.github/workflows/lint.yaml

# Lints the ruletypes and profiles
name: Lint

on:
  push:
    branches:
      - main
  pull_request:

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

      - name: Set up Go
        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
        with:
          check-latest: true

      - name: Lint Rule Types
        run: go run github.com/mindersec/minder/cmd/dev@latest ruletype lint -r rule-types/github --skip-rego

      - name: Ensure rule type release_phase is set
        run: |
          # Directory containing YAML files
          DIRECTORY="rule-types/github"

          # Allowed values for the "release_phase" field
          ALLOWED_VALUES=("alpha" "beta" "ga" "deprecated")

          # Iterate over all YAML files in the directory
          for file in "$DIRECTORY"/*.yaml; do
            echo "Checking file: $file"
          
            # Skip .test.yaml and .test.yml files
            if [[ "$file" == *".test.yaml" ]] || [[ "$file" == *".test.yml" ]]; then
              echo "Skipping test file: $file"
              continue
            fi

            # Extract the value of the "release_phase" field
            release_phase_value=$(yq e '.release_phase' "$file")

            # Check if the "release_phase" field is null or missing
            if [ "$release_phase_value" == "null" ] || [ -z "$release_phase_value" ]; then
              echo "Error: The file '$file' does not have the 'release_phase' field set or it is empty."
              exit 1
            else
              # Validate if the "release_phase" value is one of the allowed values
              is_valid=false
              for allowed_value in "${ALLOWED_VALUES[@]}"; do
                if [ "$release_phase_value" == "$allowed_value" ]; then
                  is_valid=true
                  break
                fi
              done

              if [ "$is_valid" == false ]; then
                echo "Error: The file '$file' has an invalid 'release_phase' value: $release_phase_value"
                echo "       Allowed values are: ${ALLOWED_VALUES[*]}"
                exit 1
              else
                echo "The file '$file' has a valid 'release_phase' field set to: $release_phase_value"
              fi
            fi
          done