fix(ci): tweak workflows

2026-02-11 23:48:55 +00:00 · 2025-03-24 01:07:34 +02:00
parent 58ffaaacdb
commit 6b6236b303
5 changed files with 28 additions and 32 deletions
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -1,18 +1,29 @@
 ---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: PR Lint

+# yamllint disable-line rule:truthy
 on:
  push:
-    branches-ignore: [master, main]
-    # Remove the line above to run when pushing to master
+    branches: [master, main]
  pull_request:
    branches: [master, main]

-permissions:
-  contents: read
-  packages: read
-  statuses: write
+permissions: read-all
+
+env:
+  TRIVY_SEVERITY: CRITICAL,HIGH
+  DISABLE_LINTERS: GO_GOLANGCI_LINT

 jobs:
-  SuperLinter:
-    uses: ivuorinen/.github/.github/workflows/pr-lint.yml@main
+  Linter:
+    name: PR Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # only for delete-branch option
+      issues: write
+      pull-requests: write
+      statuses: write
+
+    steps:
+      - uses: ivuorinen/actions/pr-lint@eb085adfe2779a1c52bfe1b2d0945b6c4241f54e # 25.3.19
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,19 +0,0 @@
---
-name: Stale
-
-# yamllint disable-line rule:truthy
-on:
-  schedule:
-    - cron: "0 8 * * *"
-  workflow_call:
-  workflow_dispatch:
-
-jobs:
-  stale:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write # only for delete-branch option
-      issues: write
-      pull-requests: write
-    steps:
-      - uses: ivuorinen/actions/stale@main
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -1,11 +1,12 @@
 ---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: Sync labels

+permissions: read-all
+
 # yamllint disable-line rule:truthy
 on:
  push:
-    branches:
-      - main
    paths:
      - .github/workflows/sync-labels.yml
      - .github/labels.yml
@@ -17,7 +18,8 @@ on:
 jobs:
  SyncLabels:
    permissions:
+      contents: read
      issues: write
    runs-on: ubuntu-latest
    steps:
-      - uses: ivuorinen/actions/sync-labels@main
+      - uses: ivuorinen/actions/sync-labels@eb085adfe2779a1c52bfe1b2d0945b6c4241f54e # 25.3.19
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,12 +19,14 @@ jobs:
          go-version-file: 'go.mod'

      - name: Run Go Tests
+        shell: bash
        run: go test -json ./... > go-test-results.json

      - name: Convert JSON to SARIF
        uses: ivuorinen/go-test-sarif@v1
        with:
-          test_results: go-test-results.json
+          input_file: go-test-results.json
+          output_file: go-test-results.sarif

      - name: Upload SARIF to GitHub Security Tab
        uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3