746be9bd73
Bumps the all group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `github/codeql-action` from 3.29.9 to 3.29.11 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](df559355d5...3c3833e0f8) Updates `ruby/setup-ruby` from 1.255.0 to 1.256.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](829114fc20...efbf473cab) Updates `codecov/codecov-action` from 5.4.3 to 5.5.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](18283e04ce...fdcc847654) build(deps): bump the all group across 1 directory with 8 updates Bumps the all group with 4 updates in the /Library/Homebrew directory: [rubocop](https://github.com/rubocop/rubocop), [rubocop-md](https://github.com/rubocop/rubocop-md), [sorbet-static-and-runtime](https://github.com/sorbet/sorbet) and [rspec-support](https://github.com/rspec/rspec). Updates `rubocop` from 1.79.2 to 1.80.0 - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.79.2...v1.80.0) Updates `rubocop-md` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/rubocop/rubocop-md/releases) - [Changelog](https://github.com/rubocop/rubocop-md/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop-md/compare/v2.0.1...v2.0.2) Updates `sorbet-static-and-runtime` from 0.5.12401 to 0.5.12434 - [Release notes](https://github.com/sorbet/sorbet/releases) - [Commits](https://github.com/sorbet/sorbet/commits) Updates `sorbet-runtime` from 0.5.12401 to 0.5.12434 - [Release notes](https://github.com/sorbet/sorbet/releases) - [Commits](https://github.com/sorbet/sorbet/commits) Updates `rspec-support` from 3.13.4 to 3.13.5 - [Changelog](https://github.com/rspec/rspec/blob/rspec-support-v3.13.5/rspec-support/Changelog.md) - [Commits](https://github.com/rspec/rspec/compare/rspec-support-v3.13.4...rspec-support-v3.13.5) Updates `sorbet` from 0.5.12401 to 0.5.12434 - [Release notes](https://github.com/sorbet/sorbet/releases) - [Commits](https://github.com/sorbet/sorbet/commits) Updates `sorbet-static` from 0.5.12401 to 0.5.12434 - [Release notes](https://github.com/sorbet/sorbet/releases) - [Commits](https://github.com/sorbet/sorbet/commits) Updates `unicode-display_width` from 3.1.4 to 3.1.5 - [Changelog](https://github.com/janlelis/unicode-display_width/blob/main/CHANGELOG.md) - [Commits](https://github.com/janlelis/unicode-display_width/compare/v3.1.4...v3.1.5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: ruby/setup-ruby dependency-version: 1.256.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: codecov/codecov-action dependency-version: 5.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: rubocop dependency-version: 1.80.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all - dependency-name: rubocop-md dependency-version: 2.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all - dependency-name: sorbet-static-and-runtime dependency-version: 0.5.12434 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all - dependency-name: sorbet-runtime dependency-version: 0.5.12434 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: rspec-support dependency-version: 3.13.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all - dependency-name: sorbet dependency-version: 0.5.12434 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all - dependency-name: sorbet-static dependency-version: 0.5.12434 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all - dependency-name: unicode-display_width dependency-version: 3.1.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>
100 lines
2.9 KiB
YAML
100 lines
2.9 KiB
YAML
# This file is synced from the `.github` repository, do not modify it directly.
|
|
name: Actionlint
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- master
|
|
pull_request:
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash -xeuo pipefail {0}
|
|
|
|
concurrency:
|
|
group: "actionlint-${{ github.ref }}"
|
|
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
|
|
|
|
env:
|
|
HOMEBREW_DEVELOPER: 1
|
|
HOMEBREW_NO_AUTO_UPDATE: 1
|
|
HOMEBREW_NO_ENV_HINTS: 1
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
workflow_syntax:
|
|
if: github.repository_owner == 'Homebrew'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
container:
|
|
image: ghcr.io/homebrew/ubuntu22.04:main
|
|
steps:
|
|
- name: Set up Homebrew
|
|
id: setup-homebrew
|
|
uses: Homebrew/actions/setup-homebrew@main
|
|
with:
|
|
core: false
|
|
cask: false
|
|
test-bot: false
|
|
|
|
- name: Install tools
|
|
run: brew install actionlint shellcheck zizmor
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- run: zizmor --format sarif . > results.sarif
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Upload SARIF file
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
# We can't use the SARIF file when triggered by `merge_group` so we don't upload it.
|
|
if: always() && github.event_name != 'merge_group'
|
|
with:
|
|
name: results.sarif
|
|
path: results.sarif
|
|
|
|
- name: Set up actionlint
|
|
run: |
|
|
# In homebrew-core, setting `shell: /bin/bash` prevents shellcheck from running on
|
|
# those steps, so let's change them to `shell: bash` temporarily for better linting.
|
|
sed -i 's|shell: /bin/bash -x|shell: bash -x|' .github/workflows/*.y*ml
|
|
|
|
# In homebrew-core, the JSON matcher needs to be accessible to the container host.
|
|
cp "$(brew --repository)/.github/actionlint-matcher.json" "$HOME"
|
|
|
|
echo "::add-matcher::$HOME/actionlint-matcher.json"
|
|
|
|
- run: actionlint
|
|
|
|
upload_sarif:
|
|
needs: workflow_syntax
|
|
# We want to always upload this even if `actionlint` failed.
|
|
# This is only available on public repositories.
|
|
if: >
|
|
always() &&
|
|
!contains(fromJSON('["cancelled", "skipped"]'), needs.workflow_syntax.result) &&
|
|
!github.event.repository.private &&
|
|
github.event_name != 'merge_group'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
steps:
|
|
- name: Download SARIF file
|
|
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
|
with:
|
|
name: results.sarif
|
|
path: results.sarif
|
|
|
|
- name: Upload SARIF file
|
|
uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
|
|
with:
|
|
sarif_file: results.sarif
|
|
category: zizmor
|