admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity
brew/.github/workflows/actionlint.yml
dependabot[bot] c8213558ef
build(deps): bump the github-actions group with 3 updates 
Bumps the github-actions group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance).


Updates `github/codeql-action` from 3.28.19 to 3.29.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](fca7ace96b...ce28f5bb42)

Updates `ruby/setup-ruby` from 1.244.0 to 1.245.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](13e7a03dc3...a4effe49ee)

Updates `actions/attest-build-provenance` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](db473fddc0...e8998f9491)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: ruby/setup-ruby
  dependency-version: 1.245.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/attest-build-provenance
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-06-13 08:22:08 +00:00

95 lines
2.6 KiB
YAML
Raw Blame History

# This file is synced from the `.github` repository, do not modify it directly.
name: Actionlint
on:
push:
branches:
- main
- master
paths:
- '.github/workflows/*.ya?ml'
- 'Formula/a/actionlint.rb'
- 'Formula/s/shellcheck.rb'
- 'Formula/z/zizmor.rb'
pull_request:
paths:
- '.github/workflows/*.ya?ml'
defaults:
run:
shell: bash -xeuo pipefail {0}
concurrency:
group: "actionlint-${{ github.ref }}"
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
env:
HOMEBREW_DEVELOPER: 1
HOMEBREW_NO_AUTO_UPDATE: 1
HOMEBREW_NO_ENV_HINTS: 1
permissions: {}
jobs:
workflow_syntax:
if: github.repository_owner == 'Homebrew'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Set up Homebrew
id: setup-homebrew
uses: Homebrew/actions/setup-homebrew@master
with:
core: false
cask: false
test-bot: false
- name: Install tools
run: brew install actionlint shellcheck zizmor
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- run: zizmor --format sarif . > results.sarif
- name: Upload SARIF file
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
# We can't use the SARIF file when triggered by `merge_group` so we don't upload it.
if: always() && github.event_name != 'merge_group'
with:
name: results.sarif
path: results.sarif
- name: Set up actionlint
run: echo "::add-matcher::$(brew --repository)/.github/actionlint-matcher.json"
- run: actionlint
upload_sarif:
needs: workflow_syntax
# We want to always upload this even if `actionlint` failed.
# This is only available on public repositories.
if: >
always() &&
!contains(fromJSON('["cancelled", "skipped"]'), needs.workflow_syntax.result) &&
!github.event.repository.private &&
github.event_name != 'merge_group'
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Download SARIF file
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: results.sarif
path: results.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
with:
sarif_file: results.sarif
category: zizmor
Reference in New Issue View Git Blame Copy Permalink