MokoConsulting/MokoCassiopeia
1
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 1 Activity

Refactor repo_health.yml for improved clarity

Browse Source 
Updated variable references and descriptions in the workflow file.

Signed-off-by: Jonathan Miller <jmiller2979@gmail.com>
This commit is contained in:
Jonathan Miller
2026-01-03 13:07:04 -06:00
committed by GitHub
parent 8f1153799e
commit f008cdef02
1 changed files with 22 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
.github/workflows/repo_health.yml vendored
View File

@@ -29,7 +29,7 @@ on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
profile: profile:
description: Which configuration profile to validate. release checks SFTP variables used by release pipeline. scripts checks baseline script prerequisites. repo runs repository health only. all runs release, scripts, and repo health. description: Which configuration profile to validate. release checks SFTP variables used by release pipeline. scripts checks baseline script prerequisites. repo runs repository health only. al[...]
required: true required: true
default: all default: all
type: choice type: choice
@@ -82,6 +82,13 @@ env:
# Operational toggles # Operational toggles
SFTP_VERBOSE: "false" SFTP_VERBOSE: "false"
# File / directory variables (moved to top-level env)
DOCS_INDEX: docs/docs-index.md
SCRIPT_DIR: scripts
WORKFLOWS_DIR: .github/workflows
SHELLCHECK_PATTERN: '*.sh'
SPDX_FILE_GLOBS: '*.sh,*.php,*.js,*.ts,*.css,*.xml,*.yml,*.yaml'
jobs: jobs:
access_check: access_check:
name: Access control name: Access control
@@ -417,7 +424,7 @@ jobs:
exit 0 exit 0
fi fi
if [ ! -d scripts ]; then if [ ! -d "${SCRIPT_DIR}" ]; then
{ {
printf '%s\n' '### Scripts governance' printf '%s\n' '### Scripts governance'
printf '%s\n' 'Status: OK (advisory)' printf '%s\n' 'Status: OK (advisory)'
@@ -445,7 +452,7 @@ jobs:
[ "${d%/}" = "${a_norm}" ] && allowed=true [ "${d%/}" = "${a_norm}" ] && allowed=true
done done
[ "${allowed}" = false ] && unapproved_dirs+=("${d%/}/") [ "${allowed}" = false ] && unapproved_dirs+=("${d%/}/")
done < <(find scripts -maxdepth 1 -mindepth 1 -type d 2>/dev/null | sed 's#^\./##') done < <(find "${SCRIPT_DIR}" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | sed 's#^\./##')
{ {
printf '%s\n' '### Scripts governance' printf '%s\n' '### Scripts governance'
@@ -682,8 +689,8 @@ jobs:
fi fi
# Workflow pinning advisory: flag uses @main/@master # Workflow pinning advisory: flag uses @main/@master
if ls .github/workflows/*.yml >/dev/null 2>&1; then if ls "${WORKFLOWS_DIR}"/*.yml >/dev/null 2>&1 || ls "${WORKFLOWS_DIR}"/*.yaml >/dev/null 2>&1; then
bad_refs="$(grep -RIn --include='*.yml' --include='*.yaml' -E '^[[:space:]]*uses:[[:space:]]*[^#]+@(main|master)\b' .github/workflows 2>/dev/null || true)" bad_refs="$(grep -RIn --include='*.yml' --include='*.yaml' -E '^[[:space:]]*uses:[[:space:]]*[^#]+@(main|master)\b' "${WORKFLOWS_DIR}" 2>/dev/null || true)"
if [ -n "${bad_refs}" ]; then if [ -n "${bad_refs}" ]; then
extended_findings+=("Workflows reference actions @main/@master (pin versions): see log excerpt") extended_findings+=("Workflows reference actions @main/@master (pin versions): see log excerpt")
{ {
@@ -698,12 +705,12 @@ jobs:
fi fi
# Docs index link integrity (docs/docs-index.md) # Docs index link integrity (docs/docs-index.md)
if [ -f 'docs/docs-index.md' ]; then if [ -f "${DOCS_INDEX}" ]; then
missing_links="$(python3 - <<'PY' missing_links="$(python3 - <<'PY'
import os import os
import re import re
idx = 'docs/docs-index.md' idx = os.environ.get('DOCS_INDEX', 'docs/docs-index.md')
base = os.getcwd() base = os.getcwd()
bad = [] bad = []
@@ -742,7 +749,7 @@ jobs:
fi fi
# ShellCheck advisory # ShellCheck advisory
if [ -d 'scripts' ]; then if [ -d "${SCRIPT_DIR}" ]; then
if ! command -v shellcheck >/dev/null 2>&1; then if ! command -v shellcheck >/dev/null 2>&1; then
sudo apt-get update -qq sudo apt-get update -qq
sudo apt-get install -y shellcheck >/dev/null sudo apt-get install -y shellcheck >/dev/null
@@ -755,7 +762,7 @@ jobs:
if [ -n "${out_one}" ]; then if [ -n "${out_one}" ]; then
sc_out="${sc_out}${out_one}\n" sc_out="${sc_out}${out_one}\n"
fi fi
done < <(find scripts -type f -name '*.sh' 2>/dev/null | sort) done < <(find "${SCRIPT_DIR}" -type f -name "${SHELLCHECK_PATTERN}" 2>/dev/null | sort)
if [ -n "${sc_out}" ]; then if [ -n "${sc_out}" ]; then
extended_findings+=("ShellCheck warnings detected (advisory)") extended_findings+=("ShellCheck warnings detected (advisory)")
@@ -772,12 +779,16 @@ jobs:
# SPDX header advisory for common source types # SPDX header advisory for common source types
spdx_missing=() spdx_missing=()
IFS=',' read -r -a spdx_globs <<< "${SPDX_FILE_GLOBS}"
spdx_args=()
for g in "${spdx_globs[@]}"; do spdx_args+=("${g}"); done
while IFS= read -r f; do while IFS= read -r f; do
[ -z "${f}" ] && continue [ -z "${f}" ] && continue
if ! head -n 40 "${f}" | grep -q 'SPDX-License-Identifier:'; then if ! head -n 40 "${f}" | grep -q 'SPDX-License-Identifier:'; then
spdx_missing+=("${f}") spdx_missing+=("${f}")
fi fi
done < <(git ls-files '*.sh' '*.php' '*.js' '*.ts' '*.css' '*.xml' '*.yml' '*.yaml' 2>/dev/null || true) done < <(git ls-files "${spdx_args[@]}" 2>/dev/null || true)
if [ "${#spdx_missing[@]}" -gt 0 ]; then if [ "${#spdx_missing[@]}" -gt 0 ]; then
extended_findings+=("SPDX header missing in some tracked files (advisory)") extended_findings+=("SPDX header missing in some tracked files (advisory)")
@@ -791,7 +802,7 @@ jobs:
# Git hygiene advisory: branches older than 180 days (remote) # Git hygiene advisory: branches older than 180 days (remote)
stale_cutoff_days=180 stale_cutoff_days=180
stale_branches="$(git for-each-ref --format='%(refname:short) %(committerdate:unix)' refs/remotes/origin 2>/dev/null | awk -v now="$(date +%s)" -v days="${stale_cutoff_days}" '{if (now-$2 > days*86400) print $1}' | sed 's#^origin/##' | grep -v '^HEAD$' | head -n 50 || true)" stale_branches="$(git for-each-ref --format='%(refname:short) %(committerdate:unix)' refs/remotes/origin 2>/dev/null | awk -v now="$(date +%s)" -v days="${stale_cutoff_days}" '{if (now-$2 [...]
if [ -n "${stale_branches}" ]; then if [ -n "${stale_branches}" ]; then
extended_findings+=("Stale remote branches detected (advisory)") extended_findings+=("Stale remote branches detected (advisory)")
{ {