolinter-action |
json_output |
string? | The JSON-ified repolinter output from repolinter.jsonFormatter . Will only be present if errored is false. |
To use the PR creation feature, you'll need to modify your repolinter configuration to include two additional fields in the options
object for each rule:
file-name
: Specifies the name of the file to create or updatefile-content
: Defines the template content to be added
"rules": {
"security-file-exists": {
"level": "error",
"rule": {
"type": "file-existence",
"options": {
"globsAny": ["{docs/,.github/,}SECURITY.md"],
"file-name": "SECURITY.md",
"file-content": "# Security Policy\n\n
## Submit a vulnerability: Vulnerability reports can be submitted through Bugcrowd. Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
Review the HHS Disclosure Policy and websites in scope: https://www.hhs.gov/vulnerability-disclosure-policy/index.html."
}
}
},
"readme-contains-about": {
"level": "error",
"rule": {
"type": "file-contents",
"options": {
"globsAll": ["README.md"],
"content": "about",
"flags": "i",
"file-name": "README.md",
"file-content": "\n## About the Project\n\n
This project helps you do amazing things by doing this and then achieving that."
}
}
}
}
The following will run Repolinter and send a PR based on the output when the workflow is manually activated. If the repo is compliant with the repolinter configuration, nothing will be sent otherwise, a PR with the missing files and fields will be sent.
name: 'Create a PR based on validation'
on:
workflow_dispatch: {}
jobs:
repolinter-action:
runs-on: ubuntu-latest
name: Run Repolinter
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: 'Run Repolinter'
uses: DSACMS/repolinter-actions@main
with:
output_type: 'pull-request'
token: ${{ secrets.PERSONAL_ACCESS_TOKEN}}
# The PAT needs full `repo` scope
The following will run Repolinter with the default ruleset on every push to master, and exit with status 1 if the repository does not pass.
name: 'Validate master branch with Repolinter'
on:
push:
branches:
- master
jobs:
repolinter-action:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v2
- name: 'Run Repolinter'
uses: newrelic/repolinter-action@v1
The following will run Repolinter with a remote ruleset on every push to master, and exit with status 1 if the repository does not pass.
name: 'Validate master branch with Repolinter'
on:
push:
branches:
- master
jobs:
repolinter-action:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v2
- name: 'Run Repolinter'
uses: newrelic/repolinter-action@v1
with:
config_url: https://raw.githubusercontent.com/aperture-science-incorporated/.github/master/repolinter-newrelic-communityplus.json
The following will run repolinter with a remote ruleset on every push to master, and open a GitHub issue if the repository does not pass.
name: 'Validate master branch with Repolinter'
on:
push:
branches:
- master
jobs:
# Because the output-type is set to 'issue', this job will always succeed.
repolinter-action:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v2
- name: 'Run Repolinter'
uses: newrelic/repolinter-action@v1
with:
config_url: https://raw.githubusercontent.com/aperture-science-incorporated/.github/master/repolinter-newrelic-communityplus.json
output_type: issue
# Optionally you can customize the issue and label repolinter-action will create
output_name: '[Bot] My Issue Title'
label_name: 'my-repolinter-label'
label_color: 'ffffff'
The following will run repolinter with the default ruleset against aperture-science-incorporated/companion-cube on every push to master of the current repository; if the ruleset does not pass, repolinter-action will open a GitHub issue on companion-cube. Note that a custom personal access token (MY_TOKEN
) and PAT username (my-token-username
) must be specified, as GITHUB_TOKEN
does not have write permission for repositories other than the current one.
name: Apply Repolinter
on:
push:
branches:
- master
jobs:
apply-repolinter:
name: Apply Repolinter Somewhere Else
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v2
with:
repository: aperture-science-incorporated/companion-cube
- name: Run Repolinter
uses: newrelic/repolinter-action@develop
with:
output_type: issue
repository: aperture-science-incorporated/companion-cube
username: my-token-username
token: ${{ secrets.MY_TOKEN }}
if output_type
is set to pull-request
, repolinter-action will create a PR with the Repolinter output on the cirrent repository. An example PR can be found here: #2
Currently, only sending PR's are available in this action. If you would like to send an Issue rather than a PR, use the original repolinter-action. We plan to support both.
If output_type
is set to issue
, repolinter-action will create a GitHub issue with the Repolinter output on the current repository. An example issue can be found here: aperture-science-incorporated/companion-cube#44.
To prevent unnecessary noise, repolinter-action will first attempt to edit an existing open issue before creating a new one. This check is performed every workflow run, and can be emulated using the following GitHub search query:
type:issue repo:<the current repo> creator:<username> label:<label-name> state:open sort:author-date-desc
If no issues are returned by this query, repolinter-action will create a new one. If more than one issue is returned by this query, repolinter-action will edit the first issue in the list (the issue most recently created) and ignore the others.
As GitHub Actions can run many workflows in parallel, repolinter-action runs may happen in a different order than commits occurred. To prevent out-of-order action runs from generating issue noise, repolinter-action will first search the body of the most recently created repolinter-action issue (open or closed) for a magic string containing the GITHUB_RUN_NUMBER
of the last run that updated the issue. If the run number present in the issue is greater than the local GITHUB_RUN_NUMBER
, repolinter-action will assume that its results are out of date and will not modify the issue. If the magic string is invalid, not present, or contains a lower run number, repolinter-action will assume its results are up to date and perform its modifications. This magic string is encoded as follows:
<!-- repolinter-action-workflow-number:<GITHUB_RUN_NUMBER> -->
We encourage your contributions to improve Repolinter Action! Keep in mind when you submit your pull request, you'll need to sign the CLA via the click-through using CLA-Assistant. You only have to sign the CLA one time per project. If you have any questions, or to execute our corporate CLA, required if your contribution is on behalf of a company, please drop us an email at [email protected].
repolinter-action is licensed under the Apache 2.0 License.
This repo also uses source code from third-party libraries. You can find full details on which libraries are used and the terms under which they are licensed in the third-party-notices document.