From 3adbeb6508585e3f9d6b6ded55380a5b38c7c743 Mon Sep 17 00:00:00 2001
From: Matt Calhoun <matt@cloudposse.com>
Date: Wed, 20 Dec 2023 22:00:00 -0500
Subject: [PATCH] chore/update GitHub actions (#10)

---
 .github/workflows/build-test.yaml          |  7 +++++
 .github/workflows/validate-codeowners.yaml | 32 ++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 .github/workflows/validate-codeowners.yaml

diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml
index 08f6ece..fd17050 100644
--- a/.github/workflows/build-test.yaml
+++ b/.github/workflows/build-test.yaml
@@ -5,6 +5,13 @@ on:
       - opened
       - synchronize
       - reopened
+  push:
+    branches:
+      - main
+  release:
+    types:
+      - published
+  workflow_dispatch:
 
 permissions:
   contents: read
diff --git a/.github/workflows/validate-codeowners.yaml b/.github/workflows/validate-codeowners.yaml
new file mode 100644
index 0000000..e8c790a
--- /dev/null
+++ b/.github/workflows/validate-codeowners.yaml
@@ -0,0 +1,32 @@
+name: Validate Codeowners
+on:
+  workflow_dispatch:
+  pull_request:
+jobs:
+  validate-codeowners:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout source code at current commit"
+        uses: actions/checkout@v4
+
+      # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved
+      - uses: mszostok/codeowners-validator@v0.7.4
+        # This condition verifies that the PR repo equals the Github Repo and it's NOT dependabot
+        if: ${{ (github.event.pull_request.head.repo.full_name == github.repository) && (github.actor != 'dependabot[bot]') }}
+        name: "Full check of CODEOWNERS"
+        with:
+          # For now, remove "files" check to allow CODEOWNERS to specify non-existent
+          # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos
+          #   checks: "files,syntax,owners,duppatterns"
+          checks: "syntax,owners,duppatterns"
+          owner_checker_allow_unowned_patterns: "false"
+          # GitHub access token is required only if the `owners` check is enabled
+          github_access_token: "${{ secrets.REPO_ACCESS_TOKEN }}"
+
+      - uses: mszostok/codeowners-validator@v0.7.4
+        # This condition verifies that the PR repo does NOT equal the Github Repo
+        if: github.event.pull_request.head.repo.full_name != github.repository
+        name: "Syntax check of CODEOWNERS"
+        with:
+          checks: "syntax,duppatterns"
+          owner_checker_allow_unowned_patterns: "false"