mirror of
https://github.com/ivuorinen/actions.git
synced 2026-02-11 12:46:33 +00:00
Compare commits
24 Commits
v2026.01.0
...
v2026.02.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
c40f80e9c5 | ||
|
|
20fb4bc79c | ||
|
|
9277758f30 | ||
|
|
a9605c642f | ||
|
|
6d25c0f8b6 | ||
|
|
6c04d8b197 | ||
|
|
e6c7e60e25 | ||
|
|
01292232b4 | ||
|
|
052b78f9f7 | ||
|
|
f371da218e | ||
|
|
175a9f5356 | ||
|
|
b3299e0670 | ||
|
|
fb37d38f17 | ||
|
|
80621c08b4 | ||
|
|
77429988fd | ||
|
|
f5cedd5870 | ||
|
|
0b0e96a2ed | ||
|
|
3b71d19480 | ||
|
|
51861a9b40 | ||
|
|
f98ae7cd7d | ||
| cc842575b9 | |||
|
|
cbfddb2433 | ||
|
|
5664cdbfbf | ||
|
|
e740f9d893 |
@@ -17,12 +17,12 @@ runs:
|
|||||||
using: composite
|
using: composite
|
||||||
steps:
|
steps:
|
||||||
- name: Install uv
|
- name: Install uv
|
||||||
uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
|
uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
|
||||||
with:
|
with:
|
||||||
enable-cache: true
|
enable-cache: true
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
||||||
with:
|
with:
|
||||||
python-version-file: pyproject.toml
|
python-version-file: pyproject.toml
|
||||||
|
|
||||||
@@ -31,7 +31,7 @@ runs:
|
|||||||
run: uv sync --frozen
|
run: uv sync --frozen
|
||||||
|
|
||||||
- name: Setup Node.js
|
- name: Setup Node.js
|
||||||
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
|
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||||
with:
|
with:
|
||||||
node-version: '24'
|
node-version: '24'
|
||||||
cache: npm
|
cache: npm
|
||||||
|
|||||||
2
.github/workflows/build-testing-image.yml
vendored
2
.github/workflows/build-testing-image.yml
vendored
@@ -41,7 +41,7 @@ jobs:
|
|||||||
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
|
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
|
||||||
|
|
||||||
- name: Log in to GitHub Container Registry
|
- name: Log in to GitHub Container Registry
|
||||||
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
|
|||||||
2
.github/workflows/pr-lint.yml
vendored
2
.github/workflows/pr-lint.yml
vendored
@@ -74,7 +74,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Upload SARIF Report
|
- name: Upload SARIF Report
|
||||||
if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
|
if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: megalinter-reports/sarif
|
sarif_file: megalinter-reports/sarif
|
||||||
category: megalinter
|
category: megalinter
|
||||||
|
|||||||
2
.github/workflows/test-actions.yml
vendored
2
.github/workflows/test-actions.yml
vendored
@@ -73,7 +73,7 @@ jobs:
|
|||||||
if: always()
|
if: always()
|
||||||
|
|
||||||
- name: Upload SARIF file
|
- name: Upload SARIF file
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
if: always() && hashFiles('_tests/reports/test-results.sarif') != ''
|
if: always() && hashFiles('_tests/reports/test-results.sarif') != ''
|
||||||
with:
|
with:
|
||||||
sarif_file: _tests/reports/test-results.sarif
|
sarif_file: _tests/reports/test-results.sarif
|
||||||
|
|||||||
25
.github/workflows/version-maintenance.yml
vendored
25
.github/workflows/version-maintenance.yml
vendored
@@ -40,6 +40,29 @@ jobs:
|
|||||||
printf '%s\n' "major=v$current_year" >> "$GITHUB_OUTPUT"
|
printf '%s\n' "major=v$current_year" >> "$GITHUB_OUTPUT"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
- name: Ensure Major Version Tag Exists
|
||||||
|
id: ensure-tag
|
||||||
|
shell: sh
|
||||||
|
env:
|
||||||
|
MAJOR_VERSION: ${{ steps.version.outputs.major }}
|
||||||
|
run: |
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
git fetch --tags --force
|
||||||
|
|
||||||
|
if git rev-list -n 1 "$MAJOR_VERSION" >/dev/null 2>&1; then
|
||||||
|
echo "Tag $MAJOR_VERSION already exists"
|
||||||
|
printf '%s\n' "created=false" >> "$GITHUB_OUTPUT"
|
||||||
|
else
|
||||||
|
echo "Tag $MAJOR_VERSION not found, creating..."
|
||||||
|
git config user.name "github-actions[bot]"
|
||||||
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||||
|
git tag -a "$MAJOR_VERSION" -m "Major version $MAJOR_VERSION"
|
||||||
|
git push origin "$MAJOR_VERSION"
|
||||||
|
echo "Created and pushed tag $MAJOR_VERSION"
|
||||||
|
printf '%s\n' "created=true" >> "$GITHUB_OUTPUT"
|
||||||
|
fi
|
||||||
|
|
||||||
- name: Run Action Versioning
|
- name: Run Action Versioning
|
||||||
id: action-versioning
|
id: action-versioning
|
||||||
uses: ./action-versioning
|
uses: ./action-versioning
|
||||||
@@ -49,7 +72,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Create Pull Request
|
- name: Create Pull Request
|
||||||
if: steps.action-versioning.outputs.updated == 'true'
|
if: steps.action-versioning.outputs.updated == 'true'
|
||||||
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
|
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
commit-message: 'chore: update action references to ${{ steps.version.outputs.major }}'
|
commit-message: 'chore: update action references to ${{ steps.version.outputs.major }}'
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ repos:
|
|||||||
types: [markdown, python, yaml]
|
types: [markdown, python, yaml]
|
||||||
files: ^(docs/.*|README\.md|CONTRIBUTING\.md|CHANGELOG\.md|.*\.py|.*\.ya?ml)$
|
files: ^(docs/.*|README\.md|CONTRIBUTING\.md|CHANGELOG\.md|.*\.py|.*\.ya?ml)$
|
||||||
- repo: https://github.com/astral-sh/uv-pre-commit
|
- repo: https://github.com/astral-sh/uv-pre-commit
|
||||||
rev: 0.9.22
|
rev: 0.10.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: uv-lock
|
- id: uv-lock
|
||||||
- id: uv-sync
|
- id: uv-sync
|
||||||
@@ -50,12 +50,12 @@ repos:
|
|||||||
args: [--fix]
|
args: [--fix]
|
||||||
|
|
||||||
- repo: https://github.com/adrienverge/yamllint
|
- repo: https://github.com/adrienverge/yamllint
|
||||||
rev: v1.37.1
|
rev: v1.38.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: yamllint
|
- id: yamllint
|
||||||
|
|
||||||
- repo: https://github.com/astral-sh/ruff-pre-commit
|
- repo: https://github.com/astral-sh/ruff-pre-commit
|
||||||
rev: v0.14.10
|
rev: v0.15.0
|
||||||
hooks:
|
hooks:
|
||||||
# Run the linter with auto-fix
|
# Run the linter with auto-fix
|
||||||
- id: ruff-check
|
- id: ruff-check
|
||||||
@@ -84,7 +84,7 @@ repos:
|
|||||||
args: ['-shellcheck=']
|
args: ['-shellcheck=']
|
||||||
|
|
||||||
- repo: https://github.com/bridgecrewio/checkov.git
|
- repo: https://github.com/bridgecrewio/checkov.git
|
||||||
rev: '3.2.497'
|
rev: '3.2.500'
|
||||||
hooks:
|
hooks:
|
||||||
- id: checkov
|
- id: checkov
|
||||||
args:
|
args:
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
3.14.2
|
3.14.3
|
||||||
|
|||||||
@@ -75,7 +75,7 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Python
|
- name: Setup Python
|
||||||
if: steps.check-files.outputs.files_found == 'true'
|
if: steps.check-files.outputs.files_found == 'true'
|
||||||
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
||||||
with:
|
with:
|
||||||
python-version: '3.14'
|
python-version: '3.14'
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
@@ -130,6 +130,6 @@ runs:
|
|||||||
|
|
||||||
- name: Upload SARIF Report
|
- name: Upload SARIF Report
|
||||||
if: steps.check-files.outputs.files_found == 'true'
|
if: steps.check-files.outputs.files_found == 'true'
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: ansible-lint.sarif
|
sarif_file: ansible-lint.sarif
|
||||||
|
|||||||
@@ -181,7 +181,7 @@ runs:
|
|||||||
echo "Detected package manager: $package_manager"
|
echo "Detected package manager: $package_manager"
|
||||||
|
|
||||||
- name: Setup Node.js
|
- name: Setup Node.js
|
||||||
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
|
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||||
with:
|
with:
|
||||||
node-version: '24'
|
node-version: '24'
|
||||||
|
|
||||||
@@ -212,13 +212,13 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Bun
|
- name: Setup Bun
|
||||||
if: steps.detect-pm.outputs.package-manager == 'bun'
|
if: steps.detect-pm.outputs.package-manager == 'bun'
|
||||||
uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
|
uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
|
||||||
with:
|
with:
|
||||||
bun-version: latest
|
bun-version: latest
|
||||||
|
|
||||||
- name: Cache Node Dependencies
|
- name: Cache Node Dependencies
|
||||||
id: cache
|
id: cache
|
||||||
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
|
||||||
with:
|
with:
|
||||||
path: node_modules
|
path: node_modules
|
||||||
key: ${{ runner.os }}-biome-lint-${{ inputs.mode }}-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
key: ${{ runner.os }}-biome-lint-${{ inputs.mode }}-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
||||||
@@ -331,7 +331,7 @@ runs:
|
|||||||
|
|
||||||
- name: Upload SARIF Report
|
- name: Upload SARIF Report
|
||||||
if: inputs.mode == 'check' && always()
|
if: inputs.mode == 'check' && always()
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: biome-report.sarif
|
sarif_file: biome-report.sarif
|
||||||
|
|
||||||
|
|||||||
@@ -186,7 +186,7 @@ runs:
|
|||||||
echo "Using build mode: $build_mode"
|
echo "Using build mode: $build_mode"
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
languages: ${{ inputs.language }}
|
languages: ${{ inputs.language }}
|
||||||
queries: ${{ inputs.queries }}
|
queries: ${{ inputs.queries }}
|
||||||
@@ -199,12 +199,12 @@ runs:
|
|||||||
threads: ${{ inputs.threads }}
|
threads: ${{ inputs.threads }}
|
||||||
|
|
||||||
- name: Autobuild
|
- name: Autobuild
|
||||||
uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/autobuild@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
if: ${{ steps.set-build-mode.outputs.build-mode == 'autobuild' }}
|
if: ${{ steps.set-build-mode.outputs.build-mode == 'autobuild' }}
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
- name: Perform CodeQL Analysis
|
||||||
id: analysis
|
id: analysis
|
||||||
uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
category: ${{ steps.set-category.outputs.category }}
|
category: ${{ steps.set-category.outputs.category }}
|
||||||
upload: ${{ inputs.upload-results }}
|
upload: ${{ inputs.upload-results }}
|
||||||
|
|||||||
@@ -163,7 +163,7 @@ runs:
|
|||||||
|
|
||||||
- name: Create New Pull Request If Needed
|
- name: Create New Pull Request If Needed
|
||||||
if: steps.calibre.outputs.markdown != ''
|
if: steps.calibre.outputs.markdown != ''
|
||||||
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
|
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
|
||||||
with:
|
with:
|
||||||
token: ${{ inputs.token }}
|
token: ${{ inputs.token }}
|
||||||
title: 'chore: compress images'
|
title: 'chore: compress images'
|
||||||
|
|||||||
@@ -148,7 +148,7 @@ runs:
|
|||||||
echo "Final detected .NET version: $detected_version" >&2
|
echo "Final detected .NET version: $detected_version" >&2
|
||||||
|
|
||||||
- name: Setup .NET SDK
|
- name: Setup .NET SDK
|
||||||
uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1
|
uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
|
||||||
with:
|
with:
|
||||||
dotnet-version: ${{ steps.detect-dotnet-version.outputs.detected-version }}
|
dotnet-version: ${{ steps.detect-dotnet-version.outputs.detected-version }}
|
||||||
cache: true
|
cache: true
|
||||||
|
|||||||
@@ -164,7 +164,7 @@ runs:
|
|||||||
echo "Final detected .NET version: $detected_version" >&2
|
echo "Final detected .NET version: $detected_version" >&2
|
||||||
|
|
||||||
- name: Setup .NET SDK
|
- name: Setup .NET SDK
|
||||||
uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1
|
uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
|
||||||
with:
|
with:
|
||||||
dotnet-version: ${{ steps.detect-dotnet-version.outputs.detected-version }}
|
dotnet-version: ${{ steps.detect-dotnet-version.outputs.detected-version }}
|
||||||
cache: true
|
cache: true
|
||||||
@@ -206,6 +206,6 @@ runs:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Upload SARIF Report
|
- name: Upload SARIF Report
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: dotnet-format.sarif
|
sarif_file: dotnet-format.sarif
|
||||||
|
|||||||
@@ -162,7 +162,7 @@ runs:
|
|||||||
echo "Final detected .NET version: $detected_version" >&2
|
echo "Final detected .NET version: $detected_version" >&2
|
||||||
|
|
||||||
- name: Setup .NET SDK
|
- name: Setup .NET SDK
|
||||||
uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1
|
uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
|
||||||
with:
|
with:
|
||||||
dotnet-version: ${{ inputs.dotnet-version || steps.detect-dotnet-version.outputs.detected-version }}
|
dotnet-version: ${{ inputs.dotnet-version || steps.detect-dotnet-version.outputs.detected-version }}
|
||||||
cache: true
|
cache: true
|
||||||
|
|||||||
@@ -321,7 +321,7 @@ runs:
|
|||||||
|
|
||||||
- name: Login to GitHub Container Registry
|
- name: Login to GitHub Container Registry
|
||||||
if: ${{ inputs.push == 'true' }}
|
if: ${{ inputs.push == 'true' }}
|
||||||
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
|
|||||||
@@ -265,14 +265,14 @@ runs:
|
|||||||
|
|
||||||
- name: Login to Docker Hub
|
- name: Login to Docker Hub
|
||||||
if: inputs.registry == 'dockerhub' || inputs.registry == 'both'
|
if: inputs.registry == 'dockerhub' || inputs.registry == 'both'
|
||||||
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||||
with:
|
with:
|
||||||
username: ${{ inputs.dockerhub-username }}
|
username: ${{ inputs.dockerhub-username }}
|
||||||
password: ${{ inputs.dockerhub-token }}
|
password: ${{ inputs.dockerhub-token }}
|
||||||
|
|
||||||
- name: Login to GitHub Container Registry
|
- name: Login to GitHub Container Registry
|
||||||
if: inputs.registry == 'github' || inputs.registry == 'both'
|
if: inputs.registry == 'github' || inputs.registry == 'both'
|
||||||
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
|
|||||||
@@ -288,7 +288,7 @@ runs:
|
|||||||
echo "Detected package manager: $package_manager"
|
echo "Detected package manager: $package_manager"
|
||||||
|
|
||||||
- name: Setup Node.js
|
- name: Setup Node.js
|
||||||
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
|
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||||
with:
|
with:
|
||||||
node-version: '24'
|
node-version: '24'
|
||||||
|
|
||||||
@@ -319,13 +319,13 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Bun
|
- name: Setup Bun
|
||||||
if: steps.detect-pm.outputs.package-manager == 'bun'
|
if: steps.detect-pm.outputs.package-manager == 'bun'
|
||||||
uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
|
uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
|
||||||
with:
|
with:
|
||||||
bun-version: latest
|
bun-version: latest
|
||||||
|
|
||||||
- name: Cache Node Dependencies
|
- name: Cache Node Dependencies
|
||||||
id: cache
|
id: cache
|
||||||
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
|
||||||
with:
|
with:
|
||||||
path: node_modules
|
path: node_modules
|
||||||
key: ${{ runner.os }}-eslint-lint-${{ inputs.mode }}-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
key: ${{ runner.os }}-eslint-lint-${{ inputs.mode }}-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
||||||
@@ -457,7 +457,7 @@ runs:
|
|||||||
|
|
||||||
- name: Upload SARIF Report
|
- name: Upload SARIF Report
|
||||||
if: inputs.mode == 'check' && inputs.report-format == 'sarif' && always()
|
if: inputs.mode == 'check' && inputs.report-format == 'sarif' && always()
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: ${{ inputs.working-directory }}/eslint-results.sarif
|
sarif_file: ${{ inputs.working-directory }}/eslint-results.sarif
|
||||||
|
|
||||||
|
|||||||
@@ -159,7 +159,7 @@ runs:
|
|||||||
echo "Final detected Go version: $detected_version" >&2
|
echo "Final detected Go version: $detected_version" >&2
|
||||||
|
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
|
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||||
with:
|
with:
|
||||||
go-version: ${{ steps.detect-go-version.outputs.detected-version }}
|
go-version: ${{ steps.detect-go-version.outputs.detected-version }}
|
||||||
cache: true
|
cache: true
|
||||||
|
|||||||
@@ -205,7 +205,7 @@ runs:
|
|||||||
validate_linter_list "$DISABLE_LINTERS" "disable-linters"
|
validate_linter_list "$DISABLE_LINTERS" "disable-linters"
|
||||||
|
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
|
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||||
with:
|
with:
|
||||||
go-version: ${{ inputs.go-version }}
|
go-version: ${{ inputs.go-version }}
|
||||||
cache: true
|
cache: true
|
||||||
@@ -218,7 +218,7 @@ runs:
|
|||||||
- name: Cache golangci-lint
|
- name: Cache golangci-lint
|
||||||
id: cache
|
id: cache
|
||||||
if: inputs.cache == 'true'
|
if: inputs.cache == 'true'
|
||||||
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
|
||||||
with:
|
with:
|
||||||
path: |
|
path: |
|
||||||
~/.cache/golangci-lint
|
~/.cache/golangci-lint
|
||||||
@@ -414,7 +414,7 @@ runs:
|
|||||||
|
|
||||||
- name: Upload Lint Results
|
- name: Upload Lint Results
|
||||||
if: always() && inputs.report-format == 'sarif'
|
if: always() && inputs.report-format == 'sarif'
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: ${{ inputs.working-directory }}/reports/golangci-lint.sarif
|
sarif_file: ${{ inputs.working-directory }}/reports/golangci-lint.sarif
|
||||||
category: golangci-lint
|
category: golangci-lint
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ runs:
|
|||||||
echo "Detected package manager: $package_manager"
|
echo "Detected package manager: $package_manager"
|
||||||
|
|
||||||
- name: Setup Node.js
|
- name: Setup Node.js
|
||||||
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
|
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||||
with:
|
with:
|
||||||
node-version: '24'
|
node-version: '24'
|
||||||
|
|
||||||
@@ -152,13 +152,13 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Bun
|
- name: Setup Bun
|
||||||
if: steps.detect-pm.outputs.package-manager == 'bun'
|
if: steps.detect-pm.outputs.package-manager == 'bun'
|
||||||
uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
|
uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
|
||||||
with:
|
with:
|
||||||
bun-version: latest
|
bun-version: latest
|
||||||
|
|
||||||
- name: Cache Node Dependencies
|
- name: Cache Node Dependencies
|
||||||
id: cache
|
id: cache
|
||||||
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
|
||||||
with:
|
with:
|
||||||
path: node_modules
|
path: node_modules
|
||||||
key: ${{ runner.os }}-npm-publish-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
key: ${{ runner.os }}-npm-publish-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
||||||
|
|||||||
@@ -356,7 +356,7 @@ runs:
|
|||||||
|
|
||||||
- name: Cache Composer packages
|
- name: Cache Composer packages
|
||||||
id: composer-cache
|
id: composer-cache
|
||||||
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
|
||||||
with:
|
with:
|
||||||
path: |
|
path: |
|
||||||
vendor
|
vendor
|
||||||
|
|||||||
@@ -118,7 +118,7 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Node.js
|
- name: Setup Node.js
|
||||||
if: steps.detect-node.outputs.found == 'true'
|
if: steps.detect-node.outputs.found == 'true'
|
||||||
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
|
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||||
with:
|
with:
|
||||||
node-version: '24'
|
node-version: '24'
|
||||||
|
|
||||||
@@ -156,14 +156,14 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Bun
|
- name: Setup Bun
|
||||||
if: steps.detect-node.outputs.found == 'true' && steps.detect-pm.outputs.package-manager == 'bun'
|
if: steps.detect-node.outputs.found == 'true' && steps.detect-pm.outputs.package-manager == 'bun'
|
||||||
uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
|
uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
|
||||||
with:
|
with:
|
||||||
bun-version: latest
|
bun-version: latest
|
||||||
|
|
||||||
- name: Cache Node Dependencies
|
- name: Cache Node Dependencies
|
||||||
if: steps.detect-node.outputs.found == 'true'
|
if: steps.detect-node.outputs.found == 'true'
|
||||||
id: node-cache
|
id: node-cache
|
||||||
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
|
||||||
with:
|
with:
|
||||||
path: node_modules
|
path: node_modules
|
||||||
key: ${{ runner.os }}-pr-lint-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
key: ${{ runner.os }}-pr-lint-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
||||||
@@ -486,7 +486,7 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Python
|
- name: Setup Python
|
||||||
if: steps.detect-python.outputs.found == 'true'
|
if: steps.detect-python.outputs.found == 'true'
|
||||||
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
||||||
with:
|
with:
|
||||||
python-version: ${{ steps.python-version.outputs.detected-version }}
|
python-version: ${{ steps.python-version.outputs.detected-version }}
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
@@ -621,7 +621,7 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
if: steps.detect-go.outputs.found == 'true'
|
if: steps.detect-go.outputs.found == 'true'
|
||||||
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
|
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||||
with:
|
with:
|
||||||
go-version: ${{ steps.go-version.outputs.detected-version }}
|
go-version: ${{ steps.go-version.outputs.detected-version }}
|
||||||
cache: true
|
cache: true
|
||||||
|
|||||||
@@ -274,7 +274,7 @@ runs:
|
|||||||
echo "Detected package manager: $package_manager"
|
echo "Detected package manager: $package_manager"
|
||||||
|
|
||||||
- name: Setup Node.js
|
- name: Setup Node.js
|
||||||
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
|
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||||
with:
|
with:
|
||||||
node-version: '24'
|
node-version: '24'
|
||||||
|
|
||||||
@@ -305,13 +305,13 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Bun
|
- name: Setup Bun
|
||||||
if: steps.detect-pm.outputs.package-manager == 'bun'
|
if: steps.detect-pm.outputs.package-manager == 'bun'
|
||||||
uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
|
uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
|
||||||
with:
|
with:
|
||||||
bun-version: latest
|
bun-version: latest
|
||||||
|
|
||||||
- name: Cache Node Dependencies
|
- name: Cache Node Dependencies
|
||||||
id: cache
|
id: cache
|
||||||
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
|
||||||
with:
|
with:
|
||||||
path: node_modules
|
path: node_modules
|
||||||
key: ${{ runner.os }}-prettier-lint-${{ inputs.mode }}-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
key: ${{ runner.os }}-prettier-lint-${{ inputs.mode }}-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
|
||||||
|
|||||||
@@ -224,7 +224,7 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Python (pip)
|
- name: Setup Python (pip)
|
||||||
if: steps.package-manager.outputs.package-manager == 'pip'
|
if: steps.package-manager.outputs.package-manager == 'pip'
|
||||||
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
||||||
with:
|
with:
|
||||||
python-version: ${{ steps.python-version.outputs.detected-version }}
|
python-version: ${{ steps.python-version.outputs.detected-version }}
|
||||||
cache: 'pip'
|
cache: 'pip'
|
||||||
@@ -237,7 +237,7 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Python (pipenv)
|
- name: Setup Python (pipenv)
|
||||||
if: steps.package-manager.outputs.package-manager == 'pipenv'
|
if: steps.package-manager.outputs.package-manager == 'pipenv'
|
||||||
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
||||||
with:
|
with:
|
||||||
python-version: ${{ steps.python-version.outputs.detected-version }}
|
python-version: ${{ steps.python-version.outputs.detected-version }}
|
||||||
cache: 'pipenv'
|
cache: 'pipenv'
|
||||||
@@ -247,7 +247,7 @@ runs:
|
|||||||
|
|
||||||
- name: Setup Python (poetry)
|
- name: Setup Python (poetry)
|
||||||
if: steps.package-manager.outputs.package-manager == 'poetry'
|
if: steps.package-manager.outputs.package-manager == 'poetry'
|
||||||
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
||||||
with:
|
with:
|
||||||
python-version: ${{ steps.python-version.outputs.detected-version }}
|
python-version: ${{ steps.python-version.outputs.detected-version }}
|
||||||
cache: 'poetry'
|
cache: 'poetry'
|
||||||
@@ -370,7 +370,7 @@ runs:
|
|||||||
|
|
||||||
- name: Upload SARIF Report
|
- name: Upload SARIF Report
|
||||||
if: steps.check-files.outputs.result == 'found'
|
if: steps.check-files.outputs.result == 'found'
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif
|
sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif
|
||||||
category: 'python-lint'
|
category: 'python-lint'
|
||||||
|
|||||||
@@ -99,7 +99,7 @@ runs:
|
|||||||
|
|
||||||
- name: Run actionlint
|
- name: Run actionlint
|
||||||
if: steps.check-configs.outputs.run_actionlint == 'true'
|
if: steps.check-configs.outputs.run_actionlint == 'true'
|
||||||
uses: raven-actions/actionlint@963d4779ef039e217e5d0e6fd73ce9ab7764e493 # v2.1.0
|
uses: raven-actions/actionlint@e01d1ea33dd6a5ed517d95b4c0c357560ac6f518 # v2.1.1
|
||||||
with:
|
with:
|
||||||
cache: true
|
cache: true
|
||||||
fail-on-error: true
|
fail-on-error: true
|
||||||
@@ -161,14 +161,14 @@ runs:
|
|||||||
|
|
||||||
- name: Upload Trivy results
|
- name: Upload Trivy results
|
||||||
if: steps.verify-sarif.outputs.has_trivy == 'true'
|
if: steps.verify-sarif.outputs.has_trivy == 'true'
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: 'trivy-results.sarif'
|
sarif_file: 'trivy-results.sarif'
|
||||||
category: 'trivy'
|
category: 'trivy'
|
||||||
|
|
||||||
- name: Upload Gitleaks results
|
- name: Upload Gitleaks results
|
||||||
if: steps.verify-sarif.outputs.has_gitleaks == 'true'
|
if: steps.verify-sarif.outputs.has_gitleaks == 'true'
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: 'gitleaks-report.sarif'
|
sarif_file: 'gitleaks-report.sarif'
|
||||||
category: 'gitleaks'
|
category: 'gitleaks'
|
||||||
|
|||||||
@@ -256,7 +256,7 @@ runs:
|
|||||||
|
|
||||||
- name: Upload SARIF Report
|
- name: Upload SARIF Report
|
||||||
if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif'
|
if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif'
|
||||||
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
|
||||||
with:
|
with:
|
||||||
sarif_file: ${{ env.VALIDATED_WORKING_DIR }}/reports/tflint.sarif
|
sarif_file: ${{ env.VALIDATED_WORKING_DIR }}/reports/tflint.sarif
|
||||||
category: terraform-lint
|
category: terraform-lint
|
||||||
|
|||||||
Reference in New Issue
Block a user