Skip to content

chore(deps): update gh workflow tools requiring manual sha sum updates #174

chore(deps): update gh workflow tools requiring manual sha sum updates

chore(deps): update gh workflow tools requiring manual sha sum updates #174

Workflow file for this run

# yaml-language-server:$schema=https://json.schemastore.org/github-workflow.json
# https://docs.github.com/en/actions/writing-workflows
name: Verify
# yamllint disable-line rule:truthy
on:
push:
pull_request:
workflow_dispatch:
inputs:
editorconfig:
description: Run EditorConfig linter
default: true
type: boolean
gitleaks:
description: Run Gitleaks (Secret scanner)
default: true
type: boolean
markdownlint:
description: Run Markdown linter
default: true
type: boolean
powershell:
description: Run PowerShell linter
default: true
type: boolean
shellcheck:
description: Run shellcheck (shell script linter)
default: true
type: boolean
taplo:
description: Run taplo (TOML linter)
default: true
type: boolean
yamllint:
description: Run yamllint (YAML linter)
default: true
type: boolean
# https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
contents: read
jobs:
editorconfig:
runs-on: ubuntu-latest
if: ${{ inputs.editorconfig || true }}
steps:
- uses: actions/checkout@v4
- name: Extract Tool Versions
id: tool-versions
run: |
ec_version=$(grep -F 'editorconfig-checker' .mise.toml | cut -d '=' -f2 | cut -d '#' -f1 | xargs)
ec_shasum=$(grep -F 'editorconfig-checker' .mise.toml | cut -d '=' -f3 | xargs)
echo "ec_version=${ec_version}" >> "$GITHUB_OUTPUT"
echo "ec_shasum=${ec_shasum}" >> "$GITHUB_OUTPUT"
- name: Run EditorConfig Checker
env:
EDITORCONFIG_VERSION: ${{ steps.tool-versions.outputs.ec_version }}
EDITORCONFIG_SHASUM: ${{ steps.tool-versions.outputs.ec_shasum }}
run: |
curl --fail --silent --show-error --location --output editorconfig.tar.gz \
https://github.com/editorconfig-checker/editorconfig-checker/releases/download/v${EDITORCONFIG_VERSION}/ec-linux-amd64.tar.gz
echo "${EDITORCONFIG_SHASUM} editorconfig.tar.gz" | sha256sum --check
tar -xzf editorconfig.tar.gz bin/ec-linux-amd64
./bin/ec-linux-amd64 --exclude .git
gitleaks:
runs-on: ubuntu-latest
if: ${{ inputs.gitleaks || true }}
steps:
- uses: actions/checkout@v4
- name: Extract Tool Versions
id: tool-versions
run: |
gitleaks_version=$(grep -F 'gitleaks' .mise.toml | cut -d '=' -f2 | cut -d '#' -f1 | xargs)
gitleaks_shasum=$(grep -F 'gitleaks' .mise.toml | cut -d '=' -f3 | xargs)
echo "gitleaks_version=${gitleaks_version}" >> "$GITHUB_OUTPUT"
echo "gitleaks_shasum=${gitleaks_shasum}" >> "$GITHUB_OUTPUT"
- name: Install Gitleaks
env:
GITLEAKS_VERSION: ${{ steps.tool-versions.outputs.gitleaks_version }}
GITLEAKS_SHASUM: ${{ steps.tool-versions.outputs.gitleaks_shasum }}
run: |
curl --fail --silent --show-error --location --output gitleaks.tar.gz \
https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz
echo "${GITLEAKS_SHASUM} gitleaks.tar.gz" | sha256sum --check
tar -xzf gitleaks.tar.gz gitleaks
./gitleaks dir --verbose --redact .
markdownlint:
runs-on: ubuntu-latest
if: ${{ inputs.markdownlint || true }}
steps:
- uses: actions/checkout@v4
- uses: DavidAnson/markdownlint-cli2-action@v19
powershell:
runs-on: ubuntu-latest
if: ${{ inputs.powershell || true }}
steps:
- name: PSScriptAnalyzer
shell: pwsh
run: |
Invoke-ScriptAnalyzer -Path .\ -Settings PSGallery -Recurse
shellcheck:
runs-on: ubuntu-latest
if: ${{ inputs.shellcheck || true }}
steps:
- uses: actions/checkout@v4
- name: Extract Tool Versions
id: tool-versions
run: |
shellcheck_version=$(grep -F 'shellcheck' .mise.toml | cut -d '=' -f2 | cut -d '#' -f1 | xargs)
echo "shellcheck_version=${shellcheck_version}" >> "$GITHUB_OUTPUT"
- uses: ludeeus/[email protected]
with:
version: v${{ steps.tool-versions.outputs.shellcheck_version }}
taplo:
runs-on: ubuntu-latest
if: ${{ inputs.taplo || true }}
steps:
- uses: actions/checkout@v4
- name: Extract Tool Versions
id: tool-versions
run: |
taplo_version=$(grep -F 'taplo' .mise.toml | grep -v 'asdf' | cut -d '=' -f2 | cut -d '#' -f1 | xargs)
taplo_shasum=$(grep -F 'taplo' .mise.toml | cut -d '=' -f3 | xargs)
echo "taplo_version=${taplo_version}" >> "$GITHUB_OUTPUT"
echo "taplo_shasum=${taplo_shasum}" >> "$GITHUB_OUTPUT"
- name: Run Taplo
env:
TAPLO_VERSION: ${{ steps.tool-versions.outputs.taplo_version }}
TAPLO_SHASUM: ${{ steps.tool-versions.outputs.taplo_shasum }}
run: |
curl --fail --silent --show-error --location --output taplo.gz \
https://github.com/tamasfe/taplo/releases/download/${TAPLO_VERSION}/taplo-full-linux-x86_64.gz
echo "${TAPLO_SHASUM} taplo.gz" | sha256sum --check
gunzip --decompress taplo.gz
chmod +x ./taplo
./taplo format --check --diff
./taplo check --default-schema-catalogs
yamllint:
runs-on: ubuntu-latest
if: ${{ inputs.yamllint || true }}
steps:
- uses: actions/checkout@v4
- name: Run yamllint
run: |
pip install yamllint
yamllint .