Review SCM files and security updates (#6) #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # RSR Anti-Pattern CI Check | |
| # SPDX-License-Identifier: AGPL-3.0-or-later | |
| # | |
| # Enforces: No TypeScript, No Go, No Python (except SaltStack), No npm | |
| # Allows: ReScript, Deno, WASM, Rust, OCaml, Haskell, Guile/Scheme | |
| name: RSR Anti-Pattern Check | |
| on: | |
| push: | |
| branches: [main, master, develop] | |
| pull_request: | |
| branches: [main, master, develop] | |
| jobs: | |
| antipattern-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Check for TypeScript | |
| run: | | |
| if find . -name "*.ts" -o -name "*.tsx" | grep -v node_modules | grep -q .; then | |
| echo "❌ TypeScript files detected - use ReScript instead" | |
| find . -name "*.ts" -o -name "*.tsx" | grep -v node_modules | |
| exit 1 | |
| fi | |
| echo "✅ No TypeScript files" | |
| - name: Check for Go | |
| run: | | |
| if find . -name "*.go" | grep -q .; then | |
| echo "❌ Go files detected - use Rust/WASM instead" | |
| find . -name "*.go" | |
| exit 1 | |
| fi | |
| echo "✅ No Go files" | |
| - name: Check for Python (non-SaltStack) | |
| run: | | |
| PY_FILES=$(find . -name "*.py" | grep -v salt | grep -v _states | grep -v _modules | grep -v pillar | grep -v venv | grep -v __pycache__ || true) | |
| if [ -n "$PY_FILES" ]; then | |
| echo "❌ Python files detected - only allowed for SaltStack" | |
| echo "$PY_FILES" | |
| exit 1 | |
| fi | |
| echo "✅ No non-SaltStack Python files" | |
| - name: Check for npm lockfiles | |
| run: | | |
| if [ -f "package-lock.json" ] || [ -f "yarn.lock" ]; then | |
| echo "❌ npm/yarn lockfile detected - use Deno instead" | |
| exit 1 | |
| fi | |
| echo "✅ No npm lockfiles" | |
| - name: Check for tsconfig | |
| run: | | |
| if [ -f "tsconfig.json" ]; then | |
| echo "❌ tsconfig.json detected - use ReScript instead" | |
| exit 1 | |
| fi | |
| echo "✅ No tsconfig.json" | |
| - name: Verify Deno presence (if package.json exists) | |
| run: | | |
| if [ -f "package.json" ]; then | |
| if [ ! -f "deno.json" ] && [ ! -f "deno.jsonc" ]; then | |
| echo "⚠️ Warning: package.json without deno.json - migration recommended" | |
| fi | |
| fi | |
| echo "✅ Deno configuration check complete" | |
| - name: Summary | |
| run: | | |
| echo "╔════════════════════════════════════════════════════════════╗" | |
| echo "║ RSR Anti-Pattern Check Passed ✅ ║" | |
| echo "║ ║" | |
| echo "║ Allowed: ReScript, Deno, WASM, Rust, OCaml, Haskell, ║" | |
| echo "║ Guile/Scheme, SaltStack (Python) ║" | |
| echo "║ ║" | |
| echo "║ Blocked: TypeScript, Go, npm, Python (non-Salt) ║" | |
| echo "╚════════════════════════════════════════════════════════════╝" |