feat(ci): make shellcheck mandatory — .shellcheckrc, fix 24 violations, add CI gates #126
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple labeler workflow that doesn't require label creation permissions | |
| name: Simple Labeler | |
| on: | |
| pull_request: | |
| types: [opened, edited, synchronize] | |
| jobs: | |
| label: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| fetch-depth: 0 | |
| - name: Apply labels based on changed files | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| echo "Analyzing changed files in PR #${{ github.event.number }}" | |
| git fetch origin "${{ github.base_ref }}" --depth=1 | |
| git diff --name-only "origin/${{ github.base_ref }}"...HEAD > changed_files.txt | |
| echo "Changed files:" | |
| cat changed_files.txt | |
| echo "" | |
| add_label() { | |
| local label="$1" | |
| echo "Attempting to add label: $label" | |
| gh pr edit ${{ github.event.number }} --add-label "$label" 2>/dev/null && \ | |
| echo "Added label: $label" || \ | |
| echo "Could not add label '$label' (may not exist in repository)" | |
| } | |
| if grep -E '\.(md|txt)$|README|SECURITY|LICENSE' changed_files.txt; then | |
| add_label "documentation" | |
| fi | |
| if grep -E '^(main\.go|cmd/|policies/|sql/)' changed_files.txt; then | |
| add_label "cli" | |
| fi | |
| if grep -E '^ansible/' changed_files.txt; then | |
| add_label "ansible" | |
| fi | |
| if grep -E '^scripts/|install\.|setupGo\.sh|uninstall\.sh' changed_files.txt; then | |
| add_label "scripts" | |
| fi | |
| if grep -E '^pkg/(container|docker)/' changed_files.txt; then | |
| add_label "pkg-container" | |
| fi | |
| if grep -E '^pkg/vault/' changed_files.txt; then | |
| add_label "pkg-vault" | |
| fi | |
| if grep -E '^pkg/crypto/' changed_files.txt; then | |
| add_label "pkg-crypto" | |
| fi | |
| if grep -E '^\.github/' changed_files.txt; then | |
| add_label "ci" | |
| fi | |
| if grep -E '^(go\.(mod|sum)|Dockerfile|docker-compose\.yml)$' changed_files.txt; then | |
| add_label "dependencies" | |
| fi | |
| if grep -E '^pkg/' changed_files.txt; then | |
| add_label "pkg-other" | |
| fi | |
| echo "" | |
| echo "Labeling complete!" | |
| rm -f changed_files.txt |