ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-03-20 20:01:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
392 Commits 2 Branches 146 Tags
900dd967977fc9b878f4d3fd61c821386ee96f40
Commit Graph

14 Commits

Author SHA1 Message Date
Ismo Vuorinen
900dd96797 feat: add action-validator and clean up CI workflows (#513) 
* chore(pre-commit): update hooks and add action-validator

Update uv-pre-commit 0.10.9→0.10.11 and checkov 3.2.508→3.2.510.
Normalize single quotes to double quotes in hook args.
Add action-validator v0.8.0 hook for GitHub Actions validation.

* fix(ci): clean up workflow path filters

Remove non-existent action.yaml paths from action-security workflow.
Fix glob patterns (**.md → **/*.md) in pr-lint workflow.
Remove unused trigger paths (yarn.lock, pnpm-lock.yaml,
requirements.txt, .github/labels.yml, docs/**) from security-suite
and sync-labels workflows.

* feat(make): add lint-actions target for action-validator

Add lint-actions target that runs action-validator via pre-commit.
Include it in the lint dependency list and .PHONY declaration.

* docs: add context-mode routing rules to CLAUDE.md

Add mandatory routing rules section for context-mode MCP plugin,
documenting blocked commands, redirected tools, tool selection
hierarchy, and output constraints.

* fix(lint): resolve action-validator failure on language-version-detect

- Remove unsupported `deprecated: true` from language-version-detect/action.yml
  (deprecation already communicated via description field)
- Scope action-validator pre-commit hook to workflow and action.yml files only
- Make missing pre-commit a hard error in lint-actions target

* fix(deps): update action pins and fix trivy-action version comment

Update SHA-pinned action references to latest versions:
- github/codeql-action v4.32.6 → v4.33.0
- nick-fields/retry v3.0.2 → v4.0.0
- actions/cache v5.0.3 → v5.0.4
- oven-sh/setup-bun v2.1.3 → v2.2.0
- softprops/action-gh-release v2.5.0 → v2.6.1
- github/issue-metrics v4.1.0 → v4.1.1
- shivammathur/setup-php 2.36.0 → 2.37.0
- astral-sh/setup-uv v7.5.0 → v7.6.0
- terraform-linters/setup-tflint v6.2.1 → v6.2.2
- aquasecurity/trivy-action: pin from master to v0.35.0

Fix pinact warning in docker-build by adding missing v prefix
to trivy-action version comment (0.35.0 → v0.35.0).
 2026-03-20 13:01:24 +02:00
Ismo Vuorinen
4360ea39c7 fix(ci): use the latest openssf scorecard action (#503) 
* fix(ci): use the latest openssf scorecard action

* fix(ci): replace scorecard workflow with upstream reference

Replace our custom scorecard workflow with the official ossf/scorecard
workflow template for better alignment with upstream recommendations.
 2026-03-09 02:46:23 +02:00
renovate[bot]
ca8482e2c3 chore(deps)!: update actions/upload-artifact action (v4.6.2 → v7.0.0) (#470) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-09 02:20:41 +02:00
Ismo Vuorinen
a0cc32995f feat(security): add OpenSSF Scorecard workflow and maximize score (#498) 
* feat(security): add OpenSSF Scorecard workflow and maximize score

- Add scorecard.yml workflow (weekly + push to main) with SARIF upload
- Add CONTRIBUTING.md for contributor guidelines
- Add SLSA provenance attestation job to release workflow
- Add CycloneDX SBOM generation job to release workflow
- Pin Dockerfile base images to sha256 digests
- Enable Renovate pinDigests and platformAutomerge
- Add OpenSSF Scorecard badge to README

* fix(docs): address PR #498 review comments and remove .coderabbit.yaml

- Delete .coderabbit.yaml (falls back to shared org-level config)
- Add missing linter deps to CONTRIBUTING.md install step
- Separate make all and make test into distinct steps
- Fix line length note to match EditorConfig (200 chars, no MD override)
- Add yamllint/markdownlint to YAML/JSON/Markdown linter list
- Refine action references guidance
- Expand "Adding a New Action" section with action-docs and catalog info
 2026-03-09 01:59:07 +02:00
Ismo Vuorinen
2661996471 fix(ci): combine workflows to security-suite Remove legacy GitHub Actions workflows and add security-suite workflow (#58) 
* fix(ci): combine workflows to security-suite
* fix(ci): tweak permissions
 2025-02-27 13:19:25 +02:00
renovate[bot]
89b6c7942d fix(github-action): update ossf/scorecard-action (v2.4.0 → v2.4.1) (#56) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-26 20:51:44 +00:00
renovate[bot]
d7af0bf64e fix(github-action): update github/codeql-action (v3.28.9 → v3.28.10) (#54) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-25 15:34:20 +00:00
renovate[bot]
68401cb958 fix(github-action): update actions/upload-artifact (v4.6.0 → v4.6.1) (#53) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-25 10:07:18 +00:00
renovate[bot]
beb4d1fb17 fix(github-action): update github/codeql-action (v3.28.8 → v3.28.9) (#35) 2025-02-10 14:22:12 +02:00
Ismo Vuorinen
a006d699d3 fix: security-trends fixes, docs, tweaks 2025-02-04 12:16:16 +02:00
Ismo Vuorinen
19f792e5d1 feat(ci): pin versions, tighten permissions 2025-02-02 14:20:05 +02:00
Ismo Vuorinen
6226202574 chore: drop auto-rebase, update ossf-scorecard-action 2025-02-02 01:14:16 +02:00
renovate[bot]
1f28f73ece feat(github-action)!: Update github/codeql-action (v2 → v3) (#8) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-02 01:09:44 +02:00
Ismo Vuorinen
210aa969b3 feat: add GitHub Actions workflows for code quality and automation (#2) 2025-02-02 00:42:19 +02:00