Awesome/awesome-copilot
1
0
Fork 0
mirror of https://github.com/github/awesome-copilot.git synced 2026-02-24 20:35:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Combine workflow CI checks into single multi-job workflow

Browse Source 
Merges the two separate action workflows (block-workflow-yaml.yml and
validate-agentic-workflows.yml) into a single validate-agentic-workflows-pr.yml
with two jobs: check-forbidden-files runs first, then compile-workflows
runs only if the file check passes.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Bruno Borges
2026-02-20 16:03:07 -08:00
parent e470afe0cb
commit f058d7cd44
3 changed files with 125 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
.github/workflows/block-workflow-yaml.yml vendored
View File

@@ -1,64 +0,0 @@
name: Block Forbidden Workflow Contribution Files
on:
pull_request:
branches: [staged]
types: [opened, synchronize, reopened]
paths:
- "workflows/**"
permissions:
contents: read
pull-requests: write
jobs:
check-forbidden-files:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check for forbidden files in workflows/
id: check
run: |
# Check for YAML/lock files in workflows/ and any .github/ modifications
forbidden=$(git diff --name-only --diff-filter=ACM origin/${{ github.base_ref }}...HEAD -- \
'workflows/**/*.yml' \
'workflows/**/*.yaml' \
'workflows/**/*.lock.yml' \
'.github/*' \
'.github/**')
if [ -n "$forbidden" ]; then
echo "❌ Forbidden files detected:"
echo "$forbidden"
echo "files<<EOF" >> "$GITHUB_OUTPUT"
echo "$forbidden" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
exit 1
else
echo "✅ No forbidden files found in workflows/"
fi
- name: Comment on PR
if: failure()
uses: marocchino/sticky-pull-request-comment@v2
with:
header: workflow-forbidden-files
message: |
## 🚫 Forbidden files in `workflows/`
Only `.md` markdown files are accepted in the `workflows/` directory. The following are **not allowed**:
- Compiled workflow files (`.yml`, `.yaml`, `.lock.yml`) — could contain untrusted Actions code
- `.github/` modifications — workflow contributions must not modify repository configuration
**Files that must be removed:**
```
${{ steps.check.outputs.files }}
```
Contributors provide the workflow **source** (`.md`) only. Compilation happens downstream via `gh aw compile`.
Please remove these files and push again.

125
.github/workflows/validate-agentic-workflows-pr.yml vendored Normal file
View File

@@ -0,0 +1,125 @@
name: Validate Agentic Workflow Contributions
on:
pull_request:
branches: [staged]
types: [opened, synchronize, reopened]
paths:
- "workflows/**"
permissions:
contents: read
pull-requests: write
jobs:
check-forbidden-files:
name: Block forbidden files
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check for forbidden files
id: check
run: |
# Check for YAML/lock files in workflows/ and any .github/ modifications
forbidden=$(git diff --name-only --diff-filter=ACM origin/${{ github.base_ref }}...HEAD -- \
'workflows/**/*.yml' \
'workflows/**/*.yaml' \
'workflows/**/*.lock.yml' \
'.github/*' \
'.github/**')
if [ -n "$forbidden" ]; then
echo "❌ Forbidden files detected:"
echo "$forbidden"
echo "files<<EOF" >> "$GITHUB_OUTPUT"
echo "$forbidden" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
exit 1
else
echo "✅ No forbidden files found"
fi
- name: Comment on PR
if: failure()
uses: marocchino/sticky-pull-request-comment@v2
with:
header: workflow-forbidden-files
message: |
## 🚫 Forbidden files in `workflows/`
Only `.md` markdown files are accepted in the `workflows/` directory. The following are **not allowed**:
- Compiled workflow files (`.yml`, `.yaml`, `.lock.yml`) — could contain untrusted Actions code
- `.github/` modifications — workflow contributions must not modify repository configuration
**Files that must be removed:**
```
${{ steps.check.outputs.files }}
```
Contributors provide the workflow **source** (`.md`) only. Compilation happens downstream via `gh aw compile`.
Please remove these files and push again.
compile-workflows:
name: Compile and validate
needs: check-forbidden-files
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install gh-aw CLI
uses: github/gh-aw/actions/setup-cli@main
- name: Compile workflow files
id: compile
run: |
exit_code=0
found=0
# Find all .md files directly in workflows/
for workflow_file in workflows/*.md; do
[ -f "$workflow_file" ] || continue
found=$((found + 1))
echo "::group::Compiling $workflow_file"
if gh aw compile --validate "$workflow_file"; then
echo "✅ $workflow_file compiled successfully"
else
echo "❌ $workflow_file failed to compile"
exit_code=1
fi
echo "::endgroup::"
done
if [ "$found" -eq 0 ]; then
echo "No workflow .md files found to validate."
else
echo "Validated $found workflow file(s)."
fi
echo "status=$( [ $exit_code -eq 0 ] && echo success || echo failure )" >> "$GITHUB_OUTPUT"
exit $exit_code
- name: Comment on PR if compilation failed
if: failure()
uses: marocchino/sticky-pull-request-comment@v2
with:
header: workflow-validation
message: |
## ❌ Agentic Workflow compilation failed
One or more workflow files in `workflows/` failed to compile with `gh aw compile --validate`.
Please fix the errors and push again. You can test locally with:
```bash
gh extension install github/gh-aw
gh aw compile --validate <your-workflow-file>.md
```
See the [Agentic Workflows documentation](https://github.github.com/gh-aw) for help.

71
.github/workflows/validate-agentic-workflows.yml vendored
View File

@@ -1,71 +0,0 @@
name: Validate Agentic Workflows
on:
pull_request:
branches: [staged]
types: [opened, synchronize, reopened]
paths:
- "workflows/**"
permissions:
contents: read
pull-requests: write
jobs:
validate-workflows:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install gh-aw CLI
uses: github/gh-aw/actions/setup-cli@main
- name: Find and compile workflow files
id: compile
run: |
exit_code=0
found=0
# Find all .md files directly in workflows/
for workflow_file in workflows/*.md; do
[ -f "$workflow_file" ] || continue
found=$((found + 1))
echo "::group::Compiling $workflow_file"
if gh aw compile --validate "$workflow_file"; then
echo "✅ $workflow_file compiled successfully"
else
echo "❌ $workflow_file failed to compile"
exit_code=1
fi
echo "::endgroup::"
done
if [ "$found" -eq 0 ]; then
echo "No workflow .md files found to validate."
else
echo "Validated $found workflow file(s)."
fi
echo "status=$( [ $exit_code -eq 0 ] && echo success || echo failure )" >> "$GITHUB_OUTPUT"
exit $exit_code
- name: Comment on PR if compilation failed
if: failure()
uses: marocchino/sticky-pull-request-comment@v2
with:
header: workflow-validation
message: |
## ❌ Agentic Workflow compilation failed
One or more workflow files in `workflows/` failed to compile with `gh aw compile --validate`.
Please fix the errors and push again. You can test locally with:
```bash
gh extension install github/gh-aw
gh aw compile --validate <your-workflow-file>.md
```
See the [Agentic Workflows documentation](https://github.github.com/gh-aw) for help.