[ ci, lint ] Update Super-linter

Author: spcfox

.editorconfig

@@ -3,6 +3,7 @@ root = true
 
 # Defaults for every file
 [*]
+indent_style = space
 end_of_line = lf
 charset = utf-8
 
@@ -13,24 +14,22 @@ max_line_length = 152
 
 # Idris source files
 [*.{idr,ipkg,tex,yaff,lidr}]
-indent_style = space
 indent_size = 2
 
 # Various configuration files
-[{*.yml,.ecrc}]
-indent_style = space
+[*.yml]
+indent_size = 2
+
+[*.json]
 indent_size = 2
 
 [*.{c,h}]
-indent_style = space
 indent_size = 4
 
 [*.{md,rst}]
-indent_style = space
 indent_size = 2
 
 [{*.sh,run,.rename,.convert-run-to-print-tests,tar-pack,*.bat,.patch-*}]
-indent_style = space
 indent_size = 2
 shell_variant = posix
 switch_case_indent = true
@@ -40,12 +39,12 @@ space_redirects = true
 indent_style = tab
 
 [expected]
+indent_style = unset
 trim_trailing_whitespace = false
 max_line_length = off
 
 [.clean-names]
 max_line_length = off
 
 [*.py]
-indent_style = space
 indent_size = 4

.github/workflows/ci-deptycheck.yml

@@ -4,9 +4,9 @@ name: DepTyCheck
 on:
   push:
     branches:
-      - '**'
+      - "**"
     tags:
-      - '**'
+      - "**"
   pull_request:
     branches:
       - main
@@ -15,9 +15,10 @@ on:
   workflow_dispatch:
   schedule:
     # We want to run in the beginning of the day, right after the `pack` collection is built at the end of the previous day.
-    - cron: '0 1 * * *'
+    - cron: "0 1 * * *"
 
-permissions: read-all
+permissions:
+  contents: read
 
 concurrency:
   group: ${{ github.workflow }}@${{ github.ref }}
@@ -61,6 +62,8 @@ jobs:
     container: ghcr.io/stefan-hoeck/idris2-pack:latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
 
       - run: pack update-db
       - name: Switch to appropriate `pack` collection
@@ -82,6 +85,8 @@ jobs:
     container: ghcr.io/stefan-hoeck/idris2-pack:latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
       - name: Restore state of `pack`
         uses: actions/download-artifact@v4
         with:
@@ -115,6 +120,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
       - name: Restore built thirdparties
         uses: actions/download-artifact@v4
         with:
@@ -137,6 +144,8 @@ jobs:
     container: ghcr.io/stefan-hoeck/idris2-pack:latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
       - name: Restore built thirdparties
         uses: actions/download-artifact@v4
         with:
@@ -148,7 +157,7 @@ jobs:
       - run: pack install deptycheck
 
       - name: Tar the `pack` dir
-        run:  .github/tar-pack save-pack "${{ env.pack_dir_file }}"
+        run: .github/tar-pack save-pack "${{ env.pack_dir_file }}"
       - name: Tar built TTC files
         run: find "$(pwd)" -name '*.tt[cm]' | .github/tar-pack save-stdin "${{ env.pack_dir_file }}"
       - name: Save built DepTyCheck
@@ -168,6 +177,8 @@ jobs:
     container: sphinxdoc/sphinx:latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
       - name: Install dependencies
         run: pip3 install -r docs/requirements.txt
       - run: alias sh=bash
@@ -187,6 +198,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
       - name: Get test sets
         id: get-test-sets
         run: |
@@ -213,6 +226,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
       - name: Restore built DepTyCheck
         uses: actions/download-artifact@v4
         with:
@@ -223,7 +238,10 @@ jobs:
       - name: Sleep a random bit
         run: sleep "$(shuf -i 0-10 -n 1)"
 
-      - run: pack test deptycheck "${{matrix.test_set}}"
+      - name: Run tests for ${{ matrix.test_set }}
+        run: pack test deptycheck "${TEST_SET}"
+        env:
+          TEST_SET: ${{ matrix.test_set }}
 
   #################
   # Test examples #
@@ -238,6 +256,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
       - name: Get examples
         id: get-examples
         run: |
@@ -261,8 +281,12 @@ jobs:
       fail-fast: false # all test cases are more or less independent
       matrix:
         example: ${{ fromJSON(needs.get-examples.outputs.examples) }}
+    env:
+      EXAMPLE_NAME: ${{ matrix.example }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
       - name: Restore built DepTyCheck
         uses: actions/download-artifact@v4
         with:
@@ -273,5 +297,7 @@ jobs:
       - name: Sleep a random bit
         run: sleep "$(shuf -i 0-10 -n 1)"
 
-      - run: pack build "${{matrix.example}}"
-      - run: pack test "${{matrix.example}}"
+      - name: Build ${{ matrix.example }}
+        run: pack build "${EXAMPLE_NAME}"
+      - name: Test ${{ matrix.example }}
+        run: pack test "${EXAMPLE_NAME}"

.github/workflows/ci-lame-os.yml

@@ -4,9 +4,9 @@ name: Lame
 on:
   push:
     branches:
-      - '**'
+      - "**"
     tags:
-      - '**'
+      - "**"
   pull_request:
     branches:
       - main
@@ -32,3 +32,5 @@ jobs:
 
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked

.github/workflows/ci-super-linter.yml

@@ -4,9 +4,9 @@ name: Lint
 on:
   push:
     branches:
-      - '**'
+      - "**"
     tags:
-      - '**'
+      - "**"
   pull_request:
     branches:
       - main
@@ -15,7 +15,9 @@ on:
   workflow_dispatch:
 
 permissions:
+  contents: read
   statuses: write
+  pull-requests: write
 
 concurrency:
   group: ${{ github.workflow }}@${{ github.ref }}
@@ -36,10 +38,22 @@ jobs:
           # Full git history is needed to get a proper
           # list of changed files within `super-linter`
           fetch-depth: 0
+          persist-credentials: false # https://docs.zizmor.sh/audits/#artipacked
 
       - name: Lint Code Base
-        uses: super-linter/super-linter/slim@v6
+        uses: super-linter/super-linter/slim@v8
         env:
           DEFAULT_BRANCH: master
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           IGNORE_GENERATED_FILES: true
+          SAVE_SUPER_LINTER_SUMMARY: true # Required for generating linting reports in PR
+
+          VALIDATE_PYTHON_BLACK: false # Avoid conflict: Ruff is preferred
+          VALIDATE_GIT_COMMITLINT: false
+
+          VALIDATE_MARKDOWN_PRETTIER: false # We use markdownlint
+          VALIDATE_YAML_PRETTIER: false # We use yamllint
+
+          # Disable Biome
+          VALIDATE_BIOME_FORMAT: false
+          VALIDATE_BIOME_LINT: false

.linters/.codespellrc

@@ -0,0 +1,5 @@
+[codespell]
+# Skip Idris 2 source files as they contain many names
+# that cause false positives (e.g., `runN`, `IndexIn`, `fromT`)
+skip = *.idr,*/expected
+ignore-words-list = inferrable,ND

.linters/.ecrc .linters/.editorconfig-checker.json.linters/.ecrc renamed to .linters/.editorconfig-checker.json

@@ -1,8 +1,8 @@
 {
-  "ignore": [
-    "**/thirdparty/**",
-    "**/.github/**"
-  ],
-  "noSymlinks": "true",
-  "exitCode": 10
+  "threshold": 1,
+  "noSymlinks": true,
+  "ignore": ["**/tests/**"],
+  "formatsExts": {
+    "haskell": ["idr"]
+  }
 }

.linters/.jscpd.json

@@ -1,5 +1,20 @@
-first-line-h1: false
-blanks-around-fences: false
-MD013:
+---
+headings:
+  style: atx
+ul-style:
+  style: dash
+no-hard-tabs:
+  spaces_per_tab: 2
+first-line-h1:
+  allow_preamble: true
+line-length:
   line_length: 152
   code_block_line_length: 152
+code-block-style:
+  style: fenced
+code-fence-style:
+  style: backtick
+emphasis-style:
+  style: underscore
+strong-style:
+  style: asterisk

.linters/.markdown-lint.yml

@@ -0,0 +1,38 @@
+---
+extends: default
+
+rules:
+  anchors:
+    forbid-undeclared-aliases: true
+    forbid-duplicated-anchors: true
+    forbid-unused-anchors: true
+  braces:
+    forbid: non-empty
+    min-spaces-inside-empty: 0
+    max-spaces-inside-empty: 0
+  brackets:
+    min-spaces-inside: 1
+    max-spaces-inside: 1
+    min-spaces-inside-empty: 0
+    max-spaces-inside-empty: 0
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: disable
+  document-end:
+    present: false
+  empty-lines:
+    max: 1
+  float-values:
+    require-numeral-before-decimal: true
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    spaces: 2
+  line-length:
+    max: 152
+  quoted-strings:
+    quote-type: double
+    required: false
+  trailing-spaces: enable
+  truthy:
+    check-keys: false

.linters/.yaml-lint.yml

@@ -0,0 +1,5 @@
+---
+rules:
+  unpinned-uses:
+    # Allow referencing actions by tags instead of commit SHAs
+    disable: true