Fix workflow permissions, enable manual triggering, and resolve lint errors #362
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| # yamllint disable-line rule:truthy | |
| on: | |
| push: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| workflow_dispatch: | |
| permissions: | |
| actions: read | |
| contents: read | |
| packages: read | |
| security-events: write | |
| jobs: | |
| information: | |
| name: Gather app information | |
| runs-on: ubuntu-latest | |
| outputs: | |
| architectures: ${{ steps.information.outputs.architectures }} | |
| build: ${{ steps.information.outputs.build }} | |
| description: ${{ steps.information.outputs.description }} | |
| name: ${{ steps.information.outputs.name }} | |
| slug: ${{ steps.information.outputs.slug }} | |
| target: ${{ steps.information.outputs.target }} | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run app information action | |
| id: information | |
| uses: frenck/action-addon-information@ce1377e9851cf569c29329e65fb2c57e67ca0f69 # v1.4.2 | |
| lint-app: | |
| name: Lint App | |
| needs: | |
| - information | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run App Lint | |
| uses: frenck/action-addon-linter@f995494fd84fae6310d23617e66d0e37de4f14eb # v2.21.0 | |
| with: | |
| path: "./${{ needs.information.outputs.target }}" | |
| lint-hadolint: | |
| name: Hadolint | |
| needs: | |
| - information | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run Hadolint | |
| uses: brpaz/hadolint-action@v1.5.0 | |
| with: | |
| dockerfile: "./${{ needs.information.outputs.target }}/Dockerfile" | |
| lint-json: | |
| name: JSON Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run JQ | |
| run: | | |
| shopt -s globstar nullglob | |
| for file in **/*.json; do | |
| if ! jq '.' "$file" > /dev/null 2>&1; then | |
| echo "::error file=${file}::Invalid JSON in ${file}" | |
| jq '.' "$file" | |
| exit 1 | |
| fi | |
| done | |
| lint-shellcheck: | |
| name: Shellcheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run Shellcheck | |
| uses: ludeeus/action-shellcheck@2.0.0 | |
| env: | |
| SHELLCHECK_OPTS: -s bash | |
| lint-yamllint: | |
| name: YAMLLint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run YAMLLint | |
| uses: frenck/action-yamllint@34b4bbcaeabedcfefad6adea8c5bbc42af0e2d47 # v1.5 | |
| lint-prettier: | |
| name: Prettier | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run Prettier | |
| uses: creyD/prettier_action@v4.6 | |
| with: | |
| prettier_options: --check **/*.{json,js,md,yaml} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| lint-zizmor: | |
| name: zizmor | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run zizmor | |
| uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 | |
| dependency-review: | |
| name: Dependency review | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code from GitHub | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Dependency review | |
| uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 |