.github: Test out github repo variable

.github/workflows/lint-workflows.yaml

@@ -0,0 +1,266 @@
+name: GitHub Workflow Related Checks
+
+# Any change in triggers needs to be reflected in the concurrency group.
+on:
+  pull_request: {}
+  push:
+    branches:
+      - main
+      - ft/main/**
+
+permissions: read-all
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
+  cancel-in-progress: true
+
+jobs:
+  ginkgo-workflow-comments:
+    name: Lint Ginkgo Workflows Comments
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          persist-credentials: false
+          # hard-code the path instead of using ${{ github.repository }} to make sure it works for forked repo as well
+          path: src/github.com/cilium/cilium
+
+      # Load Ginkgo build from GitHub
+      - name: Load ginkgo linter from GH cache
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        id: cache
+        with:
+          path: /tmp/.ginkgo-build/
+          key: ${{ runner.os }}-ginkgo-linter-${{ hashFiles('src/github.com/cilium/cilium/**/*.go') }}
+
+      - name: Install Go
+        if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          # renovate: datasource=golang-version depName=go
+          go-version: 1.22.6
+
+      - name: Build Ginkgo
+        if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+        shell: bash
+        run: |
+          cd src/github.com/cilium/cilium
+          go install github.com/onsi/ginkgo/[email protected]
+          mkdir -p /tmp/.ginkgo-build
+          echo ${{ github.repository }}
+
+      - name: Building Ginkgo Linter Test
+        if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+        shell: bash
+        run: |
+          cd src/github.com/cilium/cilium
+          git apply contrib/testing/ginkgo-get-all-test-names.patch
+
+          cd test
+          /home/runner/go/bin/ginkgo build
+          strip test.test
+          tar -cz test.test -f test.tgz
+
+      - name: Store Ginkgo Linter Test in GitHub cache path
+        if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+        shell: bash
+        run: |
+          cd src/github.com/cilium/cilium
+          mkdir -p /tmp/.ginkgo-build/
+          if [ -f test/test.tgz ]; then
+            cp test/test.tgz /tmp/.ginkgo-build/
+            echo "file copied"
+          fi
+
+      - name: Copy Ginkgo binary
+        if: ${{ steps.cache.outputs.cache-hit == 'true' }}
+        shell: bash
+        run: |
+          cd src/github.com/cilium/cilium/test/
+          tar -xf /tmp/.ginkgo-build/test.tgz
+
+      - name: Reading Comments From Workflows
+        shell: bash
+        run: |
+          cd src/github.com/cilium/cilium
+
+          grep '# K8s' .github/actions/ginkgo/main-focus.yaml | \
+          sed -e 's/^[[:space:]]\+# //g' | \
+          sort -u > /tmp/ginkgo-workflow-comments.txt
+
+          grep '# Runtime' .github/workflows/conformance-runtime.yaml | \
+          sed -e 's/^[[:space:]]\+# //g' | \
+          sort -u > /tmp/runtime-workflow-comments.txt
+
+      - name: Getting test runs output
+        shell: bash
+        run: |
+          cd src/github.com/cilium/cilium/test
+
+          ./test.test -ginkgo.failFast -ginkgo.dryRun -- --cilium.testScope=K8s | \
+          grep TestRun | \
+          grep -v 'TestRun\[Top Level\] Runtime' | \
+          sed 's/TestRun\[Top Level\]\ //g' | \
+          sort -u > /tmp/ginkgo-tests.txt
+
+          ./test.test -ginkgo.failFast -ginkgo.dryRun -- --cilium.testScope=Runtime | \
+          grep TestRun | \
+          grep -v 'TestRun\[Top Level\] K8s' | \
+          sed 's/TestRun\[Top Level\]\ //g' | \
+          sort -u > /tmp/runtime-tests.txt
+
+      - name: Checking diff Ginkgo Workflow
+        shell: bash
+        run: |
+          diff /tmp/ginkgo-workflow-comments.txt /tmp/ginkgo-tests.txt --suppress-common-lines
+
+          if [ $? -ne 0 ]; then
+            echo ""
+            echo "Ginkgo tests out of sync with comments from GH workflow:"
+            echo "$diff"
+            echo "Please fix the comments from .github/actions/ginkgo/main-focus.yaml accordingly"
+            echo ""
+            exit 1
+          fi
+
+      - name: Checking diff Runtime Workflow
+        shell: bash
+        run: |
+          diff /tmp/runtime-workflow-comments.txt /tmp/runtime-tests.txt --suppress-common-lines
+
+          if [ $? -ne 0 ]; then
+            echo ""
+            echo "Ginkgo tests out of sync with comments from GH workflow:"
+            echo "$diff"
+            echo ""
+            echo "Please fix the comments from .github/workflows/conformance-runtime.yaml accordingly"
+            exit 1
+          fi
+
+  ginkgo-schema-validation:
+    name: Validate Ginkgo Schema
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
+        with:
+          python-version: '3.10'
+      - name: Install yamela
+        run: pip install yamale
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          persist-credentials: false
+          # hard-code the path instead of using ${{ github.repository }} to make sure it works for forked repo as well
+          path: src/github.com/cilium/cilium
+
+      - name: Validate schema of ginkgo action files
+        shell: bash
+        run: |
+          cd src/github.com/cilium/cilium/.github/actions/ginkgo/
+          for type in focus k8s-versions prs scheduled; do
+            yamale -s ${type}-schema.yaml *-${type}.yaml;
+          done
+
+  conformance-schema-validation:
+    name: Validate k8s Versions Schema
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
+        with:
+          python-version: '3.10'
+      - name: Install yamela
+        run: pip install yamale
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          persist-credentials: false
+          # hard-code the path instead of using ${{ github.repository }} to make sure it works for forked repo as well
+          path: src/github.com/cilium/cilium
+
+      - name: Validate schema of aws, azure and gke action files
+        shell: bash
+        run: |
+          for dir in aws azure gke;do
+            dir_base=".github/actions/${dir}"
+            file_base="${dir_base}/k8s-versions"
+            if [ -f ${file_base}.yaml ];then
+              yamale -s ${file_base}-schema.yaml ${file_base}.yaml;
+            fi
+            if [ -f ${dir_base}/test-config-schema.yaml ];then
+              yamale -s ${dir_base}/test-config-schema.yaml ${dir_base}/test-config-classic.yaml
+              yamale -s ${dir_base}/test-config-schema.yaml ${dir_base}/test-config-helm.yaml
+            fi
+          done
+
+  name-validation:
+    name: Validate Workflow Names
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          persist-credentials: false
+          # hard-code the path instead of using ${{ github.repository }} to make sure it works for forked repo as well
+          path: src/github.com/cilium/cilium
+
+      - name: Validate Job and Step names
+        shell: bash
+        run: |
+          EXIT=0
+          cd src/github.com/cilium/cilium/.github/workflows
+          for FILE in *.yaml;do
+            JOBS=$(yq '.jobs | to_entries | .[] | select(.value.name == null) | "  " + .key' $FILE)
+            STEPS=$(yq '.jobs | to_entries | .[] as $job | $job.value.steps[] | {"key": $job.key, "name": .name} | select(.name == null) | "  "+.key' $FILE)
+            if [ "${JOBS}" != "" ];then
+              echo Jobs are missing name field, in file $FILE
+              echo "${JOBS}" | awk '{for (i=1; i<=NF; i++) print "  " $i}'
+              EXIT=1
+            fi
+            if [ "${STEPS}" != "" ];then
+              echo Steps are missing name field, under these Jobs in file $FILE
+              echo "${STEPS}" | awk '{for (i=1; i<=NF; i++) print "  " $i}'
+              EXIT=1
+            fi
+          done
+          exit ${EXIT}
+
+      - name: Validate Commit Status Start Job
+        shell: bash
+        run: |
+          EXIT=0
+          cd src/github.com/cilium/cilium/.github/workflows
+          for FILE in *.yaml; do
+            # we only care about workflows that has ariane workflow_dispatch events
+            IS_ARIANE_DISPATCH=$(yq '.on.workflow_dispatch.inputs.PR-number' $FILE)
+            if [ "$IS_ARIANE_DISPATCH" == "null" ]; then
+                continue
+            fi
+            JOB=$(yq '.jobs | to_entries | .[] | select(.key == "commit-status-start")' $FILE)
+            if [ "$JOB" == "" ]; then
+                echo "commit-status-start job is missing in file $FILE"
+                EXIT=1
+            fi
+            JOB_NAME=$(echo "${JOB}" | yq '.value.name')
+            if [ "$JOB_NAME" != "Commit Status Start" ]; then
+                echo "commit-status-start job name must be set as 'Commit Status Start' in file $FILE"
+                EXIT=1
+            fi
+          done
+          exit ${EXIT}
+
+      - name: Validate Absence of Trailing Spaces
+        shell: bash
+        working-directory: src/github.com/cilium/cilium/
+        run: |
+          if grep --quiet --recursive '[[:blank:]]$' .github; then
+            echo "Found trailing spaces in the following workflow files"
+            grep --files-with-matches --recursive '[[:blank:]]$' .github
+            echo
+            echo "Please run:"
+            echo "  find .github -type f -exec sed -ri 's/[[:blank:]]+$//' {} \;"
+            echo "and submit your changes"
+            exit 1
+          fi