|
|
900dd96797
|
feat: add action-validator and clean up CI workflows (#513)
* chore(pre-commit): update hooks and add action-validator
Update uv-pre-commit 0.10.9→0.10.11 and checkov 3.2.508→3.2.510.
Normalize single quotes to double quotes in hook args.
Add action-validator v0.8.0 hook for GitHub Actions validation.
* fix(ci): clean up workflow path filters
Remove non-existent action.yaml paths from action-security workflow.
Fix glob patterns (**.md → **/*.md) in pr-lint workflow.
Remove unused trigger paths (yarn.lock, pnpm-lock.yaml,
requirements.txt, .github/labels.yml, docs/**) from security-suite
and sync-labels workflows.
* feat(make): add lint-actions target for action-validator
Add lint-actions target that runs action-validator via pre-commit.
Include it in the lint dependency list and .PHONY declaration.
* docs: add context-mode routing rules to CLAUDE.md
Add mandatory routing rules section for context-mode MCP plugin,
documenting blocked commands, redirected tools, tool selection
hierarchy, and output constraints.
* fix(lint): resolve action-validator failure on language-version-detect
- Remove unsupported `deprecated: true` from language-version-detect/action.yml
(deprecation already communicated via description field)
- Scope action-validator pre-commit hook to workflow and action.yml files only
- Make missing pre-commit a hard error in lint-actions target
* fix(deps): update action pins and fix trivy-action version comment
Update SHA-pinned action references to latest versions:
- github/codeql-action v4.32.6 → v4.33.0
- nick-fields/retry v3.0.2 → v4.0.0
- actions/cache v5.0.3 → v5.0.4
- oven-sh/setup-bun v2.1.3 → v2.2.0
- softprops/action-gh-release v2.5.0 → v2.6.1
- github/issue-metrics v4.1.0 → v4.1.1
- shivammathur/setup-php 2.36.0 → 2.37.0
- astral-sh/setup-uv v7.5.0 → v7.6.0
- terraform-linters/setup-tflint v6.2.1 → v6.2.2
- aquasecurity/trivy-action: pin from master to v0.35.0
Fix pinact warning in docker-build by adding missing v prefix
to trivy-action version comment (0.35.0 → v0.35.0).
|
2026-03-20 13:01:24 +02:00 |
|
Copilot
|
ae4ad9ec80
|
fix: harden workflow permissions with deny-all top-level and least-privilege job scopes (#482)
|
2026-03-06 02:44:56 +02:00 |
|
|
|
681e0f828a
|
chore(deps): update actions (#346)
|
2025-11-14 09:36:58 +02:00 |
|
renovate[bot]
|
05e171c506
|
feat(github-action)!: Update actions/checkout (v4.3.0 → v5.0.0) (#209)
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
|
2025-08-21 14:36:40 +03:00 |
|
renovate[bot]
|
e3b436adb3
|
feat(github-action): update actions/checkout (v4.2.2 → v4.3.0) (#213)
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
|
2025-08-18 09:43:18 +00:00 |
|
|
|
dd6e67c8d0
|
feat(ci): add merge_group trigger
|
2025-02-05 02:13:30 +02:00 |
|
|
|
8cd4630cf5
|
fix(ci): so you don't need the action.yml?
|
2025-02-05 02:03:19 +02:00 |
|
|
|
0f86932afb
|
fix(ci): oops, forgot to checkout the repo
|
2025-02-05 02:00:50 +02:00 |
|
|
|
fcdcc4ae21
|
chore(ci): simplify labels syncing
|
2025-02-05 01:59:14 +02:00 |
|
Ismo Vuorinen
|
a006d699d3
|
fix: security-trends fixes, docs, tweaks
|
2025-02-04 12:16:16 +02:00 |
|
|
|
19f792e5d1
|
feat(ci): pin versions, tighten permissions
|
2025-02-02 14:20:05 +02:00 |
|
|
|
210aa969b3
|
feat: add GitHub Actions workflows for code quality and automation (#2)
|
2025-02-02 00:42:19 +02:00 |
|
Ismo Vuorinen
|
e90c7a737a
|
Initial commit
|
2024-11-10 11:34:15 +02:00 |
|
