add actionlint and fix GHA issues

gruebel · gruebel · commit e4497d16c99b · 2023-09-24T21:07:55.000+02:00
diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml
@@ -19,12 +19,12 @@ jobs:
           git config --local user.name "GitHub Action"
           git fetch --tags
           git pull origin master
-          latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
+          latest_tag=$(git describe --tags "$(git rev-list --tags --max-count=1)")
           echo "latest tag: $latest_tag"
-          new_tag=$(echo $latest_tag | awk -F. -v a="$1" -v b="$2" -v c="$3" '{printf("%d.%d.%d", $1+a, $2+b , $3+1)}')
+          new_tag=$(echo "$latest_tag" | awk -F. -v a="$1" -v b="$2" -v c="$3" '{printf("%d.%d.%d", $1+a, $2+b , $3+1)}')
           echo "new tag: $new_tag"
 
-          printf "# pylint: disable=missing-module-docstring\n__version__ = \"$new_tag\"\n""" > $version_file
+          printf "# pylint: disable=missing-module-docstring\n__version__ = \"%s\"\n""" "$new_tag" > $version_file
 
           git commit -m "Bump to ${new_tag}"  $version_file || echo "No changes to commit"
           git push origin
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -78,9 +78,9 @@ jobs:
           pip install policy_sentry -U
           git fetch origin
           git checkout --track origin/master
-          latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
+          latest_tag=$(git describe --tags "$(git rev-list --tags --max-count=1)")
           echo "latest tag: $latest_tag"
-          git pull origin $latest_tag
+          git pull origin "$latest_tag"
           poet -f policy_sentry > HomebrewFormula/policy_sentry.rb
           git add .
           git commit -m "update brew formula" policy_sentry/bin/cli.py HomebrewFormula/policy_sentry.rb || echo "No brew changes to commit"
@@ -102,12 +102,12 @@ jobs:
           git config --local user.name "GitHub Action"
           git fetch --tags
           git pull origin master
-          latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
+          latest_tag=$(git describe --tags "$(git rev-list --tags --max-count=1)")
           echo "latest tag: $latest_tag"
-          new_tag=$(echo $latest_tag | awk -F. -v a="$1" -v b="$2" -v c="$3" '{printf("%d.%d.%d", $1+a, $2+b , $3+1)}')
+          new_tag=$(echo "$latest_tag" | awk -F. -v a="$1" -v b="$2" -v c="$3" '{printf("%d.%d.%d", $1+a, $2+b , $3+1)}')
           echo "new tag: $new_tag"
 
-          printf "# pylint: disable=missing-module-docstring\n__version__ = '$new_tag'""" > $version_file
+          printf "# pylint: disable=missing-module-docstring\n__version__ = '%s'""" "$new_tag" > $version_file
 
           git commit -m "Bump to ${new_tag}"  $version_file || echo "No changes to commit"
           git push origin
diff --git a/.github/workflows/python-dependency-updater.yml b/.github/workflows/python-dependency-updater.yml
@@ -21,5 +21,5 @@ jobs:
         run: |
           pip install pyupio
           pip install -r requirements.txt
-          default_branch=`git remote show origin | grep 'HEAD branch' | cut -d' ' -f5`
-          pyup --provider github --provider_url https://api.github.com --repo=$GITHUB_REPOSITORY --user-token=${{ secrets.PYUP_GITHUB_ACCESS_TOKEN }} --branch $default_branch
+          default_branch=$(git remote show origin | grep 'HEAD branch' | cut -d' ' -f5)
+          pyup --provider github --provider_url https://api.github.com --repo="$GITHUB_REPOSITORY" --user-token=${{ secrets.PYUP_GITHUB_ACCESS_TOKEN }} --branch "$default_branch"
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
@@ -19,16 +19,16 @@ jobs:
       - name: install dependencies
         run: pip install requests schema PyYAML click click_log beautifulsoup4
       - name: install policy_sentry
-        run: echo "PYTHONPATH=$(pwd)" >> $GITHUB_ENV
+        run: echo "PYTHONPATH=$(pwd)" >> "$GITHUB_ENV"
       - name: Run initialize
         run: |
           python .github/scripts/update_data.py
           if [[ $(du -m /tmp/.policy_sentry/iam-definition.json | cut -f1) -lt 3 ]]; then
             echo "File size is less than 3 MB, something is wrong with this update"
             exit 1
           fi
-          cp -f /tmp/.policy_sentry/iam-definition.json $(pwd)/policy_sentry/shared/data/iam-definition.json
-          cp -rf /tmp/.policy_sentry/data/docs $(pwd)/policy_sentry/shared/data/
+          cp -f /tmp/.policy_sentry/iam-definition.json "$(pwd)/policy_sentry/shared/data/iam-definition.json"
+          cp -rf /tmp/.policy_sentry/data/docs "$(pwd)/policy_sentry/shared/data/"
       - name: Set outputs
         id: vars
         run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,4 +1,8 @@
 repos:
+  - repo: https://github.com/rhysd/actionlint
+    rev: v1.6.26
+    hooks:
+      - id: actionlint-docker
   - repo: https://github.com/antonbabenko/pre-commit-terraform
     rev: v1.83.3
     hooks:
