File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : Test
2+ on :
3+ push :
4+ pull_request :
5+ schedule : [{ cron: "0 0 10 * *" }] # monthly https://crontab.guru/#0_0_10_*_*
6+ workflow_dispatch :
7+
8+ permissions : {}
9+
10+ jobs :
11+ test :
12+ uses : nodenv/.github/.github/workflows/test.yml@v5
13+ with : {superlinter: false} # TODO renable superlinter
14+ permissions :
15+ contents : read
16+ packages : read
17+ id-token : write
18+ security-events : write
19+ statuses : write
20+
21+ # https://github.com/redhat-plumbers-in-action/differential-shellcheck
22+ shellcheck :
23+ permissions : {contents: read, security-events: write}
24+ runs-on : ubuntu-latest
25+ steps :
26+ - uses : step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
27+ with : { egress-policy: audit }
28+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
29+ with : {fetch-depth: 0}
30+ - uses : redhat-plumbers-in-action/differential-shellcheck@0d9e5b29625f871e6a4215380486d6f1a7cb6cdd # v5.5.5
31+ with :
32+ severity : error # TODO strengthen
33+ token : ${{ secrets.GITHUB_TOKEN }}
34+
35+ checksums :
36+ runs-on : ubuntu-latest
37+ steps :
38+ - uses : step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
39+ with : { egress-policy: audit }
40+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
41+ with : { fetch-depth: 0 }
42+ - run : npm ci
43+
44+ # FIXME workaround https://github.com/actions/checkout/issues/910
45+ - if : github.event_name == 'pull_request'
46+ run : npm run lint:checksums -- origin/${{github.base_ref}}
47+ - run : npm run lint:checksums -- HEAD^
48+ if : github.event_name == 'push'
You can’t perform that action at this time.
0 commit comments