fix(container): update image ghcr.io/cross-seed/cross-seed ( 6.13.6 → 6.13.7 ) #8906
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Repository Validation | |
| on: | |
| pull_request: | |
| branches: ["main"] | |
| push: | |
| branches: ["main"] | |
| workflow_dispatch: | |
| jobs: | |
| validate: | |
| name: Repository Validation | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: "3.14" | |
| - name: Install Python dependencies | |
| run: | | |
| pip install pyyaml jsonschema requests | |
| - name: Install yq for YAML processing | |
| uses: mikefarah/yq@751d8ad57b84f1794661bc70c0afb92a22ad7b3c # v4.53.2 | |
| - name: Run comprehensive repository validation | |
| run: | | |
| python3 scripts/validate-repository.py --verbose | |
| - name: Validate specific components | |
| run: | | |
| echo "🔍 Running individual validation checks..." | |
| # Validate kustomization files | |
| python3 scripts/validate-kustomizations.py kubernetes/apps/ | |
| # Validate schema/apiVersion alignment | |
| python3 scripts/validate-schema-alignment.py kubernetes/apps/ | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # master | |
| with: | |
| scan-type: "fs" | |
| scan-ref: "." | |
| format: "sarif" | |
| output: "trivy-results.sarif" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4 | |
| if: always() | |
| with: | |
| sarif_file: "trivy-results.sarif" | |
| documentation: | |
| name: Documentation Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Validate markdown files | |
| uses: DavidAnson/markdownlint-cli2-action@ded1f9488f68a970bc66ea5619e13e9b52e601cd # v23 | |
| with: | |
| globs: | | |
| **/*.md | |
| !**/node_modules/** | |
| !**/.git/** | |
| quality-gates: | |
| name: Quality Gates | |
| runs-on: ubuntu-latest | |
| needs: [validate, security-scan, documentation] | |
| if: always() | |
| steps: | |
| - name: Check all jobs status | |
| run: | | |
| echo "📊 Quality Gates Summary" | |
| echo "=======================" | |
| # Check individual job results | |
| validate_result="${{ needs.validate.result }}" | |
| security_result="${{ needs.security-scan.result }}" | |
| docs_result="${{ needs.documentation.result }}" | |
| echo "Repository Validation: $validate_result" | |
| echo "Security Scan: $security_result" | |
| echo "Documentation Check: $docs_result" | |
| # Determine overall result | |
| if [[ "$validate_result" == "success" && "$security_result" == "success" && "$docs_result" == "success" ]]; then | |
| echo "" | |
| echo "🎉 All quality gates passed!" | |
| echo "Repository is ready for deployment." | |
| else | |
| echo "" | |
| echo "❌ Some quality gates failed." | |
| echo "Please address the issues before merging." | |
| exit 1 | |
| fi |