From ea889aea394087866f919fda46e2d811c2be9dca Mon Sep 17 00:00:00 2001 From: Ayoub Benaissa Date: Thu, 31 Oct 2024 07:18:35 +0000 Subject: [PATCH 1/2] feat(ci): lint action files --- .github/workflows/action-pin.yaml | 16 ++++++++++++++++ .github/workflows/actionlint.yml | 16 ++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 .github/workflows/action-pin.yaml create mode 100644 .github/workflows/actionlint.yml diff --git a/.github/workflows/action-pin.yaml b/.github/workflows/action-pin.yaml new file mode 100644 index 0000000000..2a94f2283c --- /dev/null +++ b/.github/workflows/action-pin.yaml @@ -0,0 +1,16 @@ +name: Action Pin + +on: + pull_request: + push: + branches: + - main + +jobs: + check-action-pin: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + + - name: Ensure SHA pinned actions + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@0901cf7b71c7ea6261ec69a3dc2bd3f9264f893e # v3.0.12 diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml new file mode 100644 index 0000000000..fbd5087f24 --- /dev/null +++ b/.github/workflows/actionlint.yml @@ -0,0 +1,16 @@ +name: Action Lint + +on: + pull_request: + push: + branches: + - main + +jobs: + action-lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + + - name: actionlint + uses: raven-actions/actionlint@01fce4f43a270a612932cb1c64d40505a029f821 # v2.0.0 From e9eb1539e80a0cbac7fa583a1e68a957de631c3f Mon Sep 17 00:00:00 2001 From: youben11 Date: Thu, 31 Oct 2024 10:30:32 +0100 Subject: [PATCH 2/2] fix(ci): pin actions by hash --- .github/workflows/action-pin.yaml | 3 +++ .github/workflows/linelint.yml | 2 +- .github/workflows/markdown_link_check.yml | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/action-pin.yaml b/.github/workflows/action-pin.yaml index 2a94f2283c..feb3cb4ba0 100644 --- a/.github/workflows/action-pin.yaml +++ b/.github/workflows/action-pin.yaml @@ -14,3 +14,6 @@ jobs: - name: Ensure SHA pinned actions uses: zgosalvez/github-actions-ensure-sha-pinned-actions@0901cf7b71c7ea6261ec69a3dc2bd3f9264f893e # v3.0.12 + with: + allowlist: | + slsa-framework/slsa-github-generator diff --git a/.github/workflows/linelint.yml b/.github/workflows/linelint.yml index 2a3fd997b0..03b814c839 100644 --- a/.github/workflows/linelint.yml +++ b/.github/workflows/linelint.yml @@ -14,5 +14,5 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Linelint - uses: fernandrone/linelint@0.0.4 + uses: fernandrone/linelint@8136e0fa9997122d80f5f793e0bb9a45e678fbb1 # 0.0.4 id: linelint diff --git a/.github/workflows/markdown_link_check.yml b/.github/workflows/markdown_link_check.yml index a428b1259c..b2c6ffb849 100644 --- a/.github/workflows/markdown_link_check.yml +++ b/.github/workflows/markdown_link_check.yml @@ -13,7 +13,7 @@ jobs: markdown-link-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 with: use-quiet-mode: 'yes'