From e58e5e166b366f4b457148e929ae02081952cf6e Mon Sep 17 00:00:00 2001
From: Mark Stacey <markjstacey@gmail.com>
Date: Wed, 21 Jun 2023 09:17:13 -0230
Subject: [PATCH] Lint GitHub Action workflows (#19665)

* Lint GitHub Action workflows

We now lint GitHub Action workflows. This lint step is performed in the
`main` workflow, which has an "All jobs passed" check that we can add
further checks to in the future. This can grow to encompass all PR
status checks that depend upon the PR contents.

This workflow is based upon the one used in the MetaMask module
template.

* Fix branch names

* Fix lint error
---
 .github/workflows/add-release-label.yml |  2 +-
 .github/workflows/main.yml              | 45 +++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/main.yml

diff --git a/.github/workflows/add-release-label.yml b/.github/workflows/add-release-label.yml
index d48fce63f..24d8f717a 100644
--- a/.github/workflows/add-release-label.yml
+++ b/.github/workflows/add-release-label.yml
@@ -29,7 +29,7 @@ jobs:
         id: get-next-semver-version
         env:
           FORCE_NEXT_SEMVER_VERSION: ${{ vars.FORCE_NEXT_SEMVER_VERSION }}
-        run: ./development/get-next-semver-version.sh $FORCE_NEXT_SEMVER_VERSION
+        run: ./development/get-next-semver-version.sh "$FORCE_NEXT_SEMVER_VERSION"
 
       - name: Add release label to PR and linked issues
         id: add-release-label-to-pr-and-linked-issues
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 000000000..3d28f7886
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,45 @@
+name: Main
+
+on:
+  push:
+    branches: [develop, master]
+  pull_request:
+
+jobs:
+  check-workflows:
+    name: Check workflows
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Download actionlint
+        id: download-actionlint
+        run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23
+        shell: bash
+      - name: Check workflow files
+        run: ${{ steps.download-actionlint.outputs.executable }} -color
+        shell: bash
+
+  all-jobs-completed:
+    name: All jobs completed
+    runs-on: ubuntu-latest
+    needs:
+      - check-workflows
+    outputs:
+      PASSED: ${{ steps.set-output.outputs.PASSED }}
+    steps:
+      - name: Set PASSED output
+        id: set-output
+        run: echo "PASSED=true" >> "$GITHUB_OUTPUT"
+
+  all-jobs-pass:
+    name: All jobs pass
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    needs: all-jobs-completed
+    steps:
+      - name: Check that all jobs have passed
+        run: |
+          passed="${{ needs.all-jobs-completed.outputs.PASSED }}"
+          if [[ $passed != "true" ]]; then
+            exit 1
+          fi