diff --git a/Concurrency.pkl b/Concurrency.pkl new file mode 100644 index 0000000..efe3993 --- /dev/null +++ b/Concurrency.pkl @@ -0,0 +1,4 @@ +module com.github.action.Concurrency + +group: String +`cancel-in-progress`: Boolean diff --git a/Defaults.pkl b/Defaults.pkl new file mode 100644 index 0000000..5f20675 --- /dev/null +++ b/Defaults.pkl @@ -0,0 +1,10 @@ +module com.github.action.Defaults + +import "Shell.pkl" + +run: RunDefaults? + +class RunDefaults { + shell: Shell.Shell? + `working-directory`: String? +} diff --git a/EnvironmentVariables.pkl b/EnvironmentVariables.pkl new file mode 100644 index 0000000..fcabe8d --- /dev/null +++ b/EnvironmentVariables.pkl @@ -0,0 +1,3 @@ +module com.github.action.EnvironmentVariables + +typealias EnvironmentVariables = Mapping diff --git a/Job.pkl b/Job.pkl new file mode 100644 index 0000000..f5d0e2e --- /dev/null +++ b/Job.pkl @@ -0,0 +1,232 @@ +abstract module com.github.action.Job + +import "Concurrency.pkl" +import "Defaults.pkl" +import "EnvironmentVariables.pkl" +import "Machine.pkl" +import "Permissions.pkl" +import "Step.pkl" + +/// A name for the job, which is displayed in the GitHub UI +name: String? + +/// A conditional to prevent a job from running unless a condition is met. +/// +/// You can use any supported context and expression to create a conditional. +/// For more information on which contexts are supported in this key, see +/// [Contexts reference](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts#context-availability). +@SourceCode { language = "GithubExpressionLanguage" } +`if`: String? + +/// Identify any jobs that must complete successfully before this job will run. +/// +/// It can be a string or array of strings. +/// If a job fails or is skipped, all jobs that need it are skipped unless the jobs use a conditional expression that +/// causes the job to continue. +/// If a run contains a series of jobs that need each other, a failure or skip applies to all jobs in the dependency +/// chain from the point of failure or skip onwards. If you would like a job to run even if a job it is dependent on +/// did not succeed, use the `always()` conditional expression in `jobs..if`. +/// +/// See: +needs: (String | *Listing)? + +/// Ensure that only a single job or workflow using the same concurrency group will run at a time. +/// +/// A concurrency group can be any string or expression. Allowed expression contexts: `github`, `inputs`, `vars`, +/// `needs`, `strategy`, and `matrix`. +/// For more information about expressions, see +/// [Evaluate expressions in workflows and actions](https://docs.github.com/en/actions/reference/workflows-and-actions/expressions). +/// +/// You can also specify concurrency at the workflow level. +/// For more information, see [module.concurrency]. +/// +/// This means that there can be at most one running and one pending job in a concurrency group at any time. +/// When a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the +/// repository is in progress, the queued job or workflow will be pending. +/// Any existing pending job or workflow in the same concurrency group, if it exists, will be canceled and the new +/// queued job or workflow will take its place. +/// +/// To also cancel any currently running job or workflow in the same concurrency group, specify `cancel-in-progress = true`. +/// To conditionally cancel currently running jobs or workflows in the same concurrency group, you can specify +/// [cancel-in-progress] as an expression with any of the allowed expression contexts. +/// +/// Note: +/// +/// The concurrency group name is case insensitive. For example, `prod` and `Prod` will be treated as the same concurrency group. +/// Ordering is not guaranteed for jobs or workflow runs using concurrency groups. Jobs or workflow runs in the same concurrency group are handled in an arbitrary order. +/// +/// Docs: +concurrency: Concurrency? + +/// Use `jobs..strategy` to use a matrix strategy for your jobs. +/// +/// A matrix strategy lets you use variables in a single job definition to automatically create multiple job runs that +/// are based on the combinations of the variables. +/// For example, you can use a matrix strategy to test your code in multiple versions of a language or on multiple +/// operating systems. +/// +/// For more information, see +/// [Running variations of jobs in a workflow](https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/run-job-variations). +/// +/// Docs: +strategy: Strategy? + +/// For a specific job, you can use `jobs..permissions` to modify the default permissions granted to the +/// `GITHUB_TOKEN`, adding or removing access as required, so that you only allow the minimum required access. +/// For more information, see Use `GITHUB_TOKEN` for authentication in workflows. +/// +/// By specifying the permission within a job definition, you can configure a different set of permissions for the +/// `GITHUB_TOKEN` for each job, if required. +/// Alternatively, you can specify the permissions for all jobs in the workflow. +/// For information on defining permissions at the workflow level, see [module.permissions]. +/// +/// For each of the available permissions, shown in the table below, you can assign one of the access levels: +/// read (if applicable), write, or none. write includes read. If you specify the access for any of these permissions, +/// all of those that are not specified are set to none. +/// +/// Docs: +permissions: (*Permissions | "read-all" | "write-all")? + +class DefaultJob extends module { + /// Use `jobs..runs-on` to define the type of machine to run the job on. + /// + /// The destination machine can be either a GitHub-hosted runner, larger runner, or a self-hosted runner. + /// You can target runners based on the labels assigned to them, or their group membership, or a combination of these. + /// + /// You can provide runs-on as: + /// + /// * A single string + /// * A single variable containing a string + /// * An array of strings, variables containing strings, or a combination of both + /// * A key-value pair using the group or labels keys + /// * If you specify an array of strings or variables, your workflow will execute on any runner that matches all of the specified runs-on values. + /// For example, here the job will only run on a self-hosted runner that has the labels `linux`, `x64`, and `gpu`: + /// + /// ``` + /// `runs-on` { "self-hosted"; "linux"; "x64"; "gpu" } + /// ``` + /// + /// For more information, see [Choosing self-hosted runners](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#choosing-self-hosted-runners). + /// + /// * You can mix strings and variables in an array. For example: + /// + /// ``` + /// on: + /// workflow_dispatch: + /// inputs: + /// chosen-os: + /// required: true + /// type: choice + /// options: + /// - Ubuntu + /// - macOS + /// + /// jobs: + /// test: + /// runs-on: [self-hosted, "${{ inputs.chosen-os }}"] + /// steps: + /// - run: echo Hello world! + /// ``` + /// + /// If you would like to run your workflow on multiple machines, use [strategy]. + `runs-on`: *String | Machine | Listing<*String | Machine> + + /// The maximum number of minutes to run the step before killing the process. + /// + /// Fractional values are not supported. + `timeout-minutes`: Int(isPositive)? + + /// Sets variables for steps to use in the runner environment. + /// + /// You can also set variables for the entire workflow or a job. + /// For more information, see + /// [env](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#env) and + /// [jobs..env](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idenv). + /// + /// When more than one environment variable is defined with the same name, GitHub uses the most specific variable. For example, an environment variable defined in a step will override job and workflow environment variables with the same name, while the step executes. An environment variable defined for a job will override a workflow variable with the same name, while the job executes. + /// + /// Public actions may specify expected variables in the README file. If you are setting a secret or sensitive value, such as a password or token, you must set secrets using the secrets context. For more information, see Contexts reference. + env: EnvironmentVariables.EnvironmentVariables? + + /// Craetes a map of outputs for a job. + /// + /// Job outputs are available to all downstream jobs that depend on this job. + /// For more information on defining job dependencies, see [needs]. + /// + /// Outputs can be a maximum of 1 MB per job. + /// The total of all outputs in a workflow run can be a maximum of 50 MB. + /// Size is approximated based on UTF-16 encoding. + /// + /// Job outputs containing expressions are evaluated on the runner at the end of each job. + /// Outputs containing secrets are redacted on the runner and not sent to GitHub Actions. + /// + /// If an output is skipped because it may contain a secret, you will see the following warning message: + /// "Skip output {output.Key} since it may contain secret." + /// For more information on how to handle secrets, please refer to the + /// [Example: Masking and passing a secret between jobs or workflows](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-commands#example-masking-and-passing-a-secret-between-jobs-or-workflows). + /// + /// To use job outputs in a dependent job, you can use the needs context. + /// For more information, see [Contexts reference](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts#needs-context). + outputs: Mapping? + + /// A map of variables that are available to all steps in the job. + /// + /// You can set variables for the entire workflow or an individual step. + /// For more information, see env and jobs..steps[*].env. + /// + /// When more than one environment variable is defined with the same name, GitHub uses the most specific variable. + /// For example, an environment variable defined in a step will override job and workflow environment variables with + /// the same name, while the step executes. + /// An environment variable defined for a job will override a workflow variable with the same name, while the job executes. + /// + /// Docs: + environment: (*Environment | String)? + + /// Use jobs..defaults to create a map of default settings that will + /// apply to all steps in the job. + /// + /// You can also set default settings for the entire workflow. For more + /// information, see defaults. When more than one default setting is defined + /// with the same name, GitHub uses the most specific default setting. For + /// example, a default setting defined in a job will override a default + /// setting that has the same name defined in a workflow. + defaults: Defaults? + + /// A job contains a sequence of tasks called steps. + /// + /// Steps can run commands, run setup tasks, or run an action in your repository, a public repository, or an action + /// published in a Docker registry. + /// Not all steps run actions, but all actions run as a step. Each step runs in its own process in the runner + /// environment and has access to the workspace and filesystem. + /// Because steps run in their own process, changes to environment variables are not preserved between steps. + /// GitHub provides built-in steps to set up and complete a job. + /// + /// GitHub only displays the first 1,000 checks, however, you can run an unlimited number of steps as long as you are + /// within the workflow usage limits. + /// + /// For more information, see Billing and usage for GitHub-hosted runners and Actions limits for self-hosted runner usage limits. + steps: Listing<*Step.Step | Step.TypedStep> +} + +class ReusableJob extends module { + uses: String(matches(Regex("(.+/)+(.+)\\.(ya?ml)(@.+)?")))? + with: With? + secrets: ("inherit" | *Mapping)? +} + +typealias Job = *DefaultJob | ReusableJob + +// Strategy, part of Jobs +class Strategy { + matrix: Mapping> + `fail-fast`: Boolean? + `max-parallel`: (Number | String)? +} + +// Environment, part of Jobs +class Environment { + name: String + url: String? +} + +typealias With = Mapping diff --git a/Machine.pkl b/Machine.pkl new file mode 100644 index 0000000..83132d9 --- /dev/null +++ b/Machine.pkl @@ -0,0 +1,13 @@ +abstract module com.github.action.Machine + +name: String + +class UbuntuLatest extends module { + name = "ubuntu-latest" +} +class MacOsLatest extends module { + name = "macos-latest" +} +class WindowsLatest extends module { + name = "windows-latest" +} diff --git a/On.pkl b/On.pkl new file mode 100644 index 0000000..2a1cfb4 --- /dev/null +++ b/On.pkl @@ -0,0 +1,283 @@ +module com.github.action.On + +import "Trigger.pkl" + +/// Runs your workflow anytime the `branch_protection_rule` event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +branch_protection_rule: Trigger.BranchProtectionRule? + +/// Runs your workflow anytime the check_run event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +check_run: Trigger.CheckRun? + +/// Runs your workflow anytime the `check_suite` event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +check_suite: Trigger.CheckSuite? + +/// Runs your workflow anytime someone creates a branch or tag, which triggers the create event. +/// +/// For information about the REST API, see . +/// +/// See +create: Trigger.BaseTrigger? + +/// Runs your workflow when someone deletes a Git reference (Git branch or tag) in the workflow's repository. +/// +/// For information about the APIs to delete a Git reference, see [Mutations](https://docs.github.com/en/graphql/reference/mutations#deleteref) in the GraphQL API documentation or +/// [REST API endpoints for Git references](https://docs.github.com/en/rest/git/refs#delete-a-reference). +/// +/// See +`delete`: Trigger.BaseTrigger? + +/// Runs your workflow anytime someone creates a deployment, which triggers the deployment event. +/// +/// Deployments created with a commit SHA may not have a Git ref. +/// +/// See +deployment: Trigger.BaseTrigger? + +/// Runs your workflow anytime a third party provides a deployment status, which triggers the `deployment_status` event. +/// +/// Deployments created with a commit SHA may not have a Git ref. +/// +/// See +deployment_status: Trigger.BaseTrigger? + +/// Runs your workflow anytime the discussion event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +discussion: Trigger.Discussion? + +/// Runs your workflow anytime the discussion_comment event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +discussion_comment: Trigger.DiscussionComment? + +/// Runs your workflow anytime when someone forks a repository, which triggers the `fork` event. +/// +/// See +fork: Trigger.BaseTrigger? + +/// Runs your workflow when someone creates or updates a Wiki page, which triggers the `gollum` event. +/// +/// See +gollum: Trigger.BaseTrigger? + +/// Runs your workflow anytime the `issue_comment` event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +issue_comment: Trigger.IssueComment? + +/// Runs your workflow anytime the `issues` event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +issues: Trigger.Issues? + +/// Runs your workflow anytime the `label` event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +label: Trigger.Label? + +/// Runs your workflow when a pull request is added to a merge queue, which adds the pull request to a merge group. +/// +/// For information about the merge queue, see . +/// +/// See +merge_group: Trigger.MergeGroup? + +/// Runs your workflow anytime the `milestone` event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +milestone: Trigger.Milestone? + +/// Runs your workflow anytime someone pushes to a GitHub Pages-enabled branch, which triggers the `page_build` event. +/// +/// See +page_build: Trigger.BaseTrigger? + +/// Runs your workflow anytime the project event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +project: Trigger.Project? + +/// Runs your workflow anytime the `project_card` event occurs. +/// +/// More than one activity type triggers this event. +/// +/// See +project_card: Trigger.ProjectCard? + +/// Runs your workflow anytime the `project_column` event occurs. +/// +/// More than one activity type triggers this event. +/// For information about the REST API, see . +/// +/// See +project_column: Trigger.ProjectColumn? + +/// Runs your workflow anytime someone makes a private repository public, which triggers the `public` event. +/// +/// For information about the REST API, see . +/// +/// See +public: Trigger.BaseTrigger? + +/// Runs your workflow anytime the `pull_request` event occurs. +/// +/// More than one activity type triggers this event. +/// For information about the REST API, see . +/// +/// Note: Trigger.Workflows do not run on private base repositories when you open a pull request from a forked repository. +/// When you create a pull request from a forked repository to the base repository, +/// GitHub sends the `pull_request` event to the base repository and no pull request events occur on the forked repository. +/// Workflows don't run on forked repositories by default. +/// You must enable GitHub Actions in the Actions tab of the forked repository. +/// The permissions for the `GITHUB_TOKEN` in forked repositories is read-only. +/// For more information about the `GITHUB_TOKEN`, see . +/// +/// See +pull_request: Trigger.PullRequest? + +/// Runs your workflow anytime the `pull_request_review` event occurs. +/// +/// More than one activity type triggers this event. +/// +/// Note: Trigger.Workflows do not run on private base repositories when you open a pull request from a forked repository. +/// When you create a pull request from a forked repository to the base repository, +/// GitHub sends the pull_request event to the base repository and no pull request events occur on the forked repository. +/// Workflows don't run on forked repositories by default. +/// You must enable GitHub Actions in the Actions tab of the forked repository. +/// The permissions for the GITHUB_TOKEN in forked repositories is read-only. +/// For more information about the GITHUB_TOKEN, see https://help.github.com/en/articles/virtual-environments-for-github-actions. +/// +/// See +pull_request_review: Trigger.PullRequestReview? + +/// Runs your workflow anytime a comment on a pull request's unified diff is modified, which triggers the +/// `pull_request_review_comment` event. +/// +/// More than one activity type triggers this event. +/// +/// See +pull_request_review_comment: Trigger.PullRequestReviewComment? + +/// This event is similar to [pull_request], except that it runs in the context of the base repository of the pull +/// request, rather than in the merge commit. +/// +/// This means that you can more safely make your secrets available to the workflows triggered by the pull request, +/// because only workflows defined in the commit on the base repository are run. +/// +/// For example, this event allows you to create workflows that label and comment on pull requests, based on the +/// contents of the event payload. +/// +/// See +pull_request_target: Trigger.PullRequest? + +/// Runs your workflow when someone pushes to a repository branch, which triggers the `push` event. +/// +/// Note: Trigger.The webhook payload available to GitHub Actions does not include the added, removed, and modified attributes +/// in the commit object. +/// You can retrieve the full commit object using the REST API. +/// For more information, see +/// +/// See +push: Trigger.Push? + +/// Runs your workflow anytime a package is published or updated. +/// +/// For more information, see . +/// +/// See +registry_package: Trigger.RegistryPackage? + +/// Runs your workflow anytime the release event occurs. +/// +/// More than one activity type triggers this event. +/// For information about the REST API, see in the GitHub Developer documentation. +/// +/// See +release: Trigger.Release? + +/// You can use the GitHub API to trigger a webhook event called `repository_dispatch` when you want to trigger a +/// workflow for activity that happens outside of GitHub. +/// +/// For more information, see . +/// To trigger the custom `repository_dispatch` webhook event, you must send a POST request to a GitHub API endpoint +/// and provide an `event_type` name to describe the activity type. +/// To trigger a workflow run, you must also configure your workflow to use the `repository_dispatch` event. +/// +/// See +repository_dispatch: Trigger.RepositoryDispatch? + +/// You can schedule a workflow to run at specific UTC times using POSIX cron syntax +/// (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07). +/// +/// Scheduled workflows run on the latest commit on the default or base branch. +/// The shortest interval you can run scheduled workflows is once every 5 minutes. +/// Note: Trigger.GitHub Actions does not support the non-standard syntax @yearly, @monthly, @weekly, @daily, @hourly, +/// and @reboot. +/// You can use crontab guru () to help generate your cron syntax and confirm what time it will +/// run. +/// To help you get started, there is also a list of crontab guru examples (). +/// +/// See +schedule: Listing? + +/// Runs your workflow anytime the status of a Git commit changes, which triggers the `status` event. +/// +/// For information about the REST API, see . +/// +/// See +status: Trigger.BaseTrigger? + +/// Runs your workflow anytime the `watch` event occurs. +/// +/// More than one activity type triggers this event. +/// For information about the REST API, see +/// +/// See +watch: Trigger.BaseTrigger? + +/// Allows workflows to be reused by other workflows. +/// +/// See +workflow_call: Trigger.WorkflowCall? + +/// You can now create workflows that are manually triggered with the new `workflow_dispatch` event. +/// +/// You will then see a 'Run workflow' button on the Actions tab, enabling you to easily trigger a run. +/// +/// See +workflow_dispatch: Trigger.WorkflowDispatch? + +/// This event occurs when a workflow run is requested or completed, and allows you to execute a workflow based on the +/// finished result of another workflow. +/// +/// For example, if your [pull_request] workflow generates build artifacts, you can create a new workflow that uses +/// `workflow_run` to analyze the results and add a comment to the original pull request. +/// +/// See +workflow_run: Trigger.WorkflowRun? diff --git a/Permissions.pkl b/Permissions.pkl new file mode 100644 index 0000000..a35e9c6 --- /dev/null +++ b/Permissions.pkl @@ -0,0 +1,119 @@ +module com.github.action.Permissions + +typealias Permission = "read" | "write" | "none" + +/// Work with GitHub Actions. +/// +/// For example, `actions = "write"` permits an action to cancel a workflow run. +/// +/// For more information, see +/// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). +actions: Permission? + +/// Work with artifact attestations. +/// +/// For example, `attestations = "write"` permits an action to generate an artifact attestation for a build. +/// +/// For more information, see +/// [Using artifact attestations to establish provenance for builds](https://docs.github.com/en/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations). +attestations: Permission? + +/// Work with check runs and check suites. +/// +/// For example, `checks = "write"` permits an action to create a check run. +/// +/// For more information, see +/// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). +checks: Permission? + +/// Work with the contents of the repository. +/// +/// For example, contents: read permits an action to list the commits, and `contents = "write"` allows the action to +/// create a release. +/// +/// For more information, see +/// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). +contents: Permission? + +/// Work with deployments. +/// +/// For example, deployments: write permits an action to create a new deployment. +/// +/// For more information, see +/// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). +deployments: Permission? + +/// Work with GitHub Discussions. +/// +/// For example, `discussions = "write"` permits an action to close or delete a discussion. +/// +/// For more information, see [Using the GraphQL API for Discussions](https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions). +discussions: Permission? + +/// Fetch an OpenID Connect (OIDC) token. +/// +/// This requires `id-token = "write"`. +/// +/// For more information, see [OpenID Connect](https://docs.github.com/en/actions/concepts/security/openid-connect#updating-your-actions-for-oidc). +`id-token`: Permission? + +/// Work with issues. +/// +/// For example, issues: write permits an action to add a comment to an issue. +/// +/// For more information, see +/// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). +issues: Permission? + +/// Generate AI inference responses with GitHub Models. +/// +/// For example, `models = "read"` permits an action to use the GitHub Models inference API. +/// +/// See [Prototyping with AI models](https://docs.github.com/en/github-models/use-github-models/prototyping-with-ai-models). +models: Permission? + +/// Work with GitHub Packages. +/// +/// For example, `packages = "write"` permits an action to upload and publish packages on GitHub Packages. +/// +/// For more information, see +/// [About permissions for GitHub Packages](https://docs.github.com/en/packages/learn-github-packages/about-permissions-for-github-packages#about-scopes-and-permissions-for-package-registries). +packages: Permission? + +/// Work with GitHub Pages. +/// +/// For example, `pages = "write"` permits an action to request a GitHub Pages build. +/// +/// For more information, see +/// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). +pages: Permission? + +/// Work with pull requests. +/// +/// For example, `pull-requests = "write"` permits an action to add a label to a pull request. +/// +/// For more information, see +/// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). +`pull-requests`: Permission? + +/// Work with GitHub code scanning alerts. +/// +/// For example, `security-events = "read"` permits an action to list the code scanning alerts for the repository, and +/// `security-events = "write"` allows an action to update the status of a code scanning alert. +/// +/// For more information, see [Repository permissions for 'Code scanning alerts'](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-code-scanning-alerts). +/// +/// Dependabot and secret scanning alerts cannot be read with this permission and require a GitHub App or a personal +/// access token. +/// For more information, see [Repository permissions for 'Dependabot alerts'](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-dependabot-alerts) +/// and [Repository permissions for 'Secret scanning alerts'](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-secret-scanning-alerts) +/// in "Permissions required for GitHub Apps." +`security-events`: Permission? + +/// Work with commit statuses. +/// +/// For example, `statuses = "read"` permits an action to list the commit statuses for a given reference. +/// +/// For more information, see +/// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). +statuses: Permission? diff --git a/Shell.pkl b/Shell.pkl new file mode 100644 index 0000000..bc56414 --- /dev/null +++ b/Shell.pkl @@ -0,0 +1,3 @@ +module com.github.action.Shell + +typealias Shell = "pwsh" | "bash" | "sh" | "cmd" | "powershell" | "python" diff --git a/Step.pkl b/Step.pkl new file mode 100644 index 0000000..ead4d72 --- /dev/null +++ b/Step.pkl @@ -0,0 +1,149 @@ +abstract module com.github.action.Step + +import "EnvironmentVariables.pkl" +import "Shell.pkl" + +/// A name for your step to display on GitHub. +name: String? + +/// A unique identifier for the step. +/// +/// You can use the [id] to reference the step in contexts. +/// +/// For more information, see [Contexts reference](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts). +id: String? + +/// You can use the if conditional to prevent a step from running unless a condition is met. +/// +/// You can use any supported context and expression to create a conditional. +/// For more information on which contexts are supported in this key, see Contexts reference. +/// +/// When you use expressions in an if conditional, you can, optionally, omit the `${{ }}` expression syntax because +/// GitHub Actions automatically evaluates the if conditional as an expression. +/// However, this exception does not apply everywhere. +/// +/// For more information, see Evaluate expressions in workflows and actions. +@SourceCode { language = "GithubExpressionLanguage" } +`if`: String? + +/// The maximum number of minutes to run the step before killing the process. +/// +/// Fractional values are not supported. +/// timeout-minutes must be a positive integer. +`timeout-minutes`: Int(isPositive)? + +/// Sets variables for steps to use in the runner environment. +/// You can also set variables for the entire workflow or a job. +/// For more information, see [module.env] and [BaseJob.env]. +/// +/// When more than one environment variable is defined with the same name, GitHub uses the most specific variable. +/// For example, an environment variable defined in a step will override job and workflow environment variables with +/// the same name, while the step executes. +/// An environment variable defined for a job will override a workflow variable with the same name, while the job executes. +/// +/// Public actions may specify expected variables in the README file. +/// If you are setting a secret or sensitive value, such as a password or token, you must set secrets using the +/// secrets context. +/// For more information, see [Contexts reference](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts). +env: EnvironmentVariables.EnvironmentVariables? + +/// Using the working-directory keyword, you can specify the working directory of where to run the command. +/// +/// Alternatively, you can specify a default working directory for all run steps in a job, or for all run steps in the +/// entire workflow. +/// For more information, see `defaults.run.working-directory` and `jobs..defaults.run.working-directory`. +/// +/// You can also use a run step to run a script. +/// For more information, see [Adding scripts to your workflow](https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/add-scripts). +/// +/// Docs: +`working-directory`: String? + +/// You can override the default shell settings in the runner's operating system and the job's default using the shell keyword. +/// +/// You can use built-in shell keywords, or you can define a custom set of shell options. +/// The shell command that is run internally executes a temporary file that contains the commands specified in the run keyword. +/// +/// Docs: +shell: Shell.Shell? + +// Step, part of Jobs +class Step extends module { + /// Selects an action to run as part of a step in your job. + /// An action is a reusable unit of code. + /// You can use an action defined in the same repository as the workflow, a public repository, or in a published + /// Docker container image. + /// + /// We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or + /// Docker tag. + /// If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner + /// publishes an update. + /// + /// * Using the commit SHA of a released action version is the safest for stability and security. + /// * If the action publishes major version tags, you should expect to receive critical fixes and security patches + /// while still retaining compatibility. Note that this behavior is at the discretion of the action's author. + /// * Using the default branch of an action may be convenient, but if someone releases a new major version with a + /// breaking change, your workflow could break. + /// + /// Some actions require inputs that you must set using the with keyword. Review the action's README file to determine + /// the inputs required. + /// + /// Actions are either JavaScript files or Docker containers. + /// If the action you're using is a Docker container you must run the job in a Linux environment. + /// For more details, see [runs-on]. + uses: String? + + /// Runs command-line programs that do not exceed 21,000 characters using the operating system's shell. + /// + /// If you do not provide a name, the step name will default to the text specified in the run command. + /// + /// Commands run using non-login shells by default. + /// You can choose a different shell and customize the shell used to run commands. + /// For more information, see [shell]. + /// + /// Each `run` keyword represents a new process and shell in the runner environment. + run: String(length < 21_000)?(exactlyOneSet(this, uses)) + + with: With? +} + +const function exactlyOneSet(a: Any, b: Any) = + if (a != null) + b == null + else if (b != null) + a == null + else + false + +// With typealias for Jobs.Step.With +typealias With = Mapping + +// TypedStep, part of Jobs +// Can be used to extend Step with specific typed properties +abstract class TypedStep extends module { + /// Selects an action to run as part of a step in your job. + /// An action is a reusable unit of code. + /// You can use an action defined in the same repository as the workflow, a public repository, or in a published + /// Docker container image. + /// + /// We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or + /// Docker tag. + /// If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner + /// publishes an update. + /// + /// * Using the commit SHA of a released action version is the safest for stability and security. + /// * If the action publishes major version tags, you should expect to receive critical fixes and security patches + /// while still retaining compatibility. Note that this behavior is at the discretion of the action's author. + /// * Using the default branch of an action may be convenient, but if someone releases a new major version with a + /// breaking change, your workflow could break. + /// + /// Some actions require inputs that you must set using the with keyword. Review the action's README file to determine + /// the inputs required. + /// + /// Actions are either JavaScript files or Docker containers. + /// If the action you're using is a Docker container you must run the job in a Linux environment. + /// For more details, see [runs-on]. + abstract fixed uses: String + + abstract with: Typed +} diff --git a/Trigger.pkl b/Trigger.pkl new file mode 100644 index 0000000..971bc3c --- /dev/null +++ b/Trigger.pkl @@ -0,0 +1,348 @@ +abstract module com.github.action.Trigger + +/// Define the type of activity that will trigger a workflow run. +/// +/// Most GitHub events are triggered by more than one type of activity. +/// For example, the label is triggered when a label is created, edited, or deleted. +/// The types keyword enables you to narrow down activity that causes the workflow to run. +/// When only one activity type triggers a webhook event, the types keyword is unnecessary. +/// +/// You can use an array of event types. +/// +/// For more information about each event and their activity types, see +/// [Events that trigger workflows](https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#available-events). +types: Listing? + +/// The base trigger, with no event types associated +class BaseTrigger extends module { + types: Listing? +} + +class BranchProtectionRule extends module { + types: Listing? +} + +typealias BranchProtectionRuleType = "created" | "edited" | "deleted" + +class CheckRun extends module { + types: Listing? +} + +typealias CheckRunType = "created" | "rerequested" | "completed" | "requested_action" + +class CheckSuite extends module { + types: Listing? +} +typealias CheckSuiteType = "completed" | "requested" | "rerequested" + +class Discussion extends module { + types: Listing? +} +typealias DiscussionType = + "created" + | "edited" + | "deleted" + | "transferred" + | "pinned" + | "unpinned" + | "labeled" + | "unlabeled" + | "locked" + | "unlocked" + | "category_changed" + | "answered" + | "unanswered" + +class DiscussionComment extends module { + types: Listing? +} +typealias DiscussionCommentType = "created" | "edited" | "deleted" + +class IssueComment extends module { + types: Listing? +} +typealias IssueCommentType = "created" | "edited" | "deleted" + +class Issues extends module { + types: Listing? +} +typealias IssuesType = + "opened" + | "edited" + | "deleted" + | "transferred" + | "pinned" + | "unpinned" + | "closed" + | "reopened" + | "assigned" + | "unassigned" + | "labeled" + | "unlabeled" + | "locked" + | "unlocked" + | "milestoned" + | "demilestoned" + +class Label extends module { + types: Listing? +} +typealias LabelType = "created" | "edited" | "deleted" + +class MergeGroup extends module { + types: Listing? +} +typealias MergeGroupType = "checked_requested" + +class Milestone extends module { + types: Listing? +} +typealias MilestoneType = "created" | "closed" | "opened" | "edited" | "deleted" + +class Project extends module { + types: Listing? +} +typealias ProjectType = "created" | "updated" | "closed" | "reopened" | "edited" | "deleted" + +class ProjectCard extends module { + types: Listing? +} +typealias ProjectCardType = "created" | "moved" | "converted" | "edited" | "deleted" + +class ProjectColumn extends module { + types: Listing? +} +typealias ProjectColumnType = "created" | "updated" | "moved" | "deleted" + +class PullRequest extends module { + types: Listing? + + /// Use the branches filter when you want to include branch name patterns or when you want to both include and + /// exclude branch names patterns. + /// + /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch name. + /// If a name contains any of these characters and you want a literal match, you need to escape each of these special + /// characters with `\`. + /// + /// For more information about glob patterns, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + /// + /// See + branches: Listing? + + /// Use the branches-ignore filter when you only want to exclude branch name patterns. + /// + /// You cannot use both the branches and branches-ignore filters for the same event in a workflow. + /// + /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch name. + /// If a name contains any of these characters and you want a literal match, you need to escape each of these special + /// characters with `\`. + /// + /// For more information about glob patterns, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + /// + /// See + `branches-ignore`: Listing(branches == null)? + + /// Use the paths filter when you want to include file path patterns or when you want to both include and exclude + /// file path patterns. + /// + /// Accepts glob patterns that use the `*` and `**` wildcard characters to match more than one path name. + /// For more information, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + paths: Listing? + + /// Use the paths-ignore filter when you only want to exclude file path patterns. + /// + /// You cannot use both the paths and paths-ignore filters for the same event in a workflow. + /// If you want to both include and exclude path patterns for a single event, use the paths filter prefixed with the + /// `!` character to indicate which paths should be excluded. + /// + /// Accepts glob patterns that use the `*` and `**` wildcard characters to match more than one path name. + /// For more information, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + `paths-ignore`: Listing(paths == null)? +} + +typealias PullRequestType = + "assigned" + | "unassigned" + | "review_requested" + | "review_request_removed" + | "labeled" + | "unlabeled" + | "opened" + | "edited" + | "closed" + | "reopened" + | "synchronize" + | "ready_for_review" + | "locked" + | "unlocked" + | "ready_for_review" + | "converted_to_draft" + | "demilestoned" + | "milestoned" + | "review_requested" + | "review_request_removed" + | "auto_merge_enabled" + | "auto_merge_disabled" + +class PullRequestReview extends module { + types: Listing? +} +typealias PullRequestReviewType = "submitted" | "edited" | "dismissed" + +class PullRequestReviewComment extends module { + types: Listing? +} +typealias PullRequestReviewCommentType = "created" | "edited" | "deleted" + +typealias PullRequestTargetType = + "assigned" + | "unassigned" + | "labeled" + | "unlabeled" + | "opened" + | "edited" + | "closed" + | "reopened" + | "synchronize" + | "converted_to_draft" + | "ready_for_review" + | "locked" + | "unlocked" + | "review_requested" + | "review_request_removed" + | "auto_merge_enabled" + | "auto_merge_disabled" + +class Push extends module { + /// Use the `branches` filter when you want to include branch name patterns or when you want to both include and + /// exclude branch names patterns. + /// + /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch + /// or tag name. + /// If a name contains any of these characters and you want a literal match, you need to escape each of these special + /// characters with `\`. + /// + /// For more information about glob patterns, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + branches: Listing? + + /// Use the `branches-ignore` filter when you only want to exclude branch name patterns. + /// + /// You cannot use both the [branches] and [`branches-ignore`] filters for the same event in a workflow. + /// + /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch + /// or tag name. + /// If a name contains any of these characters and you want a literal match, you need to escape each of these special + /// characters with `\`. + /// + /// For more information about glob patterns, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + `branches-ignore`: Listing(branches == null)? + + /// Use the tags filter when you want to include tag name patterns or when you want to both include and exclude tag + /// names patterns. + /// + /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch + /// or tag name. + /// If a name contains any of these characters and you want a literal match, you need to escape each of these special + /// characters with `\`. + /// + /// For more information about glob patterns, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + tags: Listing? + + /// Use the tags-ignore filter when you only want to exclude tag name patterns. + /// You cannot use both the [tags] and [tags-ignore] filters for the same event in a workflow. + /// + /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch + /// or tag name. + /// If a name contains any of these characters and you want a literal match, you need to escape each of these special + /// characters with `\`. + /// + /// For more information about glob patterns, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + `tags-ignore`: Listing(tags == null)? + + /// Use the paths filter when you want to include file path patterns or when you want to both include and exclude file + /// path patterns. + /// + /// Accepts glob patterns that use the `*` and `**` wildcard characters to match more than one path name. + /// For more information, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + paths: Listing? + + /// Use the paths-ignore filter when you only want to exclude file path patterns. + /// + /// You cannot use both the paths and paths-ignore filters for the same event in a workflow. + /// If you want to both include and exclude path patterns for a single event, use the paths filter prefixed with the + /// `!` character to indicate which paths should be excluded. + /// + /// Accepts glob patterns that use the `*` and `**` wildcard characters to match more than one path name. + /// For more information, see the + /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). + `paths-ignore`: Listing(paths == null)? +} + +class RegistryPackage extends module { + types: Listing? +} +typealias RegistryPackageType = "published" | "updated" + +class Release extends module { + types: Listing? +} +typealias ReleaseType = + "published" | "unpublished" | "created" | "edited" | "deleted" | "prereleased" | "released" + +class RepositoryDispatch extends module { + types: Listing? +} + +class Schedule { + @SourceCode { language = "Cron" } + cron: String +} + +/// Allows workflows to be reused by other workflows. +/// +/// https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_call +class WorkflowCall extends module { + inputs: Mapping? + outputs: Mapping? + secrets: Mapping? +} + +class WorkflowCallOutput { + description: String? + value: Any +} +class WorkflowCallSecrets { + description: String? + required: Boolean +} + +class WorkflowDispatch extends module { + inputs: Mapping? +} + +class WorkflowInput { + description: String + deprecatedMessage: String? + required: Boolean? + default: String? + type: WorkflowInputType? + options: Listing? +} +typealias WorkflowInputType = "boolean" | "string" | "choice" | "environment" | "number" + +class WorkflowRun extends module { + types: Listing? + workflows: Listing(length > 0) + branches: Listing? + `branches-ignore`: Listing? +} +typealias WorkflowRunType = "requested" | "completed" | "in_progress" diff --git a/Workflow.pkl b/Workflow.pkl index 5aef1ec..64f533a 100644 --- a/Workflow.pkl +++ b/Workflow.pkl @@ -4,1170 +4,16 @@ /// including triggers, jobs, steps, and environment variables. module com.github.action.Workflow -// region Trigger -abstract class Trigger { - /// Define the type of activity that will trigger a workflow run. - /// - /// Most GitHub events are triggered by more than one type of activity. - /// For example, the label is triggered when a label is created, edited, or deleted. - /// The types keyword enables you to narrow down activity that causes the workflow to run. - /// When only one activity type triggers a webhook event, the types keyword is unnecessary. - /// - /// You can use an array of event types. - /// - /// For more information about each event and their activity types, see - /// [Events that trigger workflows](https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#available-events). - types: Listing? -} - -/// The base trigger, with no event types associated -class BaseTrigger extends Trigger { - types: Listing? -} - -class BranchProtectionRule extends Trigger { - types: Listing? -} - -typealias BranchProtectionRuleType = "created" | "edited" | "deleted" - -class CheckRun extends Trigger { - types: Listing? -} - -typealias CheckRunType = "created" | "rerequested" | "completed" | "requested_action" - -class CheckSuite extends Trigger { - types: Listing? -} -typealias CheckSuiteType = "completed" | "requested" | "rerequested" - -class Discussion extends Trigger { - types: Listing? -} -typealias DiscussionType = - "created" - | "edited" - | "deleted" - | "transferred" - | "pinned" - | "unpinned" - | "labeled" - | "unlabeled" - | "locked" - | "unlocked" - | "category_changed" - | "answered" - | "unanswered" - -class DiscussionComment extends Trigger { - types: Listing? -} -typealias DiscussionCommentType = "created" | "edited" | "deleted" - -class IssueComment extends Trigger { - types: Listing? -} -typealias IssueCommentType = "created" | "edited" | "deleted" - -class Issues extends Trigger { - types: Listing? -} -typealias IssuesType = - "opened" - | "edited" - | "deleted" - | "transferred" - | "pinned" - | "unpinned" - | "closed" - | "reopened" - | "assigned" - | "unassigned" - | "labeled" - | "unlabeled" - | "locked" - | "unlocked" - | "milestoned" - | "demilestoned" - -class Label extends Trigger { - types: Listing? -} -typealias LabelType = "created" | "edited" | "deleted" - -class MergeGroup extends Trigger { - types: Listing? -} -typealias MergeGroupType = "checked_requested" - -class Milestone extends Trigger { - types: Listing? -} -typealias MilestoneType = "created" | "closed" | "opened" | "edited" | "deleted" - -class Project extends Trigger { - types: Listing? -} -typealias ProjectType = "created" | "updated" | "closed" | "reopened" | "edited" | "deleted" - -class ProjectCard extends Trigger { - types: Listing? -} -typealias ProjectCardType = "created" | "moved" | "converted" | "edited" | "deleted" - -class ProjectColumn extends Trigger { - types: Listing? -} -typealias ProjectColumnType = "created" | "updated" | "moved" | "deleted" - -class PullRequest extends Trigger { - types: Listing? - - /// Use the branches filter when you want to include branch name patterns or when you want to both include and - /// exclude branch names patterns. - /// - /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch name. - /// If a name contains any of these characters and you want a literal match, you need to escape each of these special - /// characters with `\`. - /// - /// For more information about glob patterns, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - /// - /// See - branches: Listing? - - /// Use the branches-ignore filter when you only want to exclude branch name patterns. - /// - /// You cannot use both the branches and branches-ignore filters for the same event in a workflow. - /// - /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch name. - /// If a name contains any of these characters and you want a literal match, you need to escape each of these special - /// characters with `\`. - /// - /// For more information about glob patterns, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - /// - /// See - `branches-ignore`: Listing(branches == null)? - - /// Use the paths filter when you want to include file path patterns or when you want to both include and exclude - /// file path patterns. - /// - /// Accepts glob patterns that use the `*` and `**` wildcard characters to match more than one path name. - /// For more information, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - paths: Listing? - - /// Use the paths-ignore filter when you only want to exclude file path patterns. - /// - /// You cannot use both the paths and paths-ignore filters for the same event in a workflow. - /// If you want to both include and exclude path patterns for a single event, use the paths filter prefixed with the - /// `!` character to indicate which paths should be excluded. - /// - /// Accepts glob patterns that use the `*` and `**` wildcard characters to match more than one path name. - /// For more information, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - `paths-ignore`: Listing(paths == null)? -} - -typealias PullRequestType = - "assigned" - | "unassigned" - | "review_requested" - | "review_request_removed" - | "labeled" - | "unlabeled" - | "opened" - | "edited" - | "closed" - | "reopened" - | "synchronize" - | "ready_for_review" - | "locked" - | "unlocked" - | "ready_for_review" - | "converted_to_draft" - | "demilestoned" - | "milestoned" - | "review_requested" - | "review_request_removed" - | "auto_merge_enabled" - | "auto_merge_disabled" - -class PullRequestReview extends Trigger { - types: Listing? -} -typealias PullRequestReviewType = "submitted" | "edited" | "dismissed" - -class PullRequestReviewComment extends Trigger { - types: Listing? -} -typealias PullRequestReviewCommentType = "created" | "edited" | "deleted" - -typealias PullRequestTargetType = - "assigned" - | "unassigned" - | "labeled" - | "unlabeled" - | "opened" - | "edited" - | "closed" - | "reopened" - | "synchronize" - | "converted_to_draft" - | "ready_for_review" - | "locked" - | "unlocked" - | "review_requested" - | "review_request_removed" - | "auto_merge_enabled" - | "auto_merge_disabled" - -class Push extends Trigger { - /// Use the `branches` filter when you want to include branch name patterns or when you want to both include and - /// exclude branch names patterns. - /// - /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch - /// or tag name. - /// If a name contains any of these characters and you want a literal match, you need to escape each of these special - /// characters with `\`. - /// - /// For more information about glob patterns, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - branches: Listing? - - /// Use the `branches-ignore` filter when you only want to exclude branch name patterns. - /// - /// You cannot use both the [branches] and [`branches-ignore`] filters for the same event in a workflow. - /// - /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch - /// or tag name. - /// If a name contains any of these characters and you want a literal match, you need to escape each of these special - /// characters with `\`. - /// - /// For more information about glob patterns, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - `branches-ignore`: Listing(branches == null)? - - /// Use the tags filter when you want to include tag name patterns or when you want to both include and exclude tag - /// names patterns. - /// - /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch - /// or tag name. - /// If a name contains any of these characters and you want a literal match, you need to escape each of these special - /// characters with `\`. - /// - /// For more information about glob patterns, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - tags: Listing? - - /// Use the tags-ignore filter when you only want to exclude tag name patterns. - /// You cannot use both the [tags] and [tags-ignore] filters for the same event in a workflow. - /// - /// Accepts glob patterns that use characters like `*`, `**`, `+`, `?`, `!` and others to match more than one branch - /// or tag name. - /// If a name contains any of these characters and you want a literal match, you need to escape each of these special - /// characters with `\`. - /// - /// For more information about glob patterns, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - `tags-ignore`: Listing(tags == null)? - - /// Use the paths filter when you want to include file path patterns or when you want to both include and exclude file - /// path patterns. - /// - /// Accepts glob patterns that use the `*` and `**` wildcard characters to match more than one path name. - /// For more information, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - paths: Listing? - - /// Use the paths-ignore filter when you only want to exclude file path patterns. - /// - /// You cannot use both the paths and paths-ignore filters for the same event in a workflow. - /// If you want to both include and exclude path patterns for a single event, use the paths filter prefixed with the - /// `!` character to indicate which paths should be excluded. - /// - /// Accepts glob patterns that use the `*` and `**` wildcard characters to match more than one path name. - /// For more information, see the - /// [Workflow syntax for GitHub Actions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet). - `paths-ignore`: Listing(paths == null)? -} - -class RegistryPackage extends Trigger { - types: Listing? -} -typealias RegistryPackageType = "published" | "updated" - -class Release extends Trigger { - types: Listing? -} -typealias ReleaseType = - "published" | "unpublished" | "created" | "edited" | "deleted" | "prereleased" | "released" - -class RepositoryDispatch extends Trigger { - types: Listing? -} - -class Schedule { - @SourceCode { language = "Cron" } - cron: String -} - -/// Allows workflows to be reused by other workflows. -/// -/// https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_call -class WorkflowCall extends Trigger { - inputs: Mapping? - outputs: Mapping? - secrets: Mapping? -} - -class WorkflowCallOutput { - description: String? - value: Any -} -class WorkflowCallSecrets { - description: String? - required: Boolean -} - -class WorkflowDispatch extends Trigger { - inputs: Mapping? -} - -class WorkflowInput { - description: String - deprecatedMessage: String? - required: Boolean? - default: String? - type: WorkflowInputType? - options: Listing? -} -typealias WorkflowInputType = "boolean" | "string" | "choice" | "environment" | "number" - -class WorkflowRun extends Trigger { - types: Listing? - workflows: Listing(length > 0) - branches: Listing? - `branches-ignore`: Listing? -} -typealias WorkflowRunType = "requested" | "completed" | "in_progress" - -class On { - /// Runs your workflow anytime the `branch_protection_rule` event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - branch_protection_rule: BranchProtectionRule? - - /// Runs your workflow anytime the check_run event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - check_run: CheckRun? - - /// Runs your workflow anytime the `check_suite` event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - check_suite: CheckSuite? - - /// Runs your workflow anytime someone creates a branch or tag, which triggers the create event. - /// - /// For information about the REST API, see . - /// - /// See - create: BaseTrigger? - - /// Runs your workflow when someone deletes a Git reference (Git branch or tag) in the workflow's repository. - /// - /// For information about the APIs to delete a Git reference, see [Mutations](https://docs.github.com/en/graphql/reference/mutations#deleteref) in the GraphQL API documentation or - /// [REST API endpoints for Git references](https://docs.github.com/en/rest/git/refs#delete-a-reference). - /// - /// See - `delete`: BaseTrigger? - - /// Runs your workflow anytime someone creates a deployment, which triggers the deployment event. - /// - /// Deployments created with a commit SHA may not have a Git ref. - /// - /// See - deployment: BaseTrigger? - - /// Runs your workflow anytime a third party provides a deployment status, which triggers the `deployment_status` event. - /// - /// Deployments created with a commit SHA may not have a Git ref. - /// - /// See - deployment_status: BaseTrigger? - - /// Runs your workflow anytime the discussion event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - discussion: Discussion? - - /// Runs your workflow anytime the discussion_comment event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - discussion_comment: DiscussionComment? - - /// Runs your workflow anytime when someone forks a repository, which triggers the `fork` event. - /// - /// See - fork: BaseTrigger? - - /// Runs your workflow when someone creates or updates a Wiki page, which triggers the `gollum` event. - /// - /// See - gollum: BaseTrigger? - - /// Runs your workflow anytime the `issue_comment` event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - issue_comment: IssueComment? - - /// Runs your workflow anytime the `issues` event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - issues: Issues? - - /// Runs your workflow anytime the `label` event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - label: Label? - - /// Runs your workflow when a pull request is added to a merge queue, which adds the pull request to a merge group. - /// - /// For information about the merge queue, see . - /// - /// See - merge_group: MergeGroup? - - /// Runs your workflow anytime the `milestone` event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - milestone: Milestone? - - /// Runs your workflow anytime someone pushes to a GitHub Pages-enabled branch, which triggers the `page_build` event. - /// - /// See - page_build: BaseTrigger? - - /// Runs your workflow anytime the project event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - project: Project? - - /// Runs your workflow anytime the `project_card` event occurs. - /// - /// More than one activity type triggers this event. - /// - /// See - project_card: ProjectCard? - - /// Runs your workflow anytime the `project_column` event occurs. - /// - /// More than one activity type triggers this event. - /// For information about the REST API, see . - /// - /// See - project_column: ProjectColumn? - - /// Runs your workflow anytime someone makes a private repository public, which triggers the `public` event. - /// - /// For information about the REST API, see . - /// - /// See - public: BaseTrigger? - - /// Runs your workflow anytime the `pull_request` event occurs. - /// - /// More than one activity type triggers this event. - /// For information about the REST API, see . - /// - /// Note: Workflows do not run on private base repositories when you open a pull request from a forked repository. - /// When you create a pull request from a forked repository to the base repository, - /// GitHub sends the `pull_request` event to the base repository and no pull request events occur on the forked repository. - /// Workflows don't run on forked repositories by default. - /// You must enable GitHub Actions in the Actions tab of the forked repository. - /// The permissions for the `GITHUB_TOKEN` in forked repositories is read-only. - /// For more information about the `GITHUB_TOKEN`, see . - /// - /// See - pull_request: PullRequest? - - /// Runs your workflow anytime the `pull_request_review` event occurs. - /// - /// More than one activity type triggers this event. - /// - /// Note: Workflows do not run on private base repositories when you open a pull request from a forked repository. - /// When you create a pull request from a forked repository to the base repository, - /// GitHub sends the pull_request event to the base repository and no pull request events occur on the forked repository. - /// Workflows don't run on forked repositories by default. - /// You must enable GitHub Actions in the Actions tab of the forked repository. - /// The permissions for the GITHUB_TOKEN in forked repositories is read-only. - /// For more information about the GITHUB_TOKEN, see https://help.github.com/en/articles/virtual-environments-for-github-actions. - /// - /// See - pull_request_review: PullRequestReview? - - /// Runs your workflow anytime a comment on a pull request's unified diff is modified, which triggers the - /// `pull_request_review_comment` event. - /// - /// More than one activity type triggers this event. - /// - /// See - pull_request_review_comment: PullRequestReviewComment? - - /// This event is similar to [pull_request], except that it runs in the context of the base repository of the pull - /// request, rather than in the merge commit. - /// - /// This means that you can more safely make your secrets available to the workflows triggered by the pull request, - /// because only workflows defined in the commit on the base repository are run. - /// - /// For example, this event allows you to create workflows that label and comment on pull requests, based on the - /// contents of the event payload. - /// - /// See - pull_request_target: PullRequest? - - /// Runs your workflow when someone pushes to a repository branch, which triggers the `push` event. - /// - /// Note: The webhook payload available to GitHub Actions does not include the added, removed, and modified attributes - /// in the commit object. - /// You can retrieve the full commit object using the REST API. - /// For more information, see - /// - /// See - push: Push? - - /// Runs your workflow anytime a package is published or updated. - /// - /// For more information, see . - /// - /// See - registry_package: RegistryPackage? - - /// Runs your workflow anytime the release event occurs. - /// - /// More than one activity type triggers this event. - /// For information about the REST API, see in the GitHub Developer documentation. - /// - /// See - release: Release? - - /// You can use the GitHub API to trigger a webhook event called `repository_dispatch` when you want to trigger a - /// workflow for activity that happens outside of GitHub. - /// - /// For more information, see . - /// To trigger the custom `repository_dispatch` webhook event, you must send a POST request to a GitHub API endpoint - /// and provide an `event_type` name to describe the activity type. - /// To trigger a workflow run, you must also configure your workflow to use the `repository_dispatch` event. - /// - /// See - repository_dispatch: RepositoryDispatch? - - /// You can schedule a workflow to run at specific UTC times using POSIX cron syntax - /// (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07). - /// - /// Scheduled workflows run on the latest commit on the default or base branch. - /// The shortest interval you can run scheduled workflows is once every 5 minutes. - /// Note: GitHub Actions does not support the non-standard syntax @yearly, @monthly, @weekly, @daily, @hourly, - /// and @reboot. - /// You can use crontab guru () to help generate your cron syntax and confirm what time it will - /// run. - /// To help you get started, there is also a list of crontab guru examples (). - /// - /// See - schedule: Listing? - - /// Runs your workflow anytime the status of a Git commit changes, which triggers the `status` event. - /// - /// For information about the REST API, see . - /// - /// See - status: BaseTrigger? - - /// Runs your workflow anytime the `watch` event occurs. - /// - /// More than one activity type triggers this event. - /// For information about the REST API, see - /// - /// See - watch: BaseTrigger? - - /// Allows workflows to be reused by other workflows. - /// - /// See - workflow_call: WorkflowCall? - - /// You can now create workflows that are manually triggered with the new `workflow_dispatch` event. - /// - /// You will then see a 'Run workflow' button on the Actions tab, enabling you to easily trigger a run. - /// - /// See - workflow_dispatch: WorkflowDispatch? - - /// This event occurs when a workflow run is requested or completed, and allows you to execute a workflow based on the - /// finished result of another workflow. - /// - /// For example, if your [pull_request] workflow generates build artifacts, you can create a new workflow that uses - /// `workflow_run` to analyze the results and add a comment to the original pull request. - /// - /// See - workflow_run: WorkflowRun? -} - -// endregion - -// Environment Variables -typealias EnvironmentVariables = Mapping - -// Permissions -class Permissions { - /// Work with GitHub Actions. - /// - /// For example, `actions = "write"` permits an action to cancel a workflow run. - /// - /// For more information, see - /// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). - actions: Permission? - - /// Work with artifact attestations. - /// - /// For example, `attestations = "write"` permits an action to generate an artifact attestation for a build. - /// - /// For more information, see - /// [Using artifact attestations to establish provenance for builds](https://docs.github.com/en/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations). - attestations: Permission? - - /// Work with check runs and check suites. - /// - /// For example, `checks = "write"` permits an action to create a check run. - /// - /// For more information, see - /// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). - checks: Permission? - - /// Work with the contents of the repository. - /// - /// For example, contents: read permits an action to list the commits, and `contents = "write"` allows the action to - /// create a release. - /// - /// For more information, see - /// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). - contents: Permission? - - /// Work with deployments. - /// - /// For example, deployments: write permits an action to create a new deployment. - /// - /// For more information, see - /// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). - deployments: Permission? - - /// Work with GitHub Discussions. - /// - /// For example, `discussions = "write"` permits an action to close or delete a discussion. - /// - /// For more information, see [Using the GraphQL API for Discussions](https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions). - discussions: Permission? - - /// Fetch an OpenID Connect (OIDC) token. - /// - /// This requires `id-token = "write"`. - /// - /// For more information, see [OpenID Connect](https://docs.github.com/en/actions/concepts/security/openid-connect#updating-your-actions-for-oidc). - `id-token`: Permission? - - /// Work with issues. - /// - /// For example, issues: write permits an action to add a comment to an issue. - /// - /// For more information, see - /// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). - issues: Permission? - - /// Generate AI inference responses with GitHub Models. - /// - /// For example, `models = "read"` permits an action to use the GitHub Models inference API. - /// - /// See [Prototyping with AI models](https://docs.github.com/en/github-models/use-github-models/prototyping-with-ai-models). - models: Permission? - - /// Work with GitHub Packages. - /// - /// For example, `packages = "write"` permits an action to upload and publish packages on GitHub Packages. - /// - /// For more information, see - /// [About permissions for GitHub Packages](https://docs.github.com/en/packages/learn-github-packages/about-permissions-for-github-packages#about-scopes-and-permissions-for-package-registries). - packages: Permission? - - /// Work with GitHub Pages. - /// - /// For example, `pages = "write"` permits an action to request a GitHub Pages build. - /// - /// For more information, see - /// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). - pages: Permission? - - /// Work with pull requests. - /// - /// For example, `pull-requests = "write"` permits an action to add a label to a pull request. - /// - /// For more information, see - /// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). - `pull-requests`: Permission? - - /// Work with GitHub code scanning alerts. - /// - /// For example, `security-events = "read"` permits an action to list the code scanning alerts for the repository, and - /// `security-events = "write"` allows an action to update the status of a code scanning alert. - /// - /// For more information, see [Repository permissions for 'Code scanning alerts'](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-code-scanning-alerts). - /// - /// Dependabot and secret scanning alerts cannot be read with this permission and require a GitHub App or a personal - /// access token. - /// For more information, see [Repository permissions for 'Dependabot alerts'](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-dependabot-alerts) - /// and [Repository permissions for 'Secret scanning alerts'](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-secret-scanning-alerts) - /// in "Permissions required for GitHub Apps." - `security-events`: Permission? - - /// Work with commit statuses. - /// - /// For example, `statuses = "read"` permits an action to list the commit statuses for a given reference. - /// - /// For more information, see - /// [Permissions required for GitHub Apps](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). - statuses: Permission? -} - -typealias Permission = "read" | "write" | "none" - -// Concurrency -class Concurrency { - group: String - `cancel-in-progress`: Boolean -} - -class RunDefaults { - shell: Shell? - `working-directory`: String? -} - -class Defaults { - run: RunDefaults? -} - -// Jobs -abstract class BaseJob { - /// A name for the job, which is displayed in the GitHub UI - name: String? - - /// A conditional to prevent a job from running unless a condition is met. - /// - /// You can use any supported context and expression to create a conditional. - /// For more information on which contexts are supported in this key, see - /// [Contexts reference](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts#context-availability). - @SourceCode { language = "GithubExpressionLanguage" } - `if`: String? - - /// Identify any jobs that must complete successfully before this job will run. - /// - /// It can be a string or array of strings. - /// If a job fails or is skipped, all jobs that need it are skipped unless the jobs use a conditional expression that - /// causes the job to continue. - /// If a run contains a series of jobs that need each other, a failure or skip applies to all jobs in the dependency - /// chain from the point of failure or skip onwards. If you would like a job to run even if a job it is dependent on - /// did not succeed, use the `always()` conditional expression in `jobs..if`. - /// - /// See: - needs: (String | *Listing)? - - /// Ensure that only a single job or workflow using the same concurrency group will run at a time. - /// - /// A concurrency group can be any string or expression. Allowed expression contexts: `github`, `inputs`, `vars`, - /// `needs`, `strategy`, and `matrix`. - /// For more information about expressions, see - /// [Evaluate expressions in workflows and actions](https://docs.github.com/en/actions/reference/workflows-and-actions/expressions). - /// - /// You can also specify concurrency at the workflow level. - /// For more information, see [module.concurrency]. - /// - /// This means that there can be at most one running and one pending job in a concurrency group at any time. - /// When a concurrent job or workflow is queued, if another job or workflow using the same concurrency group in the - /// repository is in progress, the queued job or workflow will be pending. - /// Any existing pending job or workflow in the same concurrency group, if it exists, will be canceled and the new - /// queued job or workflow will take its place. - /// - /// To also cancel any currently running job or workflow in the same concurrency group, specify `cancel-in-progress = true`. - /// To conditionally cancel currently running jobs or workflows in the same concurrency group, you can specify - /// [cancel-in-progress] as an expression with any of the allowed expression contexts. - /// - /// Note: - /// - /// The concurrency group name is case insensitive. For example, `prod` and `Prod` will be treated as the same concurrency group. - /// Ordering is not guaranteed for jobs or workflow runs using concurrency groups. Jobs or workflow runs in the same concurrency group are handled in an arbitrary order. - /// - /// Docs: - concurrency: Concurrency? - - /// Use `jobs..strategy` to use a matrix strategy for your jobs. - /// - /// A matrix strategy lets you use variables in a single job definition to automatically create multiple job runs that - /// are based on the combinations of the variables. - /// For example, you can use a matrix strategy to test your code in multiple versions of a language or on multiple - /// operating systems. - /// - /// For more information, see - /// [Running variations of jobs in a workflow](https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/run-job-variations). - /// - /// Docs: - strategy: Strategy? - - /// For a specific job, you can use `jobs..permissions` to modify the default permissions granted to the - /// `GITHUB_TOKEN`, adding or removing access as required, so that you only allow the minimum required access. - /// For more information, see Use `GITHUB_TOKEN` for authentication in workflows. - /// - /// By specifying the permission within a job definition, you can configure a different set of permissions for the - /// `GITHUB_TOKEN` for each job, if required. - /// Alternatively, you can specify the permissions for all jobs in the workflow. - /// For information on defining permissions at the workflow level, see [module.permissions]. - /// - /// For each of the available permissions, shown in the table below, you can assign one of the access levels: - /// read (if applicable), write, or none. write includes read. If you specify the access for any of these permissions, - /// all of those that are not specified are set to none. - /// - /// Docs: - permissions: (*Permissions | "read-all" | "write-all")? -} - -class DefaultJob extends BaseJob { - /// Use `jobs..runs-on` to define the type of machine to run the job on. - /// - /// The destination machine can be either a GitHub-hosted runner, larger runner, or a self-hosted runner. - /// You can target runners based on the labels assigned to them, or their group membership, or a combination of these. - /// - /// You can provide runs-on as: - /// - /// * A single string - /// * A single variable containing a string - /// * An array of strings, variables containing strings, or a combination of both - /// * A key-value pair using the group or labels keys - /// * If you specify an array of strings or variables, your workflow will execute on any runner that matches all of the specified runs-on values. - /// For example, here the job will only run on a self-hosted runner that has the labels `linux`, `x64`, and `gpu`: - /// - /// ``` - /// `runs-on` { "self-hosted"; "linux"; "x64"; "gpu" } - /// ``` - /// - /// For more information, see [Choosing self-hosted runners](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#choosing-self-hosted-runners). - /// - /// * You can mix strings and variables in an array. For example: - /// - /// ``` - /// on: - /// workflow_dispatch: - /// inputs: - /// chosen-os: - /// required: true - /// type: choice - /// options: - /// - Ubuntu - /// - macOS - /// - /// jobs: - /// test: - /// runs-on: [self-hosted, "${{ inputs.chosen-os }}"] - /// steps: - /// - run: echo Hello world! - /// ``` - /// - /// If you would like to run your workflow on multiple machines, use [strategy]. - `runs-on`: *String | Machine | Listing<*String | Machine> - - /// The maximum number of minutes to run the step before killing the process. - /// - /// Fractional values are not supported. - `timeout-minutes`: Int(isPositive)? - - /// Sets variables for steps to use in the runner environment. - /// - /// You can also set variables for the entire workflow or a job. - /// For more information, see - /// [env](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#env) and - /// [jobs..env](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idenv). - /// - /// When more than one environment variable is defined with the same name, GitHub uses the most specific variable. For example, an environment variable defined in a step will override job and workflow environment variables with the same name, while the step executes. An environment variable defined for a job will override a workflow variable with the same name, while the job executes. - /// - /// Public actions may specify expected variables in the README file. If you are setting a secret or sensitive value, such as a password or token, you must set secrets using the secrets context. For more information, see Contexts reference. - env: EnvironmentVariables? - - /// Craetes a map of outputs for a job. - /// - /// Job outputs are available to all downstream jobs that depend on this job. - /// For more information on defining job dependencies, see [needs]. - /// - /// Outputs can be a maximum of 1 MB per job. - /// The total of all outputs in a workflow run can be a maximum of 50 MB. - /// Size is approximated based on UTF-16 encoding. - /// - /// Job outputs containing expressions are evaluated on the runner at the end of each job. - /// Outputs containing secrets are redacted on the runner and not sent to GitHub Actions. - /// - /// If an output is skipped because it may contain a secret, you will see the following warning message: - /// "Skip output {output.Key} since it may contain secret." - /// For more information on how to handle secrets, please refer to the - /// [Example: Masking and passing a secret between jobs or workflows](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-commands#example-masking-and-passing-a-secret-between-jobs-or-workflows). - /// - /// To use job outputs in a dependent job, you can use the needs context. - /// For more information, see [Contexts reference](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts#needs-context). - outputs: Mapping? - - /// A map of variables that are available to all steps in the job. - /// - /// You can set variables for the entire workflow or an individual step. - /// For more information, see env and jobs..steps[*].env. - /// - /// When more than one environment variable is defined with the same name, GitHub uses the most specific variable. - /// For example, an environment variable defined in a step will override job and workflow environment variables with - /// the same name, while the step executes. - /// An environment variable defined for a job will override a workflow variable with the same name, while the job executes. - /// - /// Docs: - environment: (*Environment | String)? - - /// Use jobs..defaults to create a map of default settings that will - /// apply to all steps in the job. - /// - /// You can also set default settings for the entire workflow. For more - /// information, see defaults. When more than one default setting is defined - /// with the same name, GitHub uses the most specific default setting. For - /// example, a default setting defined in a job will override a default - /// setting that has the same name defined in a workflow. - defaults: Defaults? - - /// A job contains a sequence of tasks called steps. - /// - /// Steps can run commands, run setup tasks, or run an action in your repository, a public repository, or an action - /// published in a Docker registry. - /// Not all steps run actions, but all actions run as a step. Each step runs in its own process in the runner - /// environment and has access to the workspace and filesystem. - /// Because steps run in their own process, changes to environment variables are not preserved between steps. - /// GitHub provides built-in steps to set up and complete a job. - /// - /// GitHub only displays the first 1,000 checks, however, you can run an unlimited number of steps as long as you are - /// within the workflow usage limits. - /// - /// For more information, see Billing and usage for GitHub-hosted runners and Actions limits for self-hosted runner usage limits. - steps: Listing<*Step | TypedStep> -} - -class ReusableJob extends BaseJob { - uses: String(matches(Regex("(.+/)+(.+)\\.(ya?ml)(@.+)?")))? - with: With? - secrets: ("inherit" | *Mapping)? -} - -typealias Job = *DefaultJob | ReusableJob - -// Machines, part of Jobs -abstract class Machine { - name: String -} -class UbuntuLatest extends Machine { - name = "ubuntu-latest" -} -class MacOsLatest extends Machine { - name = "macos-latest" -} -class WindowsLatest extends Machine { - name = "windows-latest" -} - -// Strategy, part of Jobs -class Strategy { - matrix: Mapping> - `fail-fast`: Boolean? - `max-parallel`: (Number | String)? -} - -// Environment, part of Jobs -class Environment { - name: String - url: String? -} - -abstract class AbstractStep { - /// A name for your step to display on GitHub. - name: String? - - /// A unique identifier for the step. - /// - /// You can use the [id] to reference the step in contexts. - /// - /// For more information, see [Contexts reference](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts). - id: String? - - /// You can use the if conditional to prevent a step from running unless a condition is met. - /// - /// You can use any supported context and expression to create a conditional. - /// For more information on which contexts are supported in this key, see Contexts reference. - /// - /// When you use expressions in an if conditional, you can, optionally, omit the `${{ }}` expression syntax because - /// GitHub Actions automatically evaluates the if conditional as an expression. - /// However, this exception does not apply everywhere. - /// - /// For more information, see Evaluate expressions in workflows and actions. - @SourceCode { language = "GithubExpressionLanguage" } - `if`: String? - - /// The maximum number of minutes to run the step before killing the process. - /// - /// Fractional values are not supported. - /// timeout-minutes must be a positive integer. - `timeout-minutes`: Int(isPositive)? - - /// Sets variables for steps to use in the runner environment. - /// You can also set variables for the entire workflow or a job. - /// For more information, see [module.env] and [BaseJob.env]. - /// - /// When more than one environment variable is defined with the same name, GitHub uses the most specific variable. - /// For example, an environment variable defined in a step will override job and workflow environment variables with - /// the same name, while the step executes. - /// An environment variable defined for a job will override a workflow variable with the same name, while the job executes. - /// - /// Public actions may specify expected variables in the README file. - /// If you are setting a secret or sensitive value, such as a password or token, you must set secrets using the - /// secrets context. - /// For more information, see [Contexts reference](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts). - env: EnvironmentVariables? - - /// Using the working-directory keyword, you can specify the working directory of where to run the command. - /// - /// Alternatively, you can specify a default working directory for all run steps in a job, or for all run steps in the - /// entire workflow. - /// For more information, see `defaults.run.working-directory` and `jobs..defaults.run.working-directory`. - /// - /// You can also use a run step to run a script. - /// For more information, see [Adding scripts to your workflow](https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/add-scripts). - /// - /// Docs: - `working-directory`: String? - - /// You can override the default shell settings in the runner's operating system and the job's default using the shell keyword. - /// - /// You can use built-in shell keywords, or you can define a custom set of shell options. - /// The shell command that is run internally executes a temporary file that contains the commands specified in the run keyword. - /// - /// Docs: - shell: Shell? -} - -// Step, part of Jobs -class Step extends AbstractStep { - /// Selects an action to run as part of a step in your job. - /// An action is a reusable unit of code. - /// You can use an action defined in the same repository as the workflow, a public repository, or in a published - /// Docker container image. - /// - /// We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or - /// Docker tag. - /// If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner - /// publishes an update. - /// - /// * Using the commit SHA of a released action version is the safest for stability and security. - /// * If the action publishes major version tags, you should expect to receive critical fixes and security patches - /// while still retaining compatibility. Note that this behavior is at the discretion of the action's author. - /// * Using the default branch of an action may be convenient, but if someone releases a new major version with a - /// breaking change, your workflow could break. - /// - /// Some actions require inputs that you must set using the with keyword. Review the action's README file to determine - /// the inputs required. - /// - /// Actions are either JavaScript files or Docker containers. - /// If the action you're using is a Docker container you must run the job in a Linux environment. - /// For more details, see [runs-on]. - uses: String? - - /// Runs command-line programs that do not exceed 21,000 characters using the operating system's shell. - /// - /// If you do not provide a name, the step name will default to the text specified in the run command. - /// - /// Commands run using non-login shells by default. - /// You can choose a different shell and customize the shell used to run commands. - /// For more information, see [shell]. - /// - /// Each `run` keyword represents a new process and shell in the runner environment. - run: String(length < 21_000)?(exactlyOneSet(this, uses)) - - with: With? -} - -// TypedStep, part of Jobs -// Can be used to extend Step with specific typed properties -abstract class TypedStep extends AbstractStep { - /// Selects an action to run as part of a step in your job. - /// An action is a reusable unit of code. - /// You can use an action defined in the same repository as the workflow, a public repository, or in a published - /// Docker container image. - /// - /// We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or - /// Docker tag. - /// If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner - /// publishes an update. - /// - /// * Using the commit SHA of a released action version is the safest for stability and security. - /// * If the action publishes major version tags, you should expect to receive critical fixes and security patches - /// while still retaining compatibility. Note that this behavior is at the discretion of the action's author. - /// * Using the default branch of an action may be convenient, but if someone releases a new major version with a - /// breaking change, your workflow could break. - /// - /// Some actions require inputs that you must set using the with keyword. Review the action's README file to determine - /// the inputs required. - /// - /// Actions are either JavaScript files or Docker containers. - /// If the action you're using is a Docker container you must run the job in a Linux environment. - /// For more details, see [runs-on]. - abstract fixed uses: String - - abstract with: Typed -} - -const function exactlyOneSet(a: Any, b: Any) = - if (a != null) - b == null - else if (b != null) - a == null - else - false - -// Shell, part of Steps -typealias Shell = "pwsh" | "bash" | "sh" | "cmd" | "powershell" | "python" +import "Concurrency.pkl" +import "Defaults.pkl" +import "EnvironmentVariables.pkl" +import "Job.pkl" +import "Machine.pkl" +import "On.pkl" +import "Permissions.pkl" // Jobs top-level typealias -typealias Jobs = Mapping(!isEmpty) - -// With typealias for Jobs.Step.With -typealias With = Mapping +typealias Jobs = Mapping(!isEmpty) // Templating @@ -1222,7 +68,7 @@ on: On(onIsSet) /// same name, while the step executes. /// An environment variable defined for a job will override a workflow variable with the same name, while the job /// executes. -env: EnvironmentVariables? +env: EnvironmentVariables.EnvironmentVariables? /// Use concurrency to ensure that only a single job or workflow using the same concurrency group will run at a time. /// diff --git a/actions/Artifact.pkl b/actions/Artifact.pkl index 5604d50..059f6d2 100644 --- a/actions/Artifact.pkl +++ b/actions/Artifact.pkl @@ -3,10 +3,10 @@ /// Use the [Action](../Action) module instead to access these actions. module com.github.action.actions.Artifact -import "../Workflow.pkl" +import "../Step.pkl" /// Type-safe GitHub Action of the [download-artifact](https://github.com/actions/download-artifact) action. -class Download extends Workflow.TypedStep { +class Download extends Step.TypedStep { fixed uses: "actions/download-artifact@v6" with: DownloadInputs? } @@ -62,7 +62,7 @@ class DownloadInputs { } /// Type-safe GitHub Action of the [upload-artifact](https://github.com/actions/upload-artifact) action. -class Upload extends Workflow.TypedStep { +class Upload extends Step.TypedStep { fixed uses: "actions/upload-artifact@v5" with: UploadInputs? } @@ -120,7 +120,7 @@ class UploadInputs { } /// Type-safe GitHub Action of the [upload-artifact/merge](https://github.com/actions/upload-artifact/tree/main/merge) action. -class UploadArtifactMerge extends Workflow.TypedStep { +class UploadArtifactMerge extends Step.TypedStep { fixed uses: "actions/upload-artifact/merge@v4" with: UploadArtifactMergeInputs? } diff --git a/actions/Cache.pkl b/actions/Cache.pkl index 3c5f163..dce1c12 100644 --- a/actions/Cache.pkl +++ b/actions/Cache.pkl @@ -3,10 +3,10 @@ /// Use the [Action](../Action) module instead to access these actions. module com.github.action.actions.Cache -import "../Workflow.pkl" +import "../Step.pkl" /// Type-safe GitHub Action of the [cache](https://github.com/actions/cache) action. -class Cache extends Workflow.TypedStep { +class Cache extends Step.TypedStep { fixed uses: "actions/cache@v4" with: CacheInputs? } @@ -54,7 +54,7 @@ class CacheInputs { } /// Type-safe GitHub Action of the [cache/save](https://github.com/actions/cache/tree/main/save) action. -class Save extends Workflow.TypedStep { +class Save extends Step.TypedStep { fixed uses: "actions/cache/save@v4" with: SaveInputs? } @@ -86,7 +86,7 @@ class SaveInputs { } /// Type-safe GitHub Action of the [cache/save](https://github.com/actions/cache/tree/main/restore) action. -class Restore extends Workflow.TypedStep { +class Restore extends Step.TypedStep { fixed uses: "actions/cache/restore@v4" with: RestoreInputs } diff --git a/actions/Common.pkl b/actions/Common.pkl index 7832a24..6db8183 100644 --- a/actions/Common.pkl +++ b/actions/Common.pkl @@ -3,10 +3,10 @@ /// Use the [Action](../Action) module instead to access these actions. module com.github.action.actions.Common -import "../Workflow.pkl" +import "../Step.pkl" /// Type-safe GitHub Action of the [checkout](https://github.com/actions/checkout) action. -class Checkout extends Workflow.TypedStep { +class Checkout extends Step.TypedStep { fixed uses: "actions/checkout@v5" with: CheckoutInputs? } @@ -145,7 +145,7 @@ class CheckoutInputs { } /// Type-safe GitHub Action of the [actions/add-to-project](https://github.com/actions/add-to-project) action. -class AddToProject extends Workflow.TypedStep { +class AddToProject extends Step.TypedStep { fixed uses: "actions/add-to-project@v1" with: AddToProjectInputs? } @@ -157,7 +157,7 @@ class AddToProjectInputs { `label-operator`: (String | Number | Boolean)? } -class GoDependencySubmission extends Workflow.TypedStep { +class GoDependencySubmission extends Step.TypedStep { fixed uses: "actions/go-dependency-submission@v2" with: GoDependencySubmissionInputs? } @@ -175,7 +175,7 @@ class GoDependencySubmissionInputs { } /// Type-safe GitHub Action of the [actions/github-script](https://github.com/actions/github-script) action. -class GitHubScript extends Workflow.TypedStep { +class GitHubScript extends Step.TypedStep { fixed uses: "actions/github-script@v8" with: GitHubScriptInputs? } @@ -193,7 +193,7 @@ class GitHubScriptInputs { } /// Type-safe GitHub Action of the [actions/labeler](https://github.com/actions/labeler) action. -class Labeler extends Workflow.TypedStep { +class Labeler extends Step.TypedStep { fixed uses: "actions/labeler@v6" with: LabelerInputs? } @@ -206,7 +206,7 @@ class LabelerInputs { `pr-number`: (String | Number | Boolean)? } -class AttestSbom extends Workflow.TypedStep { +class AttestSbom extends Step.TypedStep { fixed uses: "attest-sbom@v2" with: AttestSbomInputs? } @@ -223,7 +223,7 @@ class AttestSbomInputs { } /// Type-safe GitHub Action of the [actions/ai-inference](https://github.com/actions/ai-inference) action. -class AiInference extends Workflow.TypedStep { +class AiInference extends Step.TypedStep { fixed uses: "actions/ai-inference@v2" with: AiInferenceInputs? } @@ -244,7 +244,7 @@ class AiInferenceInputs { } /// Type-safe GitHub Action of the [actions/create-github-app-token](https://github.com/actions/create-github-app-token) action. -class CreateGitHubAppToken extends Workflow.TypedStep { +class CreateGitHubAppToken extends Step.TypedStep { fixed uses: "actions/create-github-app-token@v2" with: CreateGitHubAppTokenInputs? } @@ -307,7 +307,7 @@ class CreateGitHubAppTokenInputs { } /// Type-safe GitHub Action of the [actions/delete-package-versions](https://github.com/actions/delete-package-versions) action. -class DeletePackageVersion extends Workflow.TypedStep { +class DeletePackageVersion extends Step.TypedStep { fixed uses: "actions/delete-package-versions@v5" with: DeletePackageVersionInputs? } @@ -356,7 +356,7 @@ class DeletePackageVersionInputs { } /// Type-safe GitHub Action of the [actions/stale](https://github.com/actions/stale) action. -class Stale extends Workflow.TypedStep { +class Stale extends Step.TypedStep { fixed uses: "actions/stale@v10" with: StaleInputs? } @@ -475,7 +475,7 @@ class StaleInputs { } /// Type-safe GitHub Action of the [actions/dependency-review-action](https://github.com/actions/dependency-review-action) action. -class DependencyReviewAction extends Workflow.TypedStep { +class DependencyReviewAction extends Step.TypedStep { fixed uses: "actions/dependency-review-action@v4" with: DependencyReviewActionInputs? } diff --git a/actions/Pages.pkl b/actions/Pages.pkl index 4ceebb8..a1e8849 100644 --- a/actions/Pages.pkl +++ b/actions/Pages.pkl @@ -3,10 +3,10 @@ /// Use the [Action](../Action) module instead to access these actions. module com.github.action.actions.Pages -import "../Workflow.pkl" +import "../Step.pkl" /// Type-safe GitHub Action of the [configure-pages](https://github.com/actions/configure-pages) action. -class Configure extends Workflow.TypedStep { +class Configure extends Step.TypedStep { fixed uses = "actions/configure-pages@v5" with: ConfigureInputs? } @@ -23,7 +23,7 @@ class ConfigureInputs { } /// Type-safe GitHub Action of the [upload-pages-artifact](https://github.com/actions/upload-pages-artifact) action. -class UploadArtifact extends Workflow.TypedStep { +class UploadArtifact extends Step.TypedStep { fixed uses = "actions/upload-pages-artifact@v4" with: UploadArtifactInputs? } @@ -35,7 +35,7 @@ class UploadArtifactInputs { } /// Type-safe GitHub Action of the [jekyll-build-pages](https://github.com/actions/jekyll-build-pages) action. -class JekyllBuild extends Workflow.TypedStep { +class JekyllBuild extends Step.TypedStep { fixed uses = "actions/jekyll-build-pages@v1" with: JekyllBuildInputs? } @@ -50,7 +50,7 @@ class JekyllBuildInputs { } /// Type-safe GitHub Action of the [deploy-pages](https://github.com/actions/deploy-pages) action. -class Deploy extends Workflow.TypedStep { +class Deploy extends Step.TypedStep { fixed uses = "actions/deploy-pages@v4" with: DeployInputs? } diff --git a/actions/Setup.pkl b/actions/Setup.pkl index 8c4507d..579b59d 100644 --- a/actions/Setup.pkl +++ b/actions/Setup.pkl @@ -3,10 +3,10 @@ /// Use the [Action](../Action) module instead to access these actions. module com.github.action.actions.Setup -import "../Workflow.pkl" +import "../Step.pkl" /// Type-safe GitHub Action of the [setup-java](https://github.com/actions/setup-java) action. -class Java extends Workflow.TypedStep { +class Java extends Step.TypedStep { fixed uses: "actions/setup-java@v5" with: JavaInputs? } @@ -147,7 +147,7 @@ typealias JavaDistribution = | "jetbrains" /// Type-safe GitHub Action of the [setup-dotnet](https://github.com/actions/setup-dotnet) action. -class SetupDotnet extends Workflow.TypedStep { +class SetupDotnet extends Step.TypedStep { fixed uses: "actions/setup-dotnet@v5" with: SetupDotnetInputs? } @@ -164,7 +164,7 @@ class SetupDotnetInputs { } /// Type-safe GitHub Action of the [setup-go](https//github.com/actions/setup-go) action. -class Go extends Workflow.TypedStep { +class Go extends Step.TypedStep { fixed uses: "actions/setup-go@v6" with: GoInputs? } @@ -180,7 +180,7 @@ class GoInputs { } /// Type-safe GitHub Action of the [setup-node]( -class Node extends Workflow.TypedStep { +class Node extends Step.TypedStep { fixed uses: "actions/setup-node@v6" with: NodeInputs? } @@ -202,7 +202,7 @@ class NodeInputs { } /// Type-safe GitHub Action of the [setup-python](https://github.com/actions/setup-python) action. -class Python extends Workflow.TypedStep { +class Python extends Step.TypedStep { fixed uses: "actions/setup-python@v6" with: PythonInputs? } diff --git a/examples/ReusableWorkflow.pkl b/examples/ReusableWorkflow.pkl index e999d59..cf1848e 100644 --- a/examples/ReusableWorkflow.pkl +++ b/examples/ReusableWorkflow.pkl @@ -1,5 +1,7 @@ amends "../Workflow.pkl" +import "../Job.pkl" + name = "Reusable Workflow" on { @@ -15,11 +17,11 @@ on { } jobs { - ["reusable_workflow"] = new ReusableJob { + ["reusable_workflow"] = new Job.ReusableJob { uses = "./something.yaml" secrets = "inherit" } - ["reusable_workflow_repo"] = new ReusableJob { + ["reusable_workflow_repo"] = new Job.ReusableJob { uses = "octo-org/another-repo/.github/workflows/workflow.yml@v1" with { ["some_input"] = "some value" diff --git a/examples/TestWorkflow.pkl b/examples/TestWorkflow.pkl index 959071e..b493ff6 100644 --- a/examples/TestWorkflow.pkl +++ b/examples/TestWorkflow.pkl @@ -1,6 +1,7 @@ amends "../Workflow.pkl" import "../Action.pkl" import "../Context.pkl" +import "../Machine.pkl" name = "PrintHelloWorld" @@ -62,7 +63,7 @@ defaults { jobs { ["hello_dependabot"] { - `runs-on` = new MacOsLatest {} + `runs-on` = new Machine.MacOsLatest {} `if` = Context.github.custom("actor == 'dependabot[bot]'") needs { "first_job" @@ -105,7 +106,7 @@ jobs { ["print"] { `runs-on` = new Listing { "macos-latest" - new WindowsLatest {} + new Machine.WindowsLatest {} } environment = "staging" needs = "hello_dependabot" diff --git a/examples/UpdateWikiReadme.pkl b/examples/UpdateWikiReadme.pkl index cb6ae1b..0092248 100644 --- a/examples/UpdateWikiReadme.pkl +++ b/examples/UpdateWikiReadme.pkl @@ -1,5 +1,6 @@ amends "../Workflow.pkl" import "../Action.pkl" +import "../Machine.pkl" name = "Update Wiki Readme" @@ -15,7 +16,7 @@ on { jobs { ["update-wiki-readme"] { name = "Update Wiki Readme" - `runs-on` = new UbuntuLatest {} + `runs-on` = new Machine.UbuntuLatest {} steps { Action.checkout (Action.setupGo) {