Skip to content

Commit

Permalink
activate approved actions
Browse files Browse the repository at this point in the history
  • Loading branch information
Eeebru committed Dec 2, 2024
1 parent 507a69a commit 4c8c0d3
Show file tree
Hide file tree
Showing 6 changed files with 17 additions and 7 deletions.
2 changes: 1 addition & 1 deletion Taskfile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ tasks:

test:e2e:lint:single:
cmds:
- pipenv run bwwl lint --files tests/fixtures/test_a.yml
- pipenv run bwwl lint --files tests/fixtures/test.yml

test:e2e:actions:add:
cmds:
Expand Down
1 change: 1 addition & 0 deletions settings.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ enabled_rules:
- bitwarden_workflow_linter.rules.name_capitalized.RuleNameCapitalized
- bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
- bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
- bitwarden_workflow_linter.rules.step_approved.RuleStepUsesApproved
- bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
- bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs

Expand Down
5 changes: 5 additions & 0 deletions src/bitwarden_workflow_linter/default_actions.json
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,11 @@
"sha": "445c42390d790569d938f9068d01af39ca030feb",
"version": "v1.0.0"
},
"maxim-lobanov/setup-xcode" : {
"name": "maxim-lobanov/setup-xcode",
"sha": "60606e260d2fc5762a71e64e74b2174e8ea3c8bd",
"version": "v1.6.0"
},
"microsoft/setup-msbuild": {
"name": "microsoft/setup-msbuild",
"sha": "1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c",
Expand Down
2 changes: 1 addition & 1 deletion src/bitwarden_workflow_linter/default_settings.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ enabled_rules:
- bitwarden_workflow_linter.rules.name_capitalized.RuleNameCapitalized
- bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
- bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
- bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
- bitwarden_workflow_linter.rules.step_approved.RuleStepUsesApproved
- bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
- bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs

Expand Down
2 changes: 1 addition & 1 deletion src/bitwarden_workflow_linter/rules/step_approved.py
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ def fn(self, obj: Step) -> Tuple[bool, str]:
if self.skip(obj):
return True, ""

# Actions in bitwarden/gh-actions are auto-approved
# Actions in bitwarden/ are auto-approved
if obj.uses and not obj.uses_path in self.settings.approved_actions:
return False, (
f"New Action detected: {obj.uses_path}\nFor security purposes, "
Expand Down
12 changes: 8 additions & 4 deletions tests/fixtures/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,10 @@ jobs:
_CROWDIN_PROJECT_ID: "308189"
steps:
- name: Checkout repo
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.3.4

uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Log in to Azure - CI subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.5.1
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

Expand All @@ -30,7 +29,7 @@ jobs:
keyvault: "bitwarden-ci"
secrets: "crowdin-api-token"

- uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea # v1.3.2
- uses: crowdin/github-action@fdc55cdc519e86e32c22a07528d649277f1127f2 # v1.16.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
Expand All @@ -47,3 +46,8 @@ jobs:
create_pull_request: true
pull_request_title: "Autosync Crowdin Translations"
pull_request_body: "Autosync the updated translations"

- name: Set Xcode version
uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
with:
xcode-version: ${{ env._XCODE_VERSION || env.DEFAULT_XCODE_VERSION }}

0 comments on commit 4c8c0d3

Please sign in to comment.