feat: Validate GitHub Actions schema

[ChristopherHX]

Resolves #2414

BREAKING previously accepted workflows are now invalid

@wolfogre you would need to add context gitea everywhere github is in the context array in your fork if this would be merged

I'm not shure if Gitea Actions has labeled some behavior allowed without schema as features.

Moreover Singleworlflows are more likely to be rejected after this change.

TBD add tests that serialized workflows from model can be parsed again, e.g. the Container structure used to contain additional fields that are invalid per schema

As draft to see which test is invalid as well

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ EDITORCONFIG	editorconfig-checker	9		0	0.06s
✅ JSON	jsonlint	2		0	0.11s
✅ JSON	prettier	2		0	0.41s
✅ JSON	v8r	2		0	1.59s
✅ REPOSITORY	gitleaks	yes		no	2.32s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	8.54s
✅ REPOSITORY	secretlint	yes		no	1.06s
✅ REPOSITORY	trivy-sbom	yes		no	0.47s
✅ REPOSITORY	trufflehog	yes		no	4.07s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

[mergify]

@ChristopherHX this pull request has failed checks 🛠

[mergify]

@ChristopherHX this pull request has failed checks 🛠

[wolfogre]

Thanks for mentioning me. I'll keep an eye on this PR. Don't worry, although there could be some challenges for the Gitea's fork, I believe we can find a way to handle them. So please feel free to do what you think is right. 👍

[codecov]

Codecov Report

Attention: Patch coverage is 85.71429% with 34 lines in your changes missing coverage. Please review.

Project coverage is 76.59%. Comparing base (5a80a04) to head (1bb2cf3).
Report is 98 commits behind head on master.

Files	Patch %	Lines
pkg/schema/schema.go	85.58%	25 Missing and 7 partials ⚠️
pkg/model/action.go	75.00%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #2416       +/-   ##
===========================================
+ Coverage   61.56%   76.59%   +15.03%     
===========================================
  Files          53       62        +9     
  Lines        9002     8157      -845     
===========================================
+ Hits         5542     6248      +706     
+ Misses       3020     1343     -1677     
- Partials      440      566      +126     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ChristopherHX]

The error messages might be cryptic here, but this should be the minimal viable variant of a schema check without additional complexity for producing better errors

Somehow I managed to fix the errors reported by CI here.

Actually disabling this schema check to get more time in a fork should be straight forward, by removeing UnmarshallYAML in two places

Sources of the schemas

• https://github.com/actions/languageservices/blob/main/workflow-parser/src/workflow-v1.0.json
• https://github.com/actions/runner/blob/main/src/Runner.Worker/action_yaml.json

[ChristopherHX]

@focusaurus please review this change to the validation.

Something like this will no longer parse

- uses:
  run:

- null

on: whatever

and a lot more like

- uses: myrepo@${{ github.ref }}
- run: ${{ gitlab.test }}

expressions are checked ahead of time like in actions/runner parser.

[mergify]

@ChristopherHX this pull request has failed checks 🛠

[weyert]

This looks really interesting! I have had cases were I was happy writing Github Actions/workflows with act and then Github Actions CI on GitHub.com complained about things. Would be really nice to have early warnings about such errors.