From 9e466efa3d67331499ae0b2d8b5ffba5970d63e0 Mon Sep 17 00:00:00 2001 From: Claude Code Bot Date: Tue, 7 Apr 2026 17:16:50 -0700 Subject: [PATCH] ci: remove redundant CI workflow All ci.yml jobs (shellcheck, shfmt, markdownlint, yamllint, python-lint, html-lint, bats, configuration-validation) are fully covered by local pre-commit hooks. The macos-latest BATS runner was the most expensive at 10x Linux runner cost. Remove ci.yml and its CI-only config files (.shellcheckrc, .yamllint), and the now-dead CI badge from README. Retain claude.yml and claude-blocking-review.yml (GitHub-event-driven, no local equivalent). Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/.shellcheckrc | 9 - .github/workflows/.yamllint | 7 - .github/workflows/ci.yml | 309 -------------------------------- README.md | 2 - 4 files changed, 327 deletions(-) delete mode 100644 .github/workflows/.shellcheckrc delete mode 100644 .github/workflows/.yamllint delete mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/.shellcheckrc b/.github/workflows/.shellcheckrc deleted file mode 100644 index 2390e60..0000000 --- a/.github/workflows/.shellcheckrc +++ /dev/null @@ -1,9 +0,0 @@ -# https://github.com/koalaman/shellcheck/wiki/Directive#shellcheckrc-file -external-sources=true -check-sourced=true -extended-analysis=true -enable=all - -# Disable SC2310: Functions invoked in conditional contexts -# This is informational only and doesn't indicate actual issues -disable=SC2310 diff --git a/.github/workflows/.yamllint b/.github/workflows/.yamllint deleted file mode 100644 index b312d3e..0000000 --- a/.github/workflows/.yamllint +++ /dev/null @@ -1,7 +0,0 @@ ---- -# .yamllint -extends: relaxed - -rules: - line-length: - max: 120 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index c72e793..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,309 +0,0 @@ ---- -name: CI Tests - - -"on": - push: - pull_request: - branches: [main] - -jobs: - detect-changes: - name: Detect File Changes - runs-on: ubuntu-latest - outputs: - shell-scripts: ${{ steps.changes.outputs.shell-scripts }} - tests: ${{ steps.changes.outputs.tests }} - markdown: ${{ steps.changes.outputs.markdown }} - yaml: ${{ steps.changes.outputs.yaml }} - python: ${{ steps.changes.outputs.python }} - html: ${{ steps.changes.outputs.html }} - steps: - - uses: actions/checkout@v4 - - uses: dorny/paths-filter@v2 - id: changes - with: - filters: | - shell-scripts: - - '**/*.sh' - - 'scripts/**' - - '.github/workflows/.shellcheckrc' - tests: - - '**/*.bats' - - 'tests/**' - - 'app-setup/templates/transmission-done.sh' - - 'app-setup/templates/plex-watchdog.sh' - markdown: - - '**/*.md' - yaml: - - '**/*.yml' - - '**/*.yaml' - - '.github/workflows/**' - - '.github/workflows/.yamllint' - python: - - '**/*.py' - html: - - '**/*.html' - - shellcheck: - name: Shell Script Analysis - runs-on: ubuntu-latest - needs: detect-changes - if: needs.detect-changes.outputs.shell-scripts == 'true' - steps: - - uses: actions/checkout@v4 - - - name: Install shellcheck - run: sudo apt-get update && sudo apt-get install -y shellcheck - - - name: Find and validate shell scripts - run: | - echo "=== Shell scripts found ===" - find . -name "*.sh" -type f - echo "=== Files with shell shebangs ===" - find . -type f -executable -exec grep -l '^#!/.*sh' {} + || true - - - name: Run shellcheck - run: | - set -e - - # shellcheck will automatically use .shellcheckrc from current directory - if [[ -f ".github/workflows/.shellcheckrc" ]]; then - echo "Found .shellcheckrc in .github/workflows/" - cd .github/workflows - WORKING_DIR="../../" - else - echo "Using shellcheck with default settings" - WORKING_DIR="." - fi - - # Check .sh files (excluding .git directory) - while IFS= read -r -d '' file; do - if [[ -f "$WORKING_DIR/$file" && -r "$WORKING_DIR/$file" ]]; then - echo "Checking $file" - shellcheck "$WORKING_DIR/$file" - fi - done < <(find "$WORKING_DIR" -name "*.sh" -type f -not -path './.git/*' -print0 \ - | sed "s|^$WORKING_DIR/||") - - # Check executable files with shell shebangs (excluding .git directory) - while IFS= read -r -d '' file; do - if [[ -f "$WORKING_DIR/$file" && -r "$WORKING_DIR/$file" ]] && \ - grep -q '^#!/.*sh' "$WORKING_DIR/$file" 2>/dev/null; then - echo "Checking executable $file" - shellcheck "$WORKING_DIR/$file" - fi - done < <(find "$WORKING_DIR" -type f -executable -not -path './.git/*' -print0 \ - 2>/dev/null | sed "s|^$WORKING_DIR/||") - - shfmt: - name: Shell Script Formatting - runs-on: ubuntu-latest - needs: detect-changes - if: needs.detect-changes.outputs.shell-scripts == 'true' - steps: - - uses: actions/checkout@v4 - - - name: Install shfmt - run: | - SHFMT_VERSION="3.7.0" - curl -L \ - "https://github.com/mvdan/sh/releases/download/v${SHFMT_VERSION}/shfmt_v${SHFMT_VERSION}_linux_amd64" \ - -o shfmt - chmod +x shfmt - sudo mv shfmt /usr/local/bin/ - shfmt --version - - - name: Check formatting - run: | - set -e - - # Check .sh files (excluding .git directory) - while IFS= read -r -d '' file; do - if [[ -f "$file" && -r "$file" ]]; then - echo "Checking $file formatting" - shfmt -d -i 2 -ci -bn "$file" - fi - done < <(find . -name "*.sh" -type f -not -path './.git/*' -print0) - - # Check executable shell files (excluding .git directory) - while IFS= read -r -d '' file; do - if [[ -f "$file" && -r "$file" ]] && grep -q '^#!/.*sh' "$file" 2>/dev/null; then - echo "Checking executable $file formatting" - shfmt -d -i 2 -ci -bn "$file" - fi - done < <(find . -type f -executable -not -path './.git/*' -print0 2>/dev/null) - - markdownlint: - name: Markdown Linting - runs-on: ubuntu-latest - needs: detect-changes - if: needs.detect-changes.outputs.markdown == 'true' - steps: - - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: '18' - - - name: Install markdownlint-cli - run: npm install -g markdownlint-cli - - - name: Find markdown files - run: | - echo "=== Markdown files found (excluding LICENSE.md) ===" - find . -name "*.md" -type f -not -path './.git/*' | grep -v 'LICENSE\.md$' - - - name: Run markdownlint - run: | - # Use same config as global pre-commit (MD013 disabled) - echo "Using markdownlint with MD013 disabled (matching global config)" - find . -name "*.md" -type f -not -path './.git/*' -print0 | \ - grep -zv 'LICENSE\.md$' | \ - xargs -0 markdownlint --disable=MD013 - - yamllint: - name: YAML Linting - runs-on: ubuntu-latest - needs: detect-changes - if: needs.detect-changes.outputs.yaml == 'true' - steps: - - uses: actions/checkout@v4 - - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: '3.x' - - - name: Install yamllint - run: pip install yamllint - - - name: Find YAML files - run: | - echo "=== YAML files found ===" - find . \( -name "*.yml" -o -name "*.yaml" \) -type f -not -path './.git/*' - - - name: Run yamllint - run: | - # Use config from .github/workflows if available, fallback to repo root - if [[ -f ".github/workflows/.yamllint" ]]; then - export YAMLLINT_CONFIG_FILE=".github/workflows/.yamllint" - echo "Using yamllint config from .github/workflows/.yamllint" - elif [[ -f ".yamllint" ]]; then - export YAMLLINT_CONFIG_FILE=".yamllint" - echo "Using yamllint config from .yamllint" - else - echo "No yamllint config found, using defaults" - fi - - find . \( -name "*.yml" -o -name "*.yaml" \) -type f -not -path './.git/*' -print0 | \ - xargs -0 yamllint - - python-lint: - name: Python Linting and Formatting - runs-on: ubuntu-latest - needs: detect-changes - if: needs.detect-changes.outputs.python == 'true' - steps: - - uses: actions/checkout@v4 - - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: '3.x' - - - name: Install Python tools - run: | - pip install black flake8 flake8-bugbear - - - name: Find Python files - run: | - echo "=== Python files found ===" - find . -name "*.py" -type f -not -path './.git/*' - - - name: Run black (formatter check) - run: | - echo "Checking Python formatting with black..." - black --check --quiet . - - - name: Run flake8 (linter) - run: | - echo "Running Python linter with flake8..." - flake8 . - - html-lint: - name: HTML Validation - runs-on: ubuntu-latest - needs: detect-changes - if: needs.detect-changes.outputs.html == 'true' - steps: - - uses: actions/checkout@v4 - - - name: Install HTML Tidy - run: sudo apt-get update && sudo apt-get install -y tidy - - - name: Find HTML files - run: | - echo "=== HTML files found ===" - find . -name "*.html" -type f -not -path './.git/*' - - - name: Run HTML validation - run: | - echo "Validating HTML files with tidy..." - find . -name "*.html" -type f -not -path './.git/*' -print0 | \ - xargs -0 -I {} tidy -q -e {} - - bats: - name: BATS Tests - runs-on: macos-latest - needs: detect-changes - if: >- - needs.detect-changes.outputs.tests == 'true' || - needs.detect-changes.outputs.shell-scripts == 'true' - steps: - - uses: actions/checkout@v4 - - - name: Install BATS - run: brew install bats-core - - - name: Run all BATS tests - run: | - echo "=== Running all BATS tests ===" - find tests/ -name '*.bats' -print0 | xargs -0 bats - - # Future test placeholders - configuration-validation: - name: Configuration Validation (Future) - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Validate configuration files - run: | - echo "🔮 Future: Validate config.conf syntax" - echo "🔮 Future: Validate 1Password item references" - echo "🔮 Future: Validate package lists (formulae.txt, casks.txt)" - # For now, just check files exist and are readable - test -r config/config.conf.template - test -r config/formulae.txt - test -r config/casks.txt - -# security-scanning: -# name: Security Scanning (Future) -# runs-on: ubuntu-latest -# steps: -# - uses: actions/checkout@v4 -# -# - name: Security placeholder -# run: | -# echo "🔮 Future: Scan for hardcoded secrets" -# echo "🔮 Future: Validate SSH key handling" -# echo "🔮 Future: Check for insecure shell patterns" -# # Basic check for obvious secrets (this could catch accidents) -# if grep -r "password.*=" . --include="*.sh" --include="*.conf" | \ -# grep -v "PASSWORD_FILE\|1Password\|#.*password\|\\\${.*PASSWORD.*}\|encoded_password" | \ -# grep -v "KEYCHAIN_PASSWORD\|dynamically generated"; then -# echo "⚠️ Warning: Found potential hardcoded passwords" -# exit 1 -# fi diff --git a/README.md b/README.md index 52d08d1..6ed9a30 100644 --- a/README.md +++ b/README.md @@ -348,5 +348,3 @@ Scripts must be idempotent (re-runnable without breaking things). Use `log()`/`s ## License MIT; see [LICENSE](license.md) - -[![CI Tests](https://github.com/smartwatermelon/mac-server-setup/actions/workflows/ci.yml/badge.svg)](https://github.com/smartwatermelon/mac-server-setup/actions)