Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Synchronize shared configuration #182

Merged
merged 2 commits into from
Nov 1, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 88 additions & 0 deletions .github/workflows/actionlint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# This file is synced from the `.github` repository, do not modify it directly.
name: Actionlint

on:
push:
branches:
- main
- master
paths:
- '.github/workflows/*.ya?ml'
pull_request:
paths:
- '.github/workflows/*.ya?ml'

defaults:
run:
shell: bash -xeuo pipefail {0}

concurrency:
group: "actionlint-${{ github.ref }}"
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

env:
HOMEBREW_DEVELOPER: 1
HOMEBREW_NO_AUTO_UPDATE: 1
HOMEBREW_NO_ENV_HINTS: 1

permissions: {}

jobs:
workflow_syntax:
if: github.repository_owner == 'Homebrew'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Set up Homebrew
id: setup-homebrew
uses: Homebrew/actions/setup-homebrew@master
with:
core: false
cask: false
test-bot: false

- name: Install tools
run: brew install actionlint shellcheck zizmor

- uses: actions/checkout@v4
with:
persist-credentials: false

- run: zizmor --format sarif . >results.sarif

- name: Upload SARIF file
uses: actions/upload-artifact@v4
with:
name: results.sarif
path: results.sarif

- name: Set up actionlint
run: echo "::add-matcher::$(brew --repository)/.github/actionlint-matcher.json"

- run: actionlint

upload_sarif:
needs: workflow_syntax
# We want to always upload this even if `actionlint` failed.
# This is only available on public repositories.
if: >
always() &&
!contains(fromJSON('[["cancelled", "skipped"]]'), needs.workflow_syntax.result) &&
!github.event.repository.private
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Download SARIF file
uses: actions/download-artifact@v4
with:
name: results.sarif
path: results.sarif

- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
category: zizmor
13 changes: 9 additions & 4 deletions .github/workflows/stale-issues.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,7 @@ on:
- cron: "0 0 * * *"
issue_comment:

permissions:
contents: write
issues: write
pull-requests: write
permissions: {}

defaults:
run:
Expand All @@ -35,6 +32,10 @@ jobs:
)
)
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
pull-requests: write
steps:
- name: Mark/Close Stale Issues and Pull Requests
uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9
Expand All @@ -61,6 +62,10 @@ jobs:
)
)
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
pull-requests: write
steps:
- name: Mark/Close Stale `bump-formula-pr` and `bump-cask-pr` Pull Requests
uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9
Expand Down