fix: test failures caused by GitHub Actions token masking, updates (#97)

* Initial plan * Fix test token masking issue in GitHub Actions Co-authored-by: ivuorinen <11024+ivuorinen@users.noreply.github.com> * chore: update permissions, go version, linting * fix(ci): ignore test tokens for gitleaks * chore: add fetch-depth zero to all checkout actions * fix(ci): pr-lint contents write permission * [MegaLinter] Apply linters fixes * chore: ignore and remove megalinter-reports * fix: restore commitlint pre-commit hook to v9.24.0 Co-authored-by: ivuorinen <11024+ivuorinen@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: ivuorinen <11024+ivuorinen@users.noreply.github.com> Co-authored-by: Ismo Vuorinen <ismo@ivuorinen.net>
2026-02-04 14:45:03 +00:00 · 2025-11-13 18:13:20 +02:00
parent f4222fb6f3
commit d09c7918cb
23 changed files with 89 additions and 72 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6
      - name: Install dependencies
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -30,6 +30,8 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0

      - name: Initialize CodeQL
        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -20,9 +20,12 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
-      statuses: write
-      contents: read
+      actions: write
+      contents: write
+      issues: write
      packages: read
+      pull-requests: write
+      statuses: write

    steps:
      - name: Run PR Lint
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -30,6 +30,8 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6
@@ -49,6 +51,8 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          fetch-depth: 0

      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@master # 0.32.0
@@ -96,6 +100,8 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6
@@ -130,6 +136,8 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          fetch-depth: 0

      - name: Dependency Review
        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -36,6 +36,7 @@ jobs:
      - name: ⤵️ Checkout Repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
+          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: ⤵️ Sync Latest Labels Definitions
        uses: ivuorinen/actions/sync-labels@ff0ca4bc920c518b2ce2dc20c5e5a6e95f76dee0 # v2025.11.02