Skip to content

WIP: Keywords cleanup and presubmit action #42

WIP: Keywords cleanup and presubmit action

WIP: Keywords cleanup and presubmit action #42

on:
pull_request:
jobs:
verify-keywords:
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Verify keywords
shell: bash
id: verify-keywords
run: |
set -e
cd "${GITHUB_WORKSPACE}"
echo 'Verifying allowed keywords ...'
# Don't fail because of grep
set +o pipefail
find ./images -name '*metadata.yaml' | while read -r file; do
if yq eval '.keywords[]' "$file" | grep -voE '(application|base|fips|ai|ai-gpu|stigs|featured)'; then
echo "$file" has keywords that are not on allow list. Please update.
echo "UPDATES_NEEDED=true" >> $GITHUB_ENV
fi
done
- name: Output result
shell: bash
id: output-result
if: ${{ env.UPDATES_NEEDED }}
run: |
echo ${{ env.UPDATES_NEEDED }}