README: clickable systems and artifacts #27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Index Integrity | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| env: | |
| LC_ALL: C | |
| TZ: UTC | |
| jobs: | |
| append-only: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check for deletions in index.html | |
| run: | | |
| # Get diff of index.html | |
| DELETED=$(git diff origin/main...HEAD -- index.html | grep "^-" | grep -v "^---" | wc -l) | |
| if [ "$DELETED" -gt 0 ]; then | |
| echo "FAIL: Deletions detected in index.html" | |
| echo "This index is append-only. Deletions are not allowed." | |
| git diff origin/main...HEAD -- index.html | grep "^-" | grep -v "^---" | |
| exit 1 | |
| fi | |
| echo "PASS: No deletions detected" | |
| whitespace-check: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Block HTML reformatting | |
| run: | | |
| # Check for whitespace-only changes | |
| CONTENT_CHANGES=$(git diff origin/main...HEAD -- index.html | grep "^[+-]" | grep -v "^[+-][+-][+-]" | grep -v "^[+-]\s*$" | wc -l) | |
| TOTAL_CHANGES=$(git diff origin/main...HEAD -- index.html | grep "^[+-]" | grep -v "^[+-][+-][+-]" | wc -l) | |
| if [ "$TOTAL_CHANGES" -gt 0 ] && [ "$CONTENT_CHANGES" -eq 0 ]; then | |
| echo "FAIL: Whitespace-only changes detected" | |
| echo "HTML reformatting is not allowed" | |
| exit 1 | |
| fi | |
| echo "PASS: No whitespace-only changes" | |
| checksum-verify: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Verify index checksum | |
| run: | | |
| ACTUAL=$(sha256sum index.html | cut -d' ' -f1) | |
| EXPECTED=$(cat INDEX_CHECKSUM.txt | cut -d' ' -f1) | |
| if [ "$ACTUAL" != "$EXPECTED" ]; then | |
| echo "FAIL: Index checksum mismatch" | |
| echo "Expected: $EXPECTED" | |
| echo "Actual: $ACTUAL" | |
| exit 1 | |
| fi | |
| echo "PASS: Index checksum verified" | |
| failure-codes-integrity: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Verify FAILURE_CODES.json checksum | |
| run: | | |
| EXPECTED=$(cat .failure_codes_checksum) | |
| ACTUAL=$(sha256sum FAILURE_CODES.json | cut -d' ' -f1) | |
| if [ "$EXPECTED" != "$ACTUAL" ]; then | |
| echo "FAIL: FAILURE_CODES.json has been modified" | |
| exit 5 | |
| fi | |
| echo "PASS: FAILURE_CODES.json checksum verified" |