ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-03-20 17:01:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add action-validator and clean up CI workflows (#513)

Browse Source 
* chore(pre-commit): update hooks and add action-validator

Update uv-pre-commit 0.10.9→0.10.11 and checkov 3.2.508→3.2.510.
Normalize single quotes to double quotes in hook args.
Add action-validator v0.8.0 hook for GitHub Actions validation.

* fix(ci): clean up workflow path filters

Remove non-existent action.yaml paths from action-security workflow.
Fix glob patterns (**.md → **/*.md) in pr-lint workflow.
Remove unused trigger paths (yarn.lock, pnpm-lock.yaml,
requirements.txt, .github/labels.yml, docs/**) from security-suite
and sync-labels workflows.

* feat(make): add lint-actions target for action-validator

Add lint-actions target that runs action-validator via pre-commit.
Include it in the lint dependency list and .PHONY declaration.

* docs: add context-mode routing rules to CLAUDE.md

Add mandatory routing rules section for context-mode MCP plugin,
documenting blocked commands, redirected tools, tool selection
hierarchy, and output constraints.

* fix(lint): resolve action-validator failure on language-version-detect

- Remove unsupported `deprecated: true` from language-version-detect/action.yml
  (deprecation already communicated via description field)
- Scope action-validator pre-commit hook to workflow and action.yml files only
- Make missing pre-commit a hard error in lint-actions target

* fix(deps): update action pins and fix trivy-action version comment

Update SHA-pinned action references to latest versions:
- github/codeql-action v4.32.6 → v4.33.0
- nick-fields/retry v3.0.2 → v4.0.0
- actions/cache v5.0.3 → v5.0.4
- oven-sh/setup-bun v2.1.3 → v2.2.0
- softprops/action-gh-release v2.5.0 → v2.6.1
- github/issue-metrics v4.1.0 → v4.1.1
- shivammathur/setup-php 2.36.0 → 2.37.0
- astral-sh/setup-uv v7.5.0 → v7.6.0
- terraform-linters/setup-tflint v6.2.1 → v6.2.2
- aquasecurity/trivy-action: pin from master to v0.35.0

Fix pinact warning in docker-build by adding missing v prefix
to trivy-action version comment (0.35.0 → v0.35.0).
This commit is contained in:
Ismo Vuorinen
2026-03-20 13:01:24 +02:00
committed by GitHub
parent 1da3a0e79f
commit 900dd96797
30 changed files with 147 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
security-scan/action.yml
View File

@@ -118,7 +118,7 @@ runs:
- name: Run Trivy vulnerability scanner
if: steps.check-configs.outputs.run_trivy == 'true'
uses: aquasecurity/trivy-action@a11da62073708815958ea6d84f5650c78a3ef85b # master
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
with:
scan-type: 'fs'
scanners: ${{ inputs.trivy-scanners }}
@@ -161,14 +161,14 @@ runs:
- name: Upload Trivy results
if: steps.verify-sarif.outputs.has_trivy == 'true'
uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
with:
sarif_file: 'trivy-results.sarif'
category: 'trivy'
- name: Upload Gitleaks results
if: steps.verify-sarif.outputs.has_gitleaks == 'true'
uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
with:
sarif_file: 'gitleaks-report.sarif'
category: 'gitleaks'