Skip to content

WIP: Keywords cleanup and presubmit action #30

WIP: Keywords cleanup and presubmit action

WIP: Keywords cleanup and presubmit action #30

on:
pull_request:
jobs:
verify-keywords:
runs-on: ubuntu-latest
env:
RESULT_OUPUT:
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Verify keywords
shell: bash
id: verify-keywords
run: |
set -e
cd "${GITHUB_WORKSPACE}"
echo 'Verifying allowed keywords ...'
# Don't fail because of grep
set +o pipefail
find ./images -name '*metadata.yaml' | while read -r file; do
if yq eval '.keywords[]' "$file" | grep -voE '(application|base|fips|ai|ai-gpu|stigs|featured)'; then
cat $(echo "$file" has keywords that are not on allow list. Please update.) > output_log.txt
fi
done
- name: Set output variable
shell: bash
id: set-output-var
run: |
echo "RESULT_OUPUT=$(cat output_log.txt)" >> $GITHUB_ENV
- name: Show output variable
shell: bash
id: show-output-var
run: |
echo "${{ env.RESULT_OUPUT }} < RESULT_OUPUT"