fork-audit
Runs against a fork checkout (via umbrella submodule pointer) — externalCI that never adds a byte to the fork's main. Provides drift + license +
MegaLinter + upstream-parity checks.
Umbrella workflow: chirag127/workspace/.github/workflows/fork-ci.yml
Installation
dagger install github.com/chirag127/workflows/dagger/fork-audit@c00f0b78c773ec3d2a9a9e01ac8a93646fe95cfeEntrypoint
Return Type
ForkAudit Example
dagger -m github.com/chirag127/workflows/dagger/fork-audit@c00f0b78c773ec3d2a9a9e01ac8a93646fe95cfe call \
func (m *MyModule) Example() *dagger.ForkAudit {
return dag.
Forkaudit()
}@function
def example() -> dagger.ForkAudit:
return (
dag.fork_audit()
)@func()
example(): ForkAudit {
return dag
.forkAudit()
}Types
ForkAudit 🔗
driftCheck() 🔗
Confirm the fork tree is byte-identical to upstream/main per no-fork-divergence. Requires the fork checkout to have upstream configured; fork-ci.yml sets it up.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | No description provided |
Example
dagger -m github.com/chirag127/workflows/dagger/fork-audit@c00f0b78c773ec3d2a9a9e01ac8a93646fe95cfe call \
drift-check --source DIR_PATHfunc (m *MyModule) Example(ctx context.Context, source *dagger.Directory) string {
return dag.
Forkaudit().
Driftcheck(ctx, source)
}@function
async def example(source: dagger.Directory) -> str:
return await (
dag.fork_audit()
.driftcheck(source)
)@func()
async example(source: Directory): Promise<string> {
return dag
.forkAudit()
.driftCheck(source)
}megalint() 🔗
MegaLinter security-only pass against the fork tree. Advisory: any finding posts a status but doesn’t gate our commit-status back to the fork.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | No description provided |
Example
dagger -m github.com/chirag127/workflows/dagger/fork-audit@c00f0b78c773ec3d2a9a9e01ac8a93646fe95cfe call \
megalint --source DIR_PATHfunc (m *MyModule) Example(ctx context.Context, source *dagger.Directory) string {
return dag.
Forkaudit().
Megalint(ctx, source)
}@function
async def example(source: dagger.Directory) -> str:
return await (
dag.fork_audit()
.megalint(source)
)@func()
async example(source: Directory): Promise<string> {
return dag
.forkAudit()
.megalint(source)
}licenseCheck() 🔗
License audit — the fork must ship the upstream LICENSE unchanged.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | No description provided |
Example
dagger -m github.com/chirag127/workflows/dagger/fork-audit@c00f0b78c773ec3d2a9a9e01ac8a93646fe95cfe call \
license-check --source DIR_PATHfunc (m *MyModule) Example(ctx context.Context, source *dagger.Directory) string {
return dag.
Forkaudit().
Licensecheck(ctx, source)
}@function
async def example(source: dagger.Directory) -> str:
return await (
dag.fork_audit()
.licensecheck(source)
)@func()
async example(source: Directory): Promise<string> {
return dag
.forkAudit()
.licenseCheck(source)
}ci() 🔗
Full audit: drift + license + megalint. Any single failure fails the audit.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | No description provided |
Example
dagger -m github.com/chirag127/workflows/dagger/fork-audit@c00f0b78c773ec3d2a9a9e01ac8a93646fe95cfe call \
ci --source DIR_PATHfunc (m *MyModule) Example(ctx context.Context, source *dagger.Directory) string {
return dag.
Forkaudit().
Ci(ctx, source)
}@function
async def example(source: dagger.Directory) -> str:
return await (
dag.fork_audit()
.ci(source)
)@func()
async example(source: Directory): Promise<string> {
return dag
.forkAudit()
.ci(source)
}