1package githubactions
2
3import (
4 "struct"
5 "strings"
6)
7
8#Workflow: {
9 @jsonschema(schema="http://json-schema.org/draft-07/schema#")
10 @jsonschema(id="https://json.schemastore.org/github-workflow.json")
11 close({
12 // The name of your workflow. GitHub displays the names of your
13 // workflows on your repository's actions page. If you omit this
14 // field, GitHub sets the name to the workflow's filename.
15 "name"?: string
16
17 // The name of the GitHub event that triggers the workflow. You
18 // can provide a single event string, array of events, array of
19 // event types, or an event configuration map that schedules a
20 // workflow or restricts the execution of a workflow to specific
21 // files, tags, or branch changes. For a list of available
22 // events, see
23 // https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows.
24 "on"!: matchN(1, [#event, [...#event] & [_, ...], close({
25 "branch_protection_rule"?: #eventObject
26 "check_run"?: #eventObject
27 "check_suite"?: #eventObject
28 "create"?: #eventObject
29 "delete"?: #eventObject
30 "deployment"?: #eventObject
31 "deployment_status"?: #eventObject
32 "discussion"?: #eventObject
33 "discussion_comment"?: #eventObject
34 "fork"?: #eventObject
35 "gollum"?: #eventObject
36 "issue_comment"?: #eventObject
37 "issues"?: #eventObject
38 "label"?: #eventObject
39 "merge_group"?: #eventObject
40 "milestone"?: #eventObject
41 "page_build"?: #eventObject
42 "project"?: #eventObject
43 "project_card"?: #eventObject
44 "project_column"?: #eventObject
45 "public"?: #eventObject
46
47 // Runs your workflow anytime the pull_request event occurs. More
48 // than one activity type triggers this event. For information
49 // about the REST API, see https://developer.github.com/v3/pulls.
50 // Note: Workflows do not run on private base repositories when
51 // you open a pull request from a forked repository.
52 // When you create a pull request from a forked repository to the
53 // base repository, GitHub sends the pull_request event to the
54 // base repository and no pull request events occur on the forked
55 // repository.
56 // Workflows don't run on forked repositories by default. You must
57 // enable GitHub Actions in the Actions tab of the forked
58 // repository.
59 // The permissions for the GITHUB_TOKEN in forked repositories is
60 // read-only. For more information about the GITHUB_TOKEN, see
61 // https://help.github.com/en/articles/virtual-environments-for-github-actions.
62 "pull_request"?: matchN(1, [null, matchN(4, [close({
63 "types"?: #types
64 "branches"?: #branch
65 "branches-ignore"?: #branch
66 "tags"?: #branch
67 "tags-ignore"?: #branch
68 "paths"?: #path
69 "paths-ignore"?: #path
70 }), matchN(0, [null | bool | number | string | [...] | {
71 "branches"!: _
72 "branches-ignore"!: _
73 ...
74 }]) & {
75 ...
76 }, matchN(0, [null | bool | number | string | [...] | {
77 "tags"!: _
78 "tags-ignore"!: _
79 ...
80 }]) & {
81 ...
82 }, matchN(0, [null | bool | number | string | [...] | {
83 "paths"!: _
84 "paths-ignore"!: _
85 ...
86 }]) & {
87 ...
88 }])])
89 "pull_request_review"?: #eventObject
90 "pull_request_review_comment"?: #eventObject
91
92 // This event is similar to pull_request, except that it runs in
93 // the context of the base repository of the pull request, rather
94 // than in the merge commit. This means that you can more safely
95 // make your secrets available to the workflows triggered by the
96 // pull request, because only workflows defined in the commit on
97 // the base repository are run. For example, this event allows
98 // you to create workflows that label and comment on pull
99 // requests, based on the contents of the event payload.
100 "pull_request_target"?: matchN(1, [null, matchN(4, [close({
101 "types"?: #types
102 "branches"?: #branch
103 "branches-ignore"?: #branch
104 "tags"?: #branch
105 "tags-ignore"?: #branch
106 "paths"?: #path
107 "paths-ignore"?: #path
108 }), matchN(0, [null | bool | number | string | [...] | {
109 "branches"!: _
110 "branches-ignore"!: _
111 ...
112 }]) & {
113 ...
114 }, matchN(0, [null | bool | number | string | [...] | {
115 "tags"!: _
116 "tags-ignore"!: _
117 ...
118 }]) & {
119 ...
120 }, matchN(0, [null | bool | number | string | [...] | {
121 "paths"!: _
122 "paths-ignore"!: _
123 ...
124 }]) & {
125 ...
126 }])])
127
128 // Runs your workflow when someone pushes to a repository branch,
129 // which triggers the push event.
130 // Note: The webhook payload available to GitHub Actions does not
131 // include the added, removed, and modified attributes in the
132 // commit object. You can retrieve the full commit object using
133 // the REST API. For more information, see
134 // https://developer.github.com/v3/repos/commits/#get-a-single-commit.
135 "push"?: matchN(1, [null, matchN(4, [close({
136 "branches"?: #branch
137 "branches-ignore"?: #branch
138 "tags"?: #branch
139 "tags-ignore"?: #branch
140 "paths"?: #path
141 "paths-ignore"?: #path
142 }), matchN(0, [null | bool | number | string | [...] | {
143 "branches"!: _
144 "branches-ignore"!: _
145 ...
146 }]) & {
147 ...
148 }, matchN(0, [null | bool | number | string | [...] | {
149 "tags"!: _
150 "tags-ignore"!: _
151 ...
152 }]) & {
153 ...
154 }, matchN(0, [null | bool | number | string | [...] | {
155 "paths"!: _
156 "paths-ignore"!: _
157 ...
158 }]) & {
159 ...
160 }])])
161 "registry_package"?: #eventObject
162 "release"?: #eventObject
163 "status"?: #eventObject
164 "watch"?: #eventObject
165
166 // Allows workflows to be reused by other workflows.
167 "workflow_call"?: null | bool | number | string | [...] | {
168 // When using the workflow_call keyword, you can optionally
169 // specify inputs that are passed to the called workflow from the
170 // caller workflow.
171 "inputs"?: close({
172 {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$"]: close({
173 // A string description of the input parameter.
174 "description"?: string
175
176 // A boolean to indicate whether the action requires the input
177 // parameter. Set to true when the parameter is required.
178 "required"?: bool
179
180 // Required if input is defined for the on.workflow_call keyword.
181 // The value of this parameter is a string specifying the data
182 // type of the input. This must be one of: boolean, number, or
183 // string.
184 "type"!: "boolean" | "number" | "string"
185
186 // The default value is used when an input parameter isn't
187 // specified in a workflow file.
188 "default"?: bool | number | string
189 })
190 }
191 })
192
193 // When using the workflow_call keyword, you can optionally
194 // specify inputs that are passed to the called workflow from the
195 // caller workflow.
196 "outputs"?: close({
197 {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$"]: close({
198 // A string description of the output parameter.
199 "description"?: string
200
201 // The value that the output parameter will be mapped to. You can
202 // set this to a string or an expression with context. For
203 // example, you can use the steps context to set the value of an
204 // output to the output value of a step.
205 "value"!: string
206 })
207 }
208 })
209
210 // A map of the secrets that can be used in the called workflow.
211 // Within the called workflow, you can use the secrets context to
212 // refer to a secret.
213 "secrets"?: null | bool | number | string | [...] | close({
214 {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$"]: null | bool | number | string | [...] | close({
215 // A string description of the secret parameter.
216 "description"?: string
217
218 // A boolean specifying whether the secret must be supplied.
219 "required"?: bool
220 })
221 }
222 })
223 ...
224 }
225
226 // You can now create workflows that are manually triggered with
227 // the new workflow_dispatch event. You will then see a 'Run
228 // workflow' button on the Actions tab, enabling you to easily
229 // trigger a run.
230 "workflow_dispatch"?: null | bool | number | string | [...] | close({
231 // Input parameters allow you to specify data that the action
232 // expects to use during runtime. GitHub stores input parameters
233 // as environment variables. Input ids with uppercase letters are
234 // converted to lowercase during runtime. We recommended using
235 // lowercase input ids.
236 "inputs"?: close({
237 {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$"]: #workflowDispatchInput}
238 })
239 })
240 "workflow_run"?: #eventObject
241 "repository_dispatch"?: #eventObject
242
243 // You can schedule a workflow to run at specific UTC times using
244 // POSIX cron syntax
245 // (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07).
246 // You can optionally specify a timezone using an IANA timezone
247 // string
248 // (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
249 // for timezone-aware scheduling. Scheduled workflows run on the
250 // latest commit on the default or base branch. The shortest
251 // interval you can run scheduled workflows is once every 5
252 // minutes.
253 // Note: GitHub Actions does not support the non-standard syntax
254 // @yearly, @monthly, @weekly, @daily, @hourly, and @reboot.
255 // You can use crontab guru (https://crontab.guru/) to help
256 // generate your cron syntax and confirm what time it will run.
257 // To help you get started, there is also a list of crontab guru
258 // examples (https://crontab.guru/examples.html).
259 "schedule"?: [...close({
260 // A cron expression that represents a schedule. A scheduled
261 // workflow will run at most once every 5 minutes.
262 "cron"!: string
263
264 // A string that represents the time zone a scheduled workflow
265 // will run relative to in IANA format (e.g. 'America/New_York'
266 // or 'Europe/London'). If omitted, the workflow will run
267 // relative to midnight UTC.
268 "timezone"?: string
269 })] & [_, ...]
270 })])
271 "env"?: #env
272 "defaults"?: #defaults
273
274 // Concurrency ensures that only a single job or workflow using
275 // the same concurrency group will run at a time. A concurrency
276 // group can be any string or expression. The expression can use
277 // any context except for the secrets context.
278 // You can also specify concurrency at the workflow level.
279 // When a concurrent job or workflow is queued, if another job or
280 // workflow using the same concurrency group in the repository is
281 // in progress, the queued job or workflow will be pending. Any
282 // previously pending job or workflow in the concurrency group
283 // will be canceled. To also cancel any currently running job or
284 // workflow in the same concurrency group, specify
285 // cancel-in-progress: true.
286 "concurrency"?: matchN(1, [string, #concurrency])
287
288 // A workflow run is made up of one or more jobs. Jobs run in
289 // parallel by default. To run jobs sequentially, you can define
290 // dependencies on other jobs using the jobs.<job_id>.needs
291 // keyword.
292 // Each job runs in a fresh instance of the virtual environment
293 // specified by runs-on.
294 // You can run an unlimited number of jobs as long as you are
295 // within the workflow usage limits. For more information, see
296 // https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#usage-limits.
297 "jobs"!: struct.MinFields(1) & close({
298 {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$"]: matchN(1, [#normalJob, #reusableWorkflowCallJob])}
299 })
300
301 // The name for workflow runs generated from the workflow. GitHub
302 // displays the workflow run name in the list of workflow runs on
303 // your repository's 'Actions' tab.
304 "run-name"?: string
305 "permissions"?: #permissions
306 })
307
308 #: "permissions-event": close({
309 "actions"?: #."permissions-level"
310 "artifact-metadata"?: #."permissions-level"
311 "attestations"?: #."permissions-level"
312 "checks"?: #."permissions-level"
313 "contents"?: #."permissions-level"
314 "deployments"?: #."permissions-level"
315 "discussions"?: #."permissions-level"
316 "id-token"?: #."permissions-level"
317 "issues"?: #."permissions-level"
318 "models"?: "read" | "none"
319 "packages"?: #."permissions-level"
320 "pages"?: #."permissions-level"
321 "pull-requests"?: #."permissions-level"
322 "repository-projects"?: #."permissions-level"
323 "security-events"?: #."permissions-level"
324 "statuses"?: #."permissions-level"
325 })
326
327 #: "permissions-level": "read" | "write" | "none"
328
329 // Using the working-directory keyword, you can specify the
330 // working directory of where to run the command.
331 #: "working-directory": string
332
333 #architecture: "ARM32" | "x64" | "x86"
334
335 #branch: #globs
336
337 #concurrency: close({
338 // When a concurrent job or workflow is queued, if another job or
339 // workflow using the same concurrency group in the repository is
340 // in progress, the queued job or workflow will be pending. Any
341 // previously pending job or workflow in the concurrency group
342 // will be canceled.
343 "group"!: string
344
345 // To cancel any currently running job or workflow in the same
346 // concurrency group, specify cancel-in-progress: true.
347 "cancel-in-progress"?: matchN(1, [bool, #expressionSyntax])
348 })
349
350 #configuration: matchN(1, [string, number, bool, {
351 [string]: #configuration
352 }, [...#configuration]])
353
354 #container: close({
355 // The Docker image to use as the container to run the action. The
356 // value can be the Docker Hub image name or a registry name.
357 "image"!: string
358
359 // If the image's container registry requires authentication to
360 // pull the image, you can use credentials to set a map of the
361 // username and password. The credentials are the same values
362 // that you would provide to the `docker login` command.
363 "credentials"?: {
364 "username"?: string
365 "password"?: string
366 ...
367 }
368 "env"?: #env
369
370 // Sets an array of ports to expose on the container.
371 "ports"?: [...number | string] & [_, ...]
372
373 // Sets an array of volumes for the container to use. You can use
374 // volumes to share data between services or other steps in a
375 // job. You can specify named Docker volumes, anonymous Docker
376 // volumes, or bind mounts on the host.
377 // To specify a volume, you specify the source and destination
378 // path: <source>:<destinationPath>
379 // The <source> is a volume name or an absolute path on the host
380 // machine, and <destinationPath> is an absolute path in the
381 // container.
382 "volumes"?: [...string] & [_, ...]
383
384 // Additional Docker container resource options. For a list of
385 // options, see
386 // https://docs.docker.com/engine/reference/commandline/create/#options.
387 "options"?: string
388 })
389
390 #defaults: struct.MinFields(1) & close({
391 "run"?: struct.MinFields(1) & close({
392 "shell"?: #shell
393 "working-directory"?: #."working-directory"
394 })
395 })
396
397 // To set custom environment variables, you need to specify the
398 // variables in the workflow file. You can define environment
399 // variables for a step, job, or entire workflow using the
400 // jobs.<job_id>.steps[*].env, jobs.<job_id>.env, and env
401 // keywords. For more information, see
402 // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv
403 #env: matchN(1, [{
404 [string]: bool | number | string
405 }, #stringContainingExpressionSyntax])
406
407 // The environment that the job references
408 #environment: close({
409 // The name of the environment configured in the repo.
410 "name"!: string
411
412 // A deployment URL
413 "url"?: string
414
415 // Whether to create a deployment for this job. Setting to false
416 // lets the job use environment secrets and variables without
417 // creating a deployment record. Wait timers and required
418 // reviewers still apply.
419 "deployment"?: matchN(1, [bool, #expressionSyntax])
420 })
421
422 #event: "branch_protection_rule" | "check_run" | "check_suite" | "create" | "delete" | "deployment" | "deployment_status" | "discussion" | "discussion_comment" | "fork" | "gollum" | "issue_comment" | "issues" | "label" | "merge_group" | "milestone" | "page_build" | "project" | "project_card" | "project_column" | "public" | "pull_request" | "pull_request_review" | "pull_request_review_comment" | "pull_request_target" | "push" | "registry_package" | "release" | "status" | "watch" | "workflow_call" | "workflow_dispatch" | "workflow_run" | "repository_dispatch"
423
424 #eventObject: null | {
425 ...
426 }
427
428 #expressionSyntax: =~"""
429 ^\\$\\{\\{(.|[\r
430 ])*\\}\\}$
431 """
432
433 #globs: [...strings.MinRunes(1)] & [_, ...]
434
435 // Identifies any jobs that must complete successfully before this
436 // job will run. It can be a string or array of strings. If a job
437 // fails, all jobs that need it are skipped unless the jobs use a
438 // conditional statement that causes the job to continue.
439 #jobNeeds: matchN(1, [[...#name] & [_, ...], #name])
440
441 #machine: "linux" | "macos" | "windows"
442
443 // A build matrix is a set of different configurations of the
444 // virtual environment. For example you might run a job against
445 // more than one supported version of a language, operating
446 // system, or tool. Each configuration is a copy of the job that
447 // runs and reports a status.
448 // You can specify a matrix by supplying an array for the
449 // configuration options. For example, if the GitHub virtual
450 // environment supports Node.js versions 6, 8, and 10 you could
451 // specify an array of those versions in the matrix.
452 // When you define a matrix of operating systems, you must set the
453 // required runs-on keyword to the operating system of the
454 // current job, rather than hard-coding the operating system
455 // name. To access the operating system name, you can use the
456 // matrix.os context parameter to set runs-on. For more
457 // information, see
458 // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.
459 #matrix: matchN(1, [struct.MinFields(1) & {
460 {[=~"^(in|ex)clude$"]: matchN(1, [#expressionSyntax, [...{
461 [string]: #configuration
462 }] & [_, ...]])
463 }
464 {[!~"^(in|ex)clude$" & !~"^()$"]: matchN(1, [[...#configuration] & [_, ...], #expressionSyntax])}
465 }, #expressionSyntax])
466
467 #name: =~"^[_a-zA-Z][a-zA-Z0-9_-]*$"
468
469 // Each job must have an id to associate with the job. The key
470 // job_id is a string and its value is a map of the job's
471 // configuration data. You must replace <job_id> with a string
472 // that is unique to the jobs object. The <job_id> must start
473 // with a letter or _ and contain only alphanumeric characters,
474 // -, or _.
475 #normalJob: close({
476 // The name of the job displayed on GitHub.
477 "name"?: string
478 "needs"?: #jobNeeds
479 "snapshot"?: #snapshot
480 "permissions"?: #permissions
481
482 // The type of machine to run the job on. The machine can be
483 // either a GitHub-hosted runner, or a self-hosted runner.
484 "runs-on"!: matchN(>=1, [string, [string, ...string] & [_, ...] & [...], {
485 "group"?: string
486 "labels"?: matchN(1, [string, [...string]])
487 ...
488 }, #stringContainingExpressionSyntax, #expressionSyntax])
489
490 // The environment that the job references.
491 "environment"?: matchN(1, [string, #environment])
492
493 // A map of outputs for a job. Job outputs are available to all
494 // downstream jobs that depend on this job.
495 "outputs"?: struct.MinFields(1) & {
496 [string]: string
497 }
498 "env"?: #env
499 "defaults"?: #defaults
500
501 // You can use the if conditional to prevent a job from running
502 // unless a condition is met. You can use any supported context
503 // and expression to create a conditional.
504 // Expressions in an if conditional do not require the ${{ }}
505 // syntax. For more information, see
506 // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.
507 "if"?: bool | number | string
508
509 // A job contains a sequence of tasks called steps. Steps can run
510 // commands, run setup tasks, or run an action in your
511 // repository, a public repository, or an action published in a
512 // Docker registry. Not all steps run actions, but all actions
513 // run as a step. Each step runs in its own process in the
514 // virtual environment and has access to the workspace and
515 // filesystem. Because steps run in their own process, changes to
516 // environment variables are not preserved between steps. GitHub
517 // provides built-in steps to set up and complete a job.
518 // Must contain either `uses` or `run`
519 "steps"?: [...#step] & [_, ...]
520
521 // The maximum number of minutes to let a workflow run before
522 // GitHub automatically cancels it. Default: 360
523 "timeout-minutes"?: matchN(1, [number, #expressionSyntax])
524
525 // A strategy creates a build matrix for your jobs. You can define
526 // different variations of an environment to run each job in.
527 "strategy"?: close({
528 "matrix"!: #matrix
529
530 // When set to true, GitHub cancels all in-progress jobs if any
531 // matrix job fails. Default: true
532 "fail-fast"?: bool | string
533
534 // The maximum number of jobs that can run simultaneously when
535 // using a matrix job strategy. By default, GitHub will maximize
536 // the number of jobs run in parallel depending on the available
537 // runners on GitHub-hosted virtual machines.
538 "max-parallel"?: number | string
539 })
540
541 // Prevents a workflow run from failing when a job fails. Set to
542 // true to allow a workflow run to pass when this job fails.
543 "continue-on-error"?: matchN(1, [bool, #expressionSyntax])
544
545 // A container to run any steps in a job that don't already
546 // specify a container. If you have steps that use both script
547 // and container actions, the container actions will run as
548 // sibling containers on the same network with the same volume
549 // mounts.
550 // If you do not set a container, all steps will run directly on
551 // the host specified by runs-on unless a step refers to an
552 // action configured to run in a container.
553 "container"?: matchN(1, [string, #container])
554
555 // Additional containers to host services for a job in a workflow.
556 // These are useful for creating databases or cache services like
557 // redis. The runner on the virtual machine will automatically
558 // create a network and manage the life cycle of the service
559 // containers.
560 // When you use a service container for a job or your step uses
561 // container actions, you don't need to set port information to
562 // access the service. Docker automatically exposes all ports
563 // between containers on the same network.
564 // When both the job and the action run in a container, you can
565 // directly reference the container by its hostname. The hostname
566 // is automatically mapped to the service name.
567 // When a step does not use a container action, you must access
568 // the service using localhost and bind the ports.
569 "services"?: {
570 [string]: #container
571 }
572
573 // Concurrency ensures that only a single job or workflow using
574 // the same concurrency group will run at a time. A concurrency
575 // group can be any string or expression. The expression can use
576 // any context except for the secrets context.
577 // You can also specify concurrency at the workflow level.
578 // When a concurrent job or workflow is queued, if another job or
579 // workflow using the same concurrency group in the repository is
580 // in progress, the queued job or workflow will be pending. Any
581 // previously pending job or workflow in the concurrency group
582 // will be canceled. To also cancel any currently running job or
583 // workflow in the same concurrency group, specify
584 // cancel-in-progress: true.
585 "concurrency"?: matchN(1, [string, #concurrency])
586 })
587
588 #path: #globs
589
590 // You can modify the default permissions granted to the
591 // GITHUB_TOKEN, adding or removing access as required, so that
592 // you only allow the minimum required access.
593 #permissions: matchN(1, ["read-all" | "write-all", #."permissions-event"])
594
595 // Each job must have an id to associate with the job. The key
596 // job_id is a string and its value is a map of the job's
597 // configuration data. You must replace <job_id> with a string
598 // that is unique to the jobs object. The <job_id> must start
599 // with a letter or _ and contain only alphanumeric characters,
600 // -, or _.
601 #reusableWorkflowCallJob: close({
602 // The name of the job displayed on GitHub.
603 "name"?: string
604 "needs"?: #jobNeeds
605 "permissions"?: #permissions
606
607 // You can use the if conditional to prevent a job from running
608 // unless a condition is met. You can use any supported context
609 // and expression to create a conditional.
610 // Expressions in an if conditional do not require the ${{ }}
611 // syntax. For more information, see
612 // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.
613 "if"?: bool | number | string
614
615 // The location and version of a reusable workflow file to run as
616 // a job, of the form './{path/to}/{localfile}.yml' or
617 // '{owner}/{repo}/{path}/{filename}@{ref}'. {ref} can be a SHA,
618 // a release tag, or a branch name. Using the commit SHA is the
619 // safest for stability and security.
620 "uses"!: =~"^(.+\\/)+(.+)\\.(ya?ml)(@.+)?$"
621 "with"?: #env
622
623 // When a job is used to call a reusable workflow, you can use
624 // 'secrets' to provide a map of secrets that are passed to the
625 // called workflow. Any secrets that you pass must match the
626 // names defined in the called workflow.
627 "secrets"?: matchN(1, [#env, "inherit"])
628
629 // A strategy creates a build matrix for your jobs. You can define
630 // different variations of an environment to run each job in.
631 "strategy"?: close({
632 "matrix"!: #matrix
633
634 // When set to true, GitHub cancels all in-progress jobs if any
635 // matrix job fails. Default: true
636 "fail-fast"?: bool | string
637
638 // The maximum number of jobs that can run simultaneously when
639 // using a matrix job strategy. By default, GitHub will maximize
640 // the number of jobs run in parallel depending on the available
641 // runners on GitHub-hosted virtual machines.
642 "max-parallel"?: number | string
643 })
644
645 // Concurrency ensures that only a single job or workflow using
646 // the same concurrency group will run at a time. A concurrency
647 // group can be any string or expression. The expression can use
648 // any context except for the secrets context.
649 // You can also specify concurrency at the workflow level.
650 // When a concurrent job or workflow is queued, if another job or
651 // workflow using the same concurrency group in the repository is
652 // in progress, the queued job or workflow will be pending. Any
653 // previously pending job or workflow in the concurrency group
654 // will be canceled. To also cancel any currently running job or
655 // workflow in the same concurrency group, specify
656 // cancel-in-progress: true.
657 "concurrency"?: matchN(1, [string, #concurrency])
658 })
659
660 // You can override the default shell settings in the runner's
661 // operating system using the shell keyword. You can use built-in
662 // shell keywords, or you can define a custom set of shell
663 // options.
664 #shell: matchN(>=1, [string, "bash" | "pwsh" | "python" | "sh" | "cmd" | "powershell"])
665
666 // You can use `jobs.<job_id>.snapshot` to generate a custom
667 // image.
668 // Add the snapshot keyword to the job, using either the string
669 // syntax or mapping syntax as shown in
670 // https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#generating-a-custom-image.
671 // Each job that includes the snapshot keyword creates a separate
672 // image. To generate only one image or image version, include
673 // all workflow steps in a single job. Each successful run of a
674 // job that includes the snapshot keyword creates a new version
675 // of that image.
676 // For more information, see
677 // https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images.
678 #snapshot: matchN(1, [string, close({
679 "image-name"!: string
680 "version"?: =~"^\\d+(\\.\\d+|\\*)?$"
681 })])
682
683 #step: matchN(1, [{
684 "uses"!: _
685 ...
686 }, {
687 "run"!: _
688 ...
689 }]) & close({
690 _t0="working-directory"?: _
691 if _t0 != _|_ {
692 "run"!: _
693 }
694 shell?: _
695 if shell != _|_ {
696 "run"!: _
697 }
698 {}
699
700 // A unique identifier for the step. You can use the id to
701 // reference the step in contexts. For more information, see
702 // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.
703 "id"?: string
704
705 // You can use the if conditional to prevent a step from running
706 // unless a condition is met. You can use any supported context
707 // and expression to create a conditional.
708 // Expressions in an if conditional do not require the ${{ }}
709 // syntax. For more information, see
710 // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.
711 "if"?: bool | number | string
712
713 // A name for your step to display on GitHub.
714 "name"?: string
715
716 // Selects an action to run as part of a step in your job. An
717 // action is a reusable unit of code. You can use an action
718 // defined in the same repository as the workflow, a public
719 // repository, or in a published Docker container image
720 // (https://hub.docker.com/).
721 // We strongly recommend that you include the version of the
722 // action you are using by specifying a Git ref, SHA, or Docker
723 // tag number. If you don't specify a version, it could break
724 // your workflows or cause unexpected behavior when the action
725 // owner publishes an update.
726 // - Using the commit SHA of a released action version is the
727 // safest for stability and security.
728 // - Using the specific major action version allows you to receive
729 // critical fixes and security patches while still maintaining
730 // compatibility. It also assures that your workflow should still
731 // work.
732 // - Using the master branch of an action may be convenient, but
733 // if someone releases a new major version with a breaking
734 // change, your workflow could break.
735 // Some actions require inputs that you must set using the with
736 // keyword. Review the action's README file to determine the
737 // inputs required.
738 // Actions are either JavaScript files or Docker containers. If
739 // the action you're using is a Docker container you must run the
740 // job in a Linux virtual environment. For more details, see
741 // https://help.github.com/en/articles/virtual-environments-for-github-actions.
742 "uses"?: string
743
744 // Runs command-line programs using the operating system's shell.
745 // If you do not provide a name, the step name will default to
746 // the text specified in the run command.
747 // Commands run using non-login shells by default. You can choose
748 // a different shell and customize the shell used to run
749 // commands. For more information, see
750 // https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#using-a-specific-shell.
751 // Each run keyword represents a new process and shell in the
752 // virtual environment. When you provide multi-line commands,
753 // each line runs in the same shell.
754 "run"?: string
755 "working-directory"?: #."working-directory"
756 "shell"?: #shell
757 "with"?: #env
758 "env"?: #env
759
760 // Prevents a job from failing when a step fails. Set to true to
761 // allow a job to pass when this step fails.
762 "continue-on-error"?: matchN(1, [bool, #expressionSyntax])
763
764 // The maximum number of minutes to run the step before killing
765 // the process.
766 "timeout-minutes"?: matchN(1, [number, #expressionSyntax])
767 })
768
769 #stringContainingExpressionSyntax: =~"""
770 ^.*\\$\\{\\{(.|[\r
771 ])*\\}\\}.*$
772 """
773
774 // Selects the types of activity that will trigger a workflow run.
775 // Most GitHub events are triggered by more than one type of
776 // activity. For example, the event for the release resource is
777 // triggered when a release is published, unpublished, created,
778 // edited, deleted, or prereleased. The types keyword enables you
779 // to narrow down activity that causes the workflow to run. When
780 // only one activity type triggers a webhook event, the types
781 // keyword is unnecessary.
782 // You can use an array of event types. For more information about
783 // each event and their activity types, see
784 // https://help.github.com/en/articles/events-that-trigger-workflows#webhook-events.
785 #types: matchN(1, [[_, ...], string])
786
787 // A string identifier to associate with the input. The value of
788 // <input_id> is a map of the input's metadata. The <input_id>
789 // must be a unique identifier within the inputs object. The
790 // <input_id> must start with a letter or _ and contain only
791 // alphanumeric characters, -, or _.
792 #workflowDispatchInput: matchN(5, [matchIf({
793 "type"!: "string"
794 ...
795 }, {
796 "default"?: string
797 ...
798 }, _) & {
799 ...
800 }, matchIf({
801 "type"!: "boolean"
802 ...
803 }, {
804 "default"?: bool
805 ...
806 }, _) & {
807 ...
808 }, matchIf({
809 "type"!: "number"
810 ...
811 }, {
812 "default"?: number
813 ...
814 }, _) & {
815 ...
816 }, matchIf({
817 "type"!: "environment"
818 ...
819 }, {
820 "default"?: string
821 ...
822 }, _) & {
823 ...
824 }, matchIf({
825 "type"!: "choice"
826 ...
827 }, {
828 "options"!: _
829 ...
830 }, _) & {
831 ...
832 }]) & close({
833 // A string description of the input parameter.
834 "description"?: string
835
836 // A string shown to users using the deprecated input.
837 "deprecationMessage"?: string
838
839 // A boolean to indicate whether the action requires the input
840 // parameter. Set to true when the parameter is required.
841 "required"?: bool
842
843 // A string representing the default value. The default value is
844 // used when an input parameter isn't specified in a workflow
845 // file.
846 "default"?: _
847
848 // A string representing the type of the input.
849 "type"?: "string" | "choice" | "boolean" | "number" | "environment"
850
851 // The options of the dropdown list, if the type is a choice.
852 "options"?: [...string] & [_, ...]
853 })
854}