universal-language-server-plugin/.github/workflows/container-policy.yml at main · hyperpolymath/universal-language-server-plugin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# SPDX-License-Identifier: MPL-2.0
permissions:
  contents: read

name: Container Policy
on: [push, pull_request]
jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Enforce container policy
        run: |
          # Block new Dockerfiles
          NEW_DOCKER=$(git diff --name-only --diff-filter=A HEAD~1 2>/dev/null | grep -iE 'dockerfile' || true)
          if [ -n "$NEW_DOCKER" ]; then
            echo "❌ New Dockerfile detected. Use Containerfile instead."
            exit 1
          fi

          # Check for docker command usage in scripts
          DOCKER_CMD=$(grep -r "docker build\|docker run\|docker push" --include="*.sh" --include="*.yml" --include="*.yaml" . 2>/dev/null | grep -v "nerdctl\|podman" | head -5 || true)
          if [ -n "$DOCKER_CMD" ]; then
            echo "⚠️ docker command found. Prefer nerdctl or podman:"
            echo "$DOCKER_CMD"
          fi

          echo "✅ Container policy check passed"