chore(deps): update gh workflow tools requiring manual sha sum updates #174
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server:$schema=https://json.schemastore.org/github-workflow.json | |
# https://docs.github.com/en/actions/writing-workflows | |
name: Verify | |
# yamllint disable-line rule:truthy | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
editorconfig: | |
description: Run EditorConfig linter | |
default: true | |
type: boolean | |
gitleaks: | |
description: Run Gitleaks (Secret scanner) | |
default: true | |
type: boolean | |
markdownlint: | |
description: Run Markdown linter | |
default: true | |
type: boolean | |
powershell: | |
description: Run PowerShell linter | |
default: true | |
type: boolean | |
shellcheck: | |
description: Run shellcheck (shell script linter) | |
default: true | |
type: boolean | |
taplo: | |
description: Run taplo (TOML linter) | |
default: true | |
type: boolean | |
yamllint: | |
description: Run yamllint (YAML linter) | |
default: true | |
type: boolean | |
# https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token | |
permissions: | |
contents: read | |
jobs: | |
editorconfig: | |
runs-on: ubuntu-latest | |
if: ${{ inputs.editorconfig || true }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Extract Tool Versions | |
id: tool-versions | |
run: | | |
ec_version=$(grep -F 'editorconfig-checker' .mise.toml | cut -d '=' -f2 | cut -d '#' -f1 | xargs) | |
ec_shasum=$(grep -F 'editorconfig-checker' .mise.toml | cut -d '=' -f3 | xargs) | |
echo "ec_version=${ec_version}" >> "$GITHUB_OUTPUT" | |
echo "ec_shasum=${ec_shasum}" >> "$GITHUB_OUTPUT" | |
- name: Run EditorConfig Checker | |
env: | |
EDITORCONFIG_VERSION: ${{ steps.tool-versions.outputs.ec_version }} | |
EDITORCONFIG_SHASUM: ${{ steps.tool-versions.outputs.ec_shasum }} | |
run: | | |
curl --fail --silent --show-error --location --output editorconfig.tar.gz \ | |
https://github.com/editorconfig-checker/editorconfig-checker/releases/download/v${EDITORCONFIG_VERSION}/ec-linux-amd64.tar.gz | |
echo "${EDITORCONFIG_SHASUM} editorconfig.tar.gz" | sha256sum --check | |
tar -xzf editorconfig.tar.gz bin/ec-linux-amd64 | |
./bin/ec-linux-amd64 --exclude .git | |
gitleaks: | |
runs-on: ubuntu-latest | |
if: ${{ inputs.gitleaks || true }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Extract Tool Versions | |
id: tool-versions | |
run: | | |
gitleaks_version=$(grep -F 'gitleaks' .mise.toml | cut -d '=' -f2 | cut -d '#' -f1 | xargs) | |
gitleaks_shasum=$(grep -F 'gitleaks' .mise.toml | cut -d '=' -f3 | xargs) | |
echo "gitleaks_version=${gitleaks_version}" >> "$GITHUB_OUTPUT" | |
echo "gitleaks_shasum=${gitleaks_shasum}" >> "$GITHUB_OUTPUT" | |
- name: Install Gitleaks | |
env: | |
GITLEAKS_VERSION: ${{ steps.tool-versions.outputs.gitleaks_version }} | |
GITLEAKS_SHASUM: ${{ steps.tool-versions.outputs.gitleaks_shasum }} | |
run: | | |
curl --fail --silent --show-error --location --output gitleaks.tar.gz \ | |
https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz | |
echo "${GITLEAKS_SHASUM} gitleaks.tar.gz" | sha256sum --check | |
tar -xzf gitleaks.tar.gz gitleaks | |
./gitleaks dir --verbose --redact . | |
markdownlint: | |
runs-on: ubuntu-latest | |
if: ${{ inputs.markdownlint || true }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: DavidAnson/markdownlint-cli2-action@v19 | |
powershell: | |
runs-on: ubuntu-latest | |
if: ${{ inputs.powershell || true }} | |
steps: | |
- name: PSScriptAnalyzer | |
shell: pwsh | |
run: | | |
Invoke-ScriptAnalyzer -Path .\ -Settings PSGallery -Recurse | |
shellcheck: | |
runs-on: ubuntu-latest | |
if: ${{ inputs.shellcheck || true }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Extract Tool Versions | |
id: tool-versions | |
run: | | |
shellcheck_version=$(grep -F 'shellcheck' .mise.toml | cut -d '=' -f2 | cut -d '#' -f1 | xargs) | |
echo "shellcheck_version=${shellcheck_version}" >> "$GITHUB_OUTPUT" | |
- uses: ludeeus/[email protected] | |
with: | |
version: v${{ steps.tool-versions.outputs.shellcheck_version }} | |
taplo: | |
runs-on: ubuntu-latest | |
if: ${{ inputs.taplo || true }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Extract Tool Versions | |
id: tool-versions | |
run: | | |
taplo_version=$(grep -F 'taplo' .mise.toml | grep -v 'asdf' | cut -d '=' -f2 | cut -d '#' -f1 | xargs) | |
taplo_shasum=$(grep -F 'taplo' .mise.toml | cut -d '=' -f3 | xargs) | |
echo "taplo_version=${taplo_version}" >> "$GITHUB_OUTPUT" | |
echo "taplo_shasum=${taplo_shasum}" >> "$GITHUB_OUTPUT" | |
- name: Run Taplo | |
env: | |
TAPLO_VERSION: ${{ steps.tool-versions.outputs.taplo_version }} | |
TAPLO_SHASUM: ${{ steps.tool-versions.outputs.taplo_shasum }} | |
run: | | |
curl --fail --silent --show-error --location --output taplo.gz \ | |
https://github.com/tamasfe/taplo/releases/download/${TAPLO_VERSION}/taplo-full-linux-x86_64.gz | |
echo "${TAPLO_SHASUM} taplo.gz" | sha256sum --check | |
gunzip --decompress taplo.gz | |
chmod +x ./taplo | |
./taplo format --check --diff | |
./taplo check --default-schema-catalogs | |
yamllint: | |
runs-on: ubuntu-latest | |
if: ${{ inputs.yamllint || true }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run yamllint | |
run: | | |
pip install yamllint | |
yamllint . |