feat: validate --directory alternative to --repository to not clone (#1008)

Resolves forgejo/forgejo-actions-feature-requests#51

---

Note to reviewers: while working on fixing the exit status of the validate command, a border case was discovered when using `--clonedir . --repository .` by which it will not find an `action.yml` file at the root of the directory. It will be easier to fix and test using a `--directory` option designed to use a pre-existing directory instead because it is not a border case but the most common case really.

<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1008): <!--number 1008 --><!--line 0 --><!--description ZmVhdDogdmFsaWRhdGUgLS1kaXJlY3RvcnkgYWx0ZXJuYXRpdmUgdG8gLS1yZXBvc2l0b3J5IHRvIG5vdCBjbG9uZQ==-->feat: validate --directory alternative to --repository to not clone<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1008
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>

internal/app/cmd/testdata/validate/bad-directory/.forgejo/workflows/workflow1.yml

@@ -0,0 +1,6 @@
+on: [push]
+jobs:
+  test:
+    ruins-on: docker
+    steps:
+      - run: echo All good!

internal/app/cmd/testdata/validate/bad-directory/action.yml

@@ -0,0 +1,67 @@
+name: 'Forgejo release download and upload'
+author: 'Forgejo authors'
+description: |
+  Upload or download the assets of a release to a Forgejo instance.
+inputs:
+  badinput: scalarinsteadofmap
+  url:
+    description: 'URL of the Forgejo instance'
+    default: '${{ env.FORGEJO_SERVER_URL }}'
+  repo:
+    description: 'owner/project relative to the URL'
+    default: '${{ forge.repository }}'
+  tag:
+    description: 'Tag of the release'
+    default: '${{ forge.ref_name }}'
+  title:
+    description: 'Title of the release (defaults to tag)'
+  sha:
+    description: 'SHA of the release'
+    default: '${{ forge.sha }}'
+  token:
+    description: 'Forgejo application token'
+    default: '${{ forge.token }}'
+  release-dir:
+    description: 'Directory in whichs release assets are uploaded or downloaded'
+    required: true
+  release-notes:
+    description: 'Release notes'
+  direction:
+    description: 'Can either be `download` or `upload`'
+    required: true
+  gpg-private-key:
+    description: 'GPG Private Key to sign the release artifacts'
+  gpg-passphrase:
+    description: 'Passphrase of the GPG Private Key'
+  download-retry:
+    description: 'Number of times to retry if the release is not ready (default 1)'
+  download-latest:
+    description: 'Download the latest release'
+    default: false
+  verbose:
+    description: 'Increase the verbosity level'
+    default: false
+  override:
+    description: 'Override an existing release by the same `{tag}`'
+    default: false
+  prerelease:
+    description: 'Mark Release as Pre-Release'
+    default: false
+  release-notes-assistant:
+    description: 'Generate release notes with Release Notes Assistant'
+    default: false
+  hide-archive-link:
+    description: 'Hide the archive links'
+    default: false
+
+runs:
+  using: "composite"
+  steps:
+    - if: ${{ inputs.release-notes-assistant }}
+      uses: https://data.forgejo.org/actions/cache@v4
+      with:
+        key: rna-${{ inputs.repo }}
+        path: ${{ forge.action_path }}/rna
+
+    - run: echo "${{ forge.action_path }}" >> $FORGEJO_PATH
+      shell: bash

internal/app/cmd/testdata/validate/good-directory/.forgejo/workflows/action.yml

@@ -0,0 +1,6 @@
+on: [push]
+jobs:
+  test:
+    runs-on: docker
+    steps:
+      - run: echo All good!

internal/app/cmd/testdata/validate/good-directory/.forgejo/workflows/workflow1.yml

@@ -0,0 +1,6 @@
+on: [push]
+jobs:
+  test:
+    runs-on: docker
+    steps:
+      - run: echo All good!

internal/app/cmd/testdata/validate/good-directory/.forgejo/workflows/workflow2.yaml

@@ -0,0 +1,6 @@
+on: [push]
+jobs:
+  test:
+    runs-on: docker
+    steps:
+      - run: echo All good!

internal/app/cmd/testdata/validate/good-directory/.gitea/workflows/bad.yml

@@ -0,0 +1,6 @@
+on: [push]
+jobs:
+  test:
+    ruins-on: docker
+    steps:
+      - run: echo All good!

internal/app/cmd/testdata/validate/good-directory/.github/workflows/bad.yml

@@ -0,0 +1,6 @@
+on: [push]
+jobs:
+  test:
+    ruins-on: docker
+    steps:
+      - run: echo All good!

internal/app/cmd/testdata/validate/good-directory/action.yml

@@ -0,0 +1,67 @@
+# SPDX-License-Identifier: MIT
+name: 'Forgejo release download and upload'
+author: 'Forgejo authors'
+description: |
+  Upload or download the assets of a release to a Forgejo instance.
+inputs:
+  url:
+    description: 'URL of the Forgejo instance'
+    default: '${{ env.FORGEJO_SERVER_URL }}'
+  repo:
+    description: 'owner/project relative to the URL'
+    default: '${{ forge.repository }}'
+  tag:
+    description: 'Tag of the release'
+    default: '${{ forge.ref_name }}'
+  title:
+    description: 'Title of the release (defaults to tag)'
+  sha:
+    description: 'SHA of the release'
+    default: '${{ forge.sha }}'
+  token:
+    description: 'Forgejo application token'
+    default: '${{ forge.token }}'
+  release-dir:
+    description: 'Directory in whichs release assets are uploaded or downloaded'
+    required: true
+  release-notes:
+    description: 'Release notes'
+  direction:
+    description: 'Can either be `download` or `upload`'
+    required: true
+  gpg-private-key:
+    description: 'GPG Private Key to sign the release artifacts'
+  gpg-passphrase:
+    description: 'Passphrase of the GPG Private Key'
+  download-retry:
+    description: 'Number of times to retry if the release is not ready (default 1)'
+  download-latest:
+    description: 'Download the latest release'
+    default: false
+  verbose:
+    description: 'Increase the verbosity level'
+    default: false
+  override:
+    description: 'Override an existing release by the same `{tag}`'
+    default: false
+  prerelease:
+    description: 'Mark Release as Pre-Release'
+    default: false
+  release-notes-assistant:
+    description: 'Generate release notes with Release Notes Assistant'
+    default: false
+  hide-archive-link:
+    description: 'Hide the archive links'
+    default: false
+
+runs:
+  using: "composite"
+  steps:
+    - if: ${{ inputs.release-notes-assistant }}
+      uses: https://data.forgejo.org/actions/cache@v4
+      with:
+        key: rna-${{ inputs.repo }}
+        path: ${{ forge.action_path }}/rna
+
+    - run: echo "${{ forge.action_path }}" >> $FORGEJO_PATH
+      shell: bash

internal/app/cmd/testdata/validate/good-directory/subaction/action.yaml

@@ -0,0 +1,67 @@
+# SPDX-License-Identifier: MIT
+name: 'Forgejo release download and upload'
+author: 'Forgejo authors'
+description: |
+  Upload or download the assets of a release to a Forgejo instance.
+inputs:
+  url:
+    description: 'URL of the Forgejo instance'
+    default: '${{ env.FORGEJO_SERVER_URL }}'
+  repo:
+    description: 'owner/project relative to the URL'
+    default: '${{ forge.repository }}'
+  tag:
+    description: 'Tag of the release'
+    default: '${{ forge.ref_name }}'
+  title:
+    description: 'Title of the release (defaults to tag)'
+  sha:
+    description: 'SHA of the release'
+    default: '${{ forge.sha }}'
+  token:
+    description: 'Forgejo application token'
+    default: '${{ forge.token }}'
+  release-dir:
+    description: 'Directory in whichs release assets are uploaded or downloaded'
+    required: true
+  release-notes:
+    description: 'Release notes'
+  direction:
+    description: 'Can either be `download` or `upload`'
+    required: true
+  gpg-private-key:
+    description: 'GPG Private Key to sign the release artifacts'
+  gpg-passphrase:
+    description: 'Passphrase of the GPG Private Key'
+  download-retry:
+    description: 'Number of times to retry if the release is not ready (default 1)'
+  download-latest:
+    description: 'Download the latest release'
+    default: false
+  verbose:
+    description: 'Increase the verbosity level'
+    default: false
+  override:
+    description: 'Override an existing release by the same `{tag}`'
+    default: false
+  prerelease:
+    description: 'Mark Release as Pre-Release'
+    default: false
+  release-notes-assistant:
+    description: 'Generate release notes with Release Notes Assistant'
+    default: false
+  hide-archive-link:
+    description: 'Hide the archive links'
+    default: false
+
+runs:
+  using: "composite"
+  steps:
+    - if: ${{ inputs.release-notes-assistant }}
+      uses: https://data.forgejo.org/actions/cache@v4
+      with:
+        key: rna-${{ inputs.repo }}
+        path: ${{ forge.action_path }}/rna
+
+    - run: echo "${{ forge.action_path }}" >> $FORGEJO_PATH
+      shell: bash

internal/app/cmd/testdata/validate/make-repositories.sh

@@ -35,6 +35,10 @@ git clone --bare $tmpdir/good good-repository
 rm -fr good-repository/hooks
 touch good-repository/refs/placeholder
 
+rm -fr good-directory
+git clone $tmpdir/good good-directory
+rm -fr good-directory/.git
+
 # bad
 
 mkdir $tmpdir/bad
@@ -54,3 +58,7 @@ rm -fr bad-repository
 git clone --bare $tmpdir/bad bad-repository
 rm -fr bad-repository/hooks
 touch bad-repository/refs/placeholder
+
+rm -fr bad-directory
+git clone $tmpdir/bad bad-directory
+rm -fr bad-directory/.git