追加: actionlint CI

.github/workflows/build-engine-package.yml

@@ -151,6 +151,9 @@ jobs:
         run: |
           set -eux
 
+          # CUDA Toolkit へのパスを OS 非依存へ整形する
+          # NOTE: ダブルクォートでバックスラッシュを囲むと tr が可搬性関連の warning を出す
+          # shellcheck disable=SC1003
           CUDA_ROOT=$( echo "${{ steps.cuda-toolkit.outputs.CUDA_PATH }}" | tr '\\' '/' )
 
           mkdir -p download/cuda/bin
@@ -297,7 +300,7 @@ jobs:
 
           # Download pyopenjtalk dictionary
           # try 5 times, sleep 5 seconds before retry
-          for i in $(seq 5); do
+          for _ in $(seq 5); do
             EXIT_CODE=0
             python3 -c "import pyopenjtalk; pyopenjtalk._lazy_init()" || EXIT_CODE=$?
 
@@ -526,6 +529,8 @@ jobs:
           set -eux
 
           # ONNX Runtime providers
+          # NOTE: `$ORIGIN` は RPATH の特殊トークンであるため、bash 変数扱いされないために適切なエスケープが必要。
+          # shellcheck disable=SC2016
           patchelf --set-rpath '$ORIGIN' "$(pwd)/download/onnxruntime/lib"/libonnxruntime_providers_*.so
           mv download/onnxruntime/lib/libonnxruntime_*.so dist/run/
 
@@ -605,13 +610,13 @@ jobs:
           (cd "${{ matrix.target }}" && 7z -r -v1900M a "../compressed.zip")
 
           # Rename to artifact.001.vvppp, artifact.002.vvppp, ...
-          for FILE in $(ls "compressed.zip."*); do
+          for FILE in compressed.zip.*; do
             NUMBER=${FILE##*.} # 001
             mv "${FILE}" "${{ steps.vars.outputs.package_name }}.${NUMBER}.vvppp"
           done
 
           # Rename to artifact.vvpp if there are only artifact.001.vvppp
-          if [ "$(ls ${{ steps.vars.outputs.package_name }}.*.vvppp | wc -l)" == 1 ]; then
+          if [ "$(find ${{ steps.vars.outputs.package_name }}.*.vvppp | wc -l)" == 1 ]; then
             mv ${{ steps.vars.outputs.package_name }}.001.vvppp ${{ steps.vars.outputs.package_name }}.vvpp
           fi
 

.github/workflows/test-engine-package.yml

@@ -72,7 +72,7 @@ jobs:
         run: |
           mkdir -p download
           curl -L -o "download/list.txt" "${{ steps.vars.outputs.release_url }}/${{ steps.vars.outputs.package_name }}.7z.txt"
-          cat "download/list.txt" | xargs -I '%' curl -L -o "download/%" "${{ steps.vars.outputs.release_url }}/%"
+          <download/list.txt xargs -I '%' curl -L -o "download/%" "${{ steps.vars.outputs.release_url }}/%"
           7z x "download/$(head -n1 download/list.txt)"
           mv "${{ matrix.target }}" dist/
 

.github/workflows/test-security.yml

@@ -33,14 +33,14 @@ jobs:
       - name: <Test> Check Python dependency security
         run: safety check -r requirements.txt -r requirements-dev.txt -r requirements-test.txt -r requirements-license.txt -o bare
 
-      - name: Notify Discord of security testing result
+      - name: <Deploy> Notify Discord of security testing result
         uses: sarisia/actions-status-discord@v1
         if: always()
         with:
           webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
           username: GitHub Actions
           title: "依存パッケージ脆弱性診断の結果"
           status: ${{ job.status }}
-          color: ${{ job.status == 'success' && 0x00FF00 || 0xFF0000 }} 
+          color: ${{ job.status == 'success' && '0x00FF00' || '0xFF0000' }} 
           url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
 

.github/workflows/test.yml

@@ -76,7 +76,7 @@ jobs:
         if: ${{ startsWith(matrix.os, 'ubuntu-') }}
         uses: crate-ci/[email protected]
 
-  shellcheck:
+  lint-builders:
     runs-on: ubuntu-20.04
     steps:
       - name: <Setup> Check out the repository
@@ -89,3 +89,9 @@ jobs:
 
       - name: <Test> Check shell files
         run: git ls-files | grep -E '\.(ba)?sh' | xargs shellcheck
+
+      - name: <Test> Check workflow files
+        run: |
+          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+          ./actionlint
+        shell: bash